Click.GiftLoad :-(

verko1 · May 13, 2011

Hi,
unfortunately I also found this malware in my PC and cannot get rid of it. Thank u for ur help in advance.

I´ve already backed up the registry.
I´ve only tried to remove it with the help of AdAware and Spybot
Symptoms:
- svchost running crazy using 200 000 kb
- firefox redirects to different sites
- sometimes limited connectivity
- and the last one which happened few minutes ago - I couldnt log in to windows using my password. I had to smile to lenovo Veriface in order to log in.

Here is the the log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 21:37:51,40 on p* 13.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl802fbf1e;MpKsl802fbf1e;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys [2011-5-13 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-13 19:33:03 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-09 18:33:57 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\mpengine.dll
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 21:40:52,78 ===============

Hi,
the problem is getting worse I think. Every day I remove up to 5 Trojans through nod32 online scanner (my MS Security Essentials doesn't detect anything) and 20 malware softs through AdAware.
Despite that Windows doesn't launch properly, Firefox barely moves and redirects continuously. Here is a fresh DDS log. Hopefully u ll help me to get rid of it. Thanx :thanks:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 17:58:13,95 on po 16.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.74 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl16239681;MpKsl16239681;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys [2011-5-16 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-16 12:38:38 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys
2011-05-16 12:38:09 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\mpengine.dll
2011-05-14 17:26:48 -------- d-----w- c:\program files\ESET
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 18:01:41,34 ===============

ken545 · May 18, 2011

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but a bit of a mix up with your posts. You need to reply to this thread only and please do not start any new topics

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

verko1 · May 18, 2011

Hi Ken 545,
Thank you for your time.

GooredFix downloaded, run and log is below (hopefully I did it right because it took only like 3 seconds to produce that log with firefox closed).

Malwarebytes also downloaded, installed, updated but it didnt find anything, log attached.

Quick update about situation here. In the morning, I run Spybot but for the first time it didnt find ANYTHING, also nod32 onlinescanner didnt recognize any Trojans. AdAware though, found usual 20 tracking cookies, like every day. Running all of them was necessary, otherwise my netbook wouldnt even move, since svchost still utilizes lots of RAM and sometimes uses 98 percent of cpu. Firefox still redirects and Windows update doesnt work. Seems like infection got deeper :-/

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:19 on 18/05/2011 (Peto)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:05 10/05/2011]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [09:04 01/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [13:32 23/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [06:23 09/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [20:09 05/11/2010]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [19:27 13/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:36 27/01/2010]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:17 31/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:27 13/05/2011]

-=E.O.F=-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.5.2011 23:31:39
mbam-log-2011-05-18 (23-31-39).txt

Scan type: Quick scan
Objects scanned: 153623
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ken545 · May 18, 2011

How is Firefox behaving now, still redirects ?

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

verko1 · May 19, 2011

Hi again :thanks:,

I visited sites that usually got redirected (wikipedia and youtube) and they seem to run clean and neat

Entire pc (especially when booting and shutting down), as well as Firefox seems faster as before (I might be only paranoid)

Combofix log below:

P.S. I will probably carry out your next advise in the morning since it is after midnight already.

Thank you

ComboFix 11-05-17.03 - Peto 19.05.2011 0:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peto\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-18 do 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 22:19 . 2011-05-18 22:19 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys
2011-05-18 22:19 . 2011-04-18 07:15 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\mpengine.dll
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\Peto\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-05-17 14:04 . 2011-05-17 14:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 18:31 . 2011-05-14 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-05-14 17:26 . 2011-05-14 17:26 -------- d-----w- c:\program files\ESET
2011-05-13 20:08 . 2011-05-13 20:08 -------- d-----w- c:\program files\ERUNT
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Common Files\Java
2011-05-13 19:27 . 2011-05-13 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Java
2011-05-11 11:25 . 2011-05-11 11:25 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16 . 2011-05-02 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-01 16:26 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Thunderbird
2011-05-01 16:26 . 2011-05-01 16:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-04-29 18:50 . 2011-05-02 19:15 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:27 . 2010-04-23 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23 . 2010-10-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 07:15 . 2010-01-28 11:43 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 18:51 . 2011-03-07 18:51 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2011-03-07 18:51 . 2011-03-07 18:51 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 18:51 . 2011-03-07 18:51 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2011-03-07 05:33 . 2008-09-01 10:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-05-10 10:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-19 23:00 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-12-19 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-12-19 23:00 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Peto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Kalkulacky\\DR\\Deutscher Ring Calculator SK.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Peto\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2010 9:46 691696]
R1 MpKsl1165510f;MpKsl1165510f;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys [19.5.2011 0:19 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2011 20:51 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.3.2009 10:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [28.9.2009 3:09 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [28.9.2009 3:09 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [20.12.2009 1:08 9472]
S1 MpKsl16239681;MpKsl16239681;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys [?]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31.1.2010 23:17 88176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.9.2009 3:03 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 9:58 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.9.2009 3:04 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [28.9.2009 3:09 81192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL1165510F
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: autobazar.eu
FF - ProfilePath - c:\documents and settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 00:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????P??????????????????????????????????????????|???x????????????v?|????????x???????????|????????x?|????? Q?????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
Celkový čas: 2011-05-19 00:50:27
ComboFix-quarantined-files.txt 2011-05-18 22:50
.
Před spuštěním: Volných bajtů: 88*919*552*000
Po spuštění: Volných bajtů: 89*112*014*848
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - E6C626229B2E1FFB418DD73586B7C5D2

verko1 · May 19, 2011

Right as I posted the reply a new Firefox window opened with 6 tabs full of advertisement. :sad:

ken545 · May 19, 2011

BisonM07.exe <--What can you tell me about this program, is it something you installed and use ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

verko1 · May 19, 2011

Hi Im back,

BisonM07 - i can only tell you what google says: "one of the most infamous and toughest computer error which is closely tied with BisonM07.exe file. BisonM07.exe file is one of an important Dynamic-link library file playing a crucial role in the Microsoft Windows"
- in other words it is not something I installed, or intend to use. On the other side I am almost sure it has been there since I bought the PC.

Situation update: winupdate not working, computer runs much faster, firefox redirects, after rebooting svchost uses minimum memory, but as I start firefox it starts consuming more, eventually reaching 260 000kb after few hours. And one more thing, I am not sure if it is connected to my problem, but it did not happen before. When I start Firefox, nothing happens - firefox process pops up in task manager using like 8000kb but thats all. I gotta click 2-5 times to really open it and then kill other firefox processes. And it sometimes happens to explorer as well (not internet explorer) on start up of the PC - so i have to kill explorer and start new task in order to start pc.

Now back to logs:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 09:34:30
-----------------------------
09:34:30.578 OS Version: Windows 5.1.2600 Service Pack 3
09:34:30.578 Number of processors: 2 586 0x1C02
09:34:30.578 ComputerName: LENOVO-PV UserName: Peto
09:34:32.437 Initialize success
09:35:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:35:38.296 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
09:35:38.296 Disk 0 MBR read error 0
09:35:38.296 Disk 0 MBR scan
09:35:38.296 Disk 0 unknown MBR code
09:35:38.312 MBR BIOS signature not found 0
09:35:38.312 Disk 0 scanning sectors +312581808
09:35:38.328 Disk 0 scanning C:\WINDOWS\system32\drivers
09:35:44.343 Service scanning
09:35:45.953 Disk 0 trace - called modules:
09:35:45.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865524f0]<<
09:35:45.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f27030]
09:35:45.968 3 CLASSPNP.SYS[f78bdfd7] -> nt!IofCallDriver -> \Device\00000075[0x86eeda28]
09:35:45.984 5 ACPI.sys[f7729620] -> nt!IofCallDriver -> [0x86f28028]
09:35:46.000 \Driver\iaStor[0x86f48290] -> IRP_MJ_CREATE -> 0x865524f0
09:35:46.015 Scan finished successfully
09:36:44.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peto\Plocha\MBR.dat"
09:36:44.593 The log file has been saved successfully to "C:\Documents and Settings\Peto\Plocha\aswMBR.txt"

OTL logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\BisonC07\BisonM07.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (WLTRYSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)

========== Driver Services (SafeList) ==========

DRV - (MpKsl5fef053f) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2F4F7EF3-A454-434F-BB15-71F1D9F1A68C}\MpKsl5fef053f.sys (Microsoft Corporation)
DRV - (Angelnt) -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS (Identcode Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.18 14:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 12:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 11:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.11 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.02 21:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions
[2010.10.09 11:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.12 21:47:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.22 21:19:06 | 000,000,000 | ---D | M] (SlovnĂ*ky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\sk@dictionaries.addons.mozilla.org
[2010.10.09 11:15:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\youtube2mp3@mondayx.de
[2011.05.13 21:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.23 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 08:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 22:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.13 21:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\SK@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2011.05.13 21:27:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.18 14:50:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.13 21:27:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011.05.12 10:09:40 | 000,434,210 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 14947 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..Trusted Domains: autobazar.eu ([]* in Důvěryhodné servery)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264672677421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.01 12:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.19 09:33:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:30:01 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 00:26:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.19 00:22:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.19 00:22:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.19 00:22:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.19 00:22:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.19 00:16:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.18 23:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Data aplikací\Malwarebytes
[2011.05.18 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.18 23:21:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.18 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.18 23:21:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2011.05.18 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\GooredFix Backups
[2011.05.18 23:17:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.17 16:04:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.14 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2011.05.14 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.13 22:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 22:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ERUNT
[2011.05.13 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.05.13 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.13 21:27:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.05.13 19:40:34 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\gmer
[2011.05.13 13:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\intsall_files
[2011.05.13 13:04:24 | 002,074,384 | ---- | C] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:44 | 000,471,688 | ---- | C] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.11 13:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snapshot
[2011.05.10 11:42:45 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.01 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Thunderbird
[2011.04.30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Sun
[2011.04.30 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2011.04.30 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2011.04.29 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.04.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP33-50
[2011.04.20 10:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP16-32
[2011.04.19 19:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP1-15
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.19 09:36:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 09:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:32:36 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.19 09:30:09 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 09:27:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.19 09:22:35 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.05.19 09:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.19 09:22:00 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.19 00:26:54 | 000,000,390 | RHS- | M] () -- C:\boot.ini
[2011.05.19 00:21:24 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.18 23:18:03 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.18 22:27:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 13:14:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.05.18 13:03:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011.05.18 00:28:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.18 00:28:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.17 16:04:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.17 12:15:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.14 09:55:34 | 000,434,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.14 09:55:34 | 000,431,420 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.05.14 09:55:34 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.05.14 09:55:34 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.13 22:10:19 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 21:27:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.13 19:40:45 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:23:36 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:16 | 000,074,006 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:13:45 | 003,402,105 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.13 13:04:29 | 002,074,384 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:57 | 000,471,688 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.12 10:09:40 | 000,434,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.10 14:50:47 | 002,631,789 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.10 12:10:45 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2011.05.10 11:43:05 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.09 07:40:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.02 22:08:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.02 21:43:29 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-100940.backup
[2011.05.01 20:53:00 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:44 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 11:08:16 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110502-214329.backup
[2011.04.25 21:48:12 | 000,117,693 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.19 09:36:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 00:26:49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.19 00:22:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.19 00:22:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.19 00:22:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.19 00:22:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.19 00:22:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:10:19 | 000,003,849 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 19:54:38 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.13 18:23:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:12 | 000,074,006 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:12:34 | 003,402,105 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.10 14:47:13 | 002,631,789 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.09 22:09:34 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2011.05.09 22:09:33 | 000,467,439 | R--- | C] () -- C:\txtsetup.sif
[2011.05.09 22:09:33 | 000,261,328 | R--- | C] () -- C:\old_$LDR$
[2011.05.02 22:20:13 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.01 20:52:57 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:43 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 10:52:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.01 10:52:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.25 21:48:12 | 000,117,693 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[2011.03.07 20:51:15 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2010.10.21 21:07:00 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.10.10 20:10:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 15:18:28 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2010.01.31 21:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.28 16:35:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.28 15:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.27 23:53:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 01:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.12.20 01:00:59 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.12.20 01:00:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.12.20 01:00:57 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.12.20 01:00:57 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.12.20 01:00:57 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.12.20 01:00:57 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.12.20 01:00:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.12.20 01:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.12.20 01:00:56 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.12.20 01:00:56 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.12.20 01:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.12.20 01:00:54 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.12.20 01:00:54 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.12.20 01:00:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.12.20 01:00:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.12.20 01:00:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.12.20 00:58:22 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.09.28 04:03:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.28 03:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.01.16 18:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.09.01 14:07:47 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.01 14:06:25 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.01 12:20:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.01 12:14:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.22 04:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,434,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,431,420 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,708 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,069,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.06 12:16:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\angel32.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.10 09:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 09:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.09.13 20:59:12 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[1999.02.11 15:34:14 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Kernel.dll

< End of report >

verko1 · May 19, 2011

OTL Extras logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe" = C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe:*:Enabled

eutscher Ring Calculator SK -- ()
"C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E369F1-6A92-47B5-86D5-474A7E06B3DC}" = ALFA 17.11.00
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.2 - Czech
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMSLICO projekčný software_is1" = EURO 6
"CsobApp" = WinPonuka
"Deutscher Ring Calculator SK_is1" = Calculator SK 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Lexicon 4.0" = Lingea Lexicon 2002
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSetMan_is1" = NetSetMan 3.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VeriFace III" = VeriFace III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

verko1 · May 19, 2011

Sorry had to put it to attachment, because it did not let me send it - site always said: connection reset

verko1 · May 19, 2011

One more try,

ken545 · May 19, 2011

Lets run this tool , meanwhile I will look over your logs

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

verko1 · May 19, 2011

Done.

It found something - malicious cured, suspected skipped:

2011/05/19 10:38:00.0696 2520 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 10:38:00.0868 2520 ================================================================================
2011/05/19 10:38:00.0868 2520 SystemInfo:
2011/05/19 10:38:00.0868 2520
2011/05/19 10:38:00.0868 2520 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/19 10:38:00.0868 2520 Product type: Workstation
2011/05/19 10:38:00.0868 2520 ComputerName: LENOVO-PV
2011/05/19 10:38:00.0868 2520 UserName: Peto
2011/05/19 10:38:00.0868 2520 Windows directory: C:\WINDOWS
2011/05/19 10:38:00.0868 2520 System windows directory: C:\WINDOWS
2011/05/19 10:38:00.0868 2520 Processor architecture: Intel x86
2011/05/19 10:38:00.0868 2520 Number of processors: 2
2011/05/19 10:38:00.0868 2520 Page size: 0x1000
2011/05/19 10:38:00.0868 2520 Boot type: Normal boot
2011/05/19 10:38:00.0868 2520 ================================================================================
2011/05/19 10:38:02.0337 2520 Initialize success
2011/05/19 10:38:18.0886 3588 ================================================================================
2011/05/19 10:38:18.0886 3588 Scan started
2011/05/19 10:38:18.0886 3588 Mode: Manual;
2011/05/19 10:38:18.0886 3588 ================================================================================
2011/05/19 10:38:19.0261 3588 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/19 10:38:19.0339 3588 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 10:38:19.0370 3588 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/19 10:38:19.0448 3588 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
2011/05/19 10:38:19.0511 3588 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/19 10:38:19.0573 3588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/19 10:38:19.0636 3588 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/19 10:38:19.0683 3588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/19 10:38:19.0745 3588 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/19 10:38:19.0792 3588 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/19 10:38:19.0823 3588 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/19 10:38:19.0870 3588 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/19 10:38:19.0948 3588 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/19 10:38:19.0995 3588 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/19 10:38:20.0089 3588 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/19 10:38:20.0167 3588 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/19 10:38:20.0214 3588 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/19 10:38:20.0277 3588 Angelnt (4a8cb8fea9dcb6f93017f413e2646001) C:\WINDOWS\System32\Drivers\ANGELNT.SYS
2011/05/19 10:38:20.0323 3588 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/19 10:38:20.0355 3588 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/19 10:38:20.0402 3588 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/19 10:38:20.0480 3588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 10:38:20.0558 3588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 10:38:20.0652 3588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 10:38:20.0745 3588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 10:38:20.0855 3588 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/19 10:38:20.0949 3588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 10:38:21.0027 3588 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/19 10:38:21.0105 3588 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/19 10:38:21.0214 3588 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/19 10:38:21.0308 3588 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/19 10:38:21.0355 3588 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/19 10:38:21.0449 3588 Cam5607 (e2944c0354a7e59ee31208639e4142b6) C:\WINDOWS\system32\Drivers\BisonC07.sys
2011/05/19 10:38:21.0683 3588 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/19 10:38:21.0730 3588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 10:38:21.0808 3588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/19 10:38:21.0855 3588 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/19 10:38:21.0902 3588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 10:38:21.0964 3588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 10:38:22.0011 3588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 10:38:22.0121 3588 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/19 10:38:22.0183 3588 CmdIde (964d0f042aca51d5644779eb9d9ee40f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/19 10:38:22.0214 3588 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/19 10:38:22.0292 3588 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/19 10:38:22.0355 3588 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/19 10:38:22.0402 3588 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/19 10:38:22.0449 3588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 10:38:22.0527 3588 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 10:38:22.0605 3588 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 10:38:22.0652 3588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 10:38:22.0730 3588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 10:38:22.0808 3588 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/19 10:38:22.0855 3588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 10:38:22.0996 3588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 10:38:23.0058 3588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/19 10:38:23.0105 3588 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 10:38:23.0136 3588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/19 10:38:23.0183 3588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/19 10:38:23.0230 3588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 10:38:23.0277 3588 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 10:38:23.0339 3588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 10:38:23.0418 3588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/19 10:38:23.0496 3588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 10:38:23.0574 3588 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/19 10:38:23.0636 3588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 10:38:23.0714 3588 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/19 10:38:23.0777 3588 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/19 10:38:23.0840 3588 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/19 10:38:24.0074 3588 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/19 10:38:24.0308 3588 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/19 10:38:24.0402 3588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 10:38:24.0496 3588 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/19 10:38:24.0746 3588 IntcAzAudAddService (3a3a539d7db808fad3b55740474a6d02) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/19 10:38:24.0965 3588 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/19 10:38:25.0012 3588 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/19 10:38:25.0074 3588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/19 10:38:25.0105 3588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 10:38:25.0168 3588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 10:38:25.0215 3588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 10:38:25.0308 3588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 10:38:25.0355 3588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 10:38:25.0449 3588 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 10:38:25.0527 3588 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 10:38:25.0574 3588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 10:38:25.0637 3588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 10:38:25.0808 3588 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/19 10:38:25.0933 3588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 10:38:26.0012 3588 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 10:38:26.0105 3588 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/19 10:38:26.0199 3588 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 10:38:26.0262 3588 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 10:38:26.0340 3588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 10:38:26.0402 3588 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/19 10:38:26.0621 3588 MpKsl5fef053f (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2F4F7EF3-A454-434F-BB15-71F1D9F1A68C}\MpKsl5fef053f.sys
2011/05/19 10:38:26.0746 3588 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/19 10:38:26.0777 3588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 10:38:26.0855 3588 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 10:38:26.0934 3588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 10:38:27.0012 3588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 10:38:27.0059 3588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 10:38:27.0090 3588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 10:38:27.0152 3588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 10:38:27.0199 3588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/19 10:38:27.0231 3588 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 10:38:27.0293 3588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/19 10:38:27.0387 3588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 10:38:27.0434 3588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/19 10:38:27.0496 3588 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 10:38:27.0527 3588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 10:38:27.0559 3588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 10:38:27.0637 3588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 10:38:27.0684 3588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 10:38:27.0746 3588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 10:38:27.0887 3588 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/19 10:38:27.0934 3588 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/19 10:38:27.0965 3588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 10:38:28.0059 3588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 10:38:28.0121 3588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/19 10:38:28.0184 3588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 10:38:28.0231 3588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 10:38:28.0309 3588 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/19 10:38:28.0340 3588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 10:38:28.0403 3588 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 10:38:28.0465 3588 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/19 10:38:28.0496 3588 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 10:38:28.0590 3588 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 10:38:28.0637 3588 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 10:38:28.0887 3588 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/19 10:38:28.0918 3588 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/19 10:38:29.0090 3588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 10:38:29.0137 3588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 10:38:29.0184 3588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 10:38:29.0246 3588 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/19 10:38:29.0293 3588 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/19 10:38:29.0324 3588 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/19 10:38:29.0356 3588 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/19 10:38:29.0403 3588 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/19 10:38:29.0465 3588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 10:38:29.0512 3588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 10:38:29.0559 3588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 10:38:29.0606 3588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 10:38:29.0668 3588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 10:38:29.0731 3588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 10:38:29.0793 3588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/19 10:38:29.0871 3588 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 10:38:29.0950 3588 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 10:38:30.0012 3588 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/19 10:38:30.0106 3588 RSUSBSTOR (4be76679d800f95c26a23ef0d15a31b2) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/05/19 10:38:30.0184 3588 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/19 10:38:30.0293 3588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 10:38:30.0371 3588 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/19 10:38:30.0465 3588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 10:38:30.0606 3588 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/19 10:38:30.0653 3588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/19 10:38:30.0715 3588 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/19 10:38:30.0778 3588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 10:38:30.0887 3588 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/19 10:38:30.0887 3588 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/19 10:38:30.0903 3588 sptd - detected LockedFile.Multi.Generic (1)
2011/05/19 10:38:30.0965 3588 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 10:38:31.0043 3588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 10:38:31.0122 3588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/19 10:38:31.0184 3588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 10:38:31.0231 3588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 10:38:31.0278 3588 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/19 10:38:31.0325 3588 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/19 10:38:31.0372 3588 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/19 10:38:31.0418 3588 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/19 10:38:31.0465 3588 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/19 10:38:31.0528 3588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 10:38:31.0637 3588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 10:38:31.0747 3588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 10:38:31.0778 3588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 10:38:31.0840 3588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 10:38:31.0934 3588 TosIde (fd4fd7d6fda5c019ed86025d7be1510f) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/19 10:38:32.0012 3588 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/19 10:38:32.0090 3588 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
2011/05/19 10:38:32.0122 3588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 10:38:32.0169 3588 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/19 10:38:32.0231 3588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 10:38:32.0309 3588 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/19 10:38:32.0387 3588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/19 10:38:32.0497 3588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 10:38:32.0559 3588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 10:38:32.0653 3588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/19 10:38:32.0715 3588 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/05/19 10:38:32.0762 3588 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 10:38:32.0840 3588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/19 10:38:32.0872 3588 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/19 10:38:32.0934 3588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/19 10:38:32.0997 3588 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/19 10:38:33.0044 3588 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/19 10:38:33.0091 3588 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 10:38:33.0169 3588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 10:38:33.0231 3588 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/19 10:38:33.0341 3588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 10:38:33.0403 3588 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/05/19 10:38:33.0637 3588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/19 10:38:33.0700 3588 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
2011/05/19 10:38:33.0778 3588 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/19 10:38:33.0841 3588 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/19 10:38:33.0981 3588 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/19 10:38:33.0997 3588 ================================================================================
2011/05/19 10:38:33.0997 3588 Scan finished
2011/05/19 10:38:33.0997 3588 ================================================================================
2011/05/19 10:38:34.0028 1796 Detected object count: 2
2011/05/19 10:42:20.0600 1796 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/19 10:42:20.0615 1796 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/19 10:42:20.0615 1796 \HardDisk0 - ok
2011/05/19 10:42:20.0615 1796 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/19 10:42:28.0241 3768 Deinitialize success

ken545 · May 19, 2011

That SPTD may be infected, run aswMBR to scan and post a new log please

verko1 · May 19, 2011

btw, svchost acts normal so far - no high memory usage

Log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 12:42:13
-----------------------------
12:42:13.500 OS Version: Windows 5.1.2600 Service Pack 3
12:42:13.500 Number of processors: 2 586 0x1C02
12:42:13.500 ComputerName: LENOVO-PV UserName: Peto
12:42:14.718 Initialize success
12:42:21.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:42:21.906 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
12:42:21.921 Disk 0 MBR read error 0
12:42:21.921 Disk 0 MBR scan
12:42:21.921 Disk 0 unknown MBR code
12:42:21.921 MBR BIOS signature not found 0
12:42:21.937 Disk 0 scanning sectors +312581808
12:42:21.937 Disk 0 scanning C:\WINDOWS\system32\drivers
12:42:27.921 Service scanning
12:42:29.390 Disk 0 trace - called modules:
12:42:29.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwe.sys >>UNKNOWN [0x86f89938]<<
12:42:29.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f46030]
12:42:29.453 3 CLASSPNP.SYS[f78bdfd7] -> nt!IofCallDriver -> \Device\00000075[0x86ef5320]
12:42:29.453 5 ACPI.sys[f7729620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f3c028]
12:42:29.468 Scan finished successfully
12:42:53.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peto\Plocha\MBR.dat"
12:42:53.453 The log file has been saved successfully to "C:\Documents and Settings\Peto\Plocha\aswMBR1.txt"

ken545 · May 19, 2011

I think your ok so far, but this garbage most times brings friends along for a ride

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

verko1 · May 19, 2011

...hmmm..u re right with that garbage. That is the reason I usually reinstall the whole system when i get infected (once in 2-3 years). But this time I m abroad for few months and I am not equipped for that :-/

Here is the log, and I gotta run to University now... I ll get back in the evening....thank u

ComboFix 11-05-17.03 - Peto 19.05.2011 13:25:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.510 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peto\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-19 do 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 11:21 . 2011-05-19 11:21 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\MpKslac1f77d5.sys
2011-05-19 11:20 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\mpengine.dll
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\Peto\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-05-17 14:04 . 2011-05-17 14:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 18:31 . 2011-05-14 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-05-14 17:26 . 2011-05-14 17:26 -------- d-----w- c:\program files\ESET
2011-05-13 20:08 . 2011-05-13 20:08 -------- d-----w- c:\program files\ERUNT
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Common Files\Java
2011-05-13 19:27 . 2011-05-13 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Java
2011-05-11 11:25 . 2011-05-11 11:25 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16 . 2011-05-02 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-01 16:26 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Thunderbird
2011-05-01 16:26 . 2011-05-01 16:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-04-29 18:50 . 2011-05-02 19:15 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:27 . 2010-04-23 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23 . 2010-10-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 07:15 . 2010-01-28 11:43 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 18:51 . 2011-03-07 18:51 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2011-03-07 18:51 . 2011-03-07 18:51 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 18:51 . 2011-03-07 18:51 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2011-03-07 05:33 . 2008-09-01 10:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-05-10 10:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_22.44.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 08:44 . 2011-05-19 08:44 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-19 23:00 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-12-19 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-12-19 23:00 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Peto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Kalkulacky\\DR\\Deutscher Ring Calculator SK.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Peto\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2010 9:46 691696]
R1 MpKslac1f77d5;MpKslac1f77d5;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\MpKslac1f77d5.sys [19.5.2011 13:21 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2011 20:51 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.3.2009 10:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [28.9.2009 3:09 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [28.9.2009 3:09 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [20.12.2009 1:08 9472]
S1 MpKsl16239681;MpKsl16239681;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys [?]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31.1.2010 23:17 88176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.9.2009 3:03 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 9:58 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.9.2009 3:04 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [28.9.2009 3:09 81192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLAC1F77D5
*Deregistered* - aswMBR
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: autobazar.eu
FF - ProfilePath - c:\documents and settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????P??????????????????????????????????????????|???x????????????v?|????????x???????????|????????x?|????? Q?????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
- - - - - - - > 'explorer.exe'(3748)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IcnOvrly.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2011-05-19 13:39:15
ComboFix-quarantined-files.txt 2011-05-19 11:39
ComboFix2.txt 2011-05-18 22:50
.
Před spuštěním: Volných bajtů: 88*874*430*464
Po spuštění: Volných bajtů: 88*871*260*160
.
- - End Of File - - 690E462CDB7CFC86DCC864B71BFF30BB

ken545 · May 19, 2011

Yep, sometimes with the seriousness of these threats it is a good option to wipe it clean and do a reinstall

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\system32\IcnOvrly.dll<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

verko1 · May 19, 2011

Both sites report no malware. Here is the log from VirusTotal. (I always wonder what the hell u guys see in those logs :-D I see numbers and letter that make absolutely no sense

Anyway the log...

Additional information
MD5 : dcdec498688092defd9f1729f23e472a
SHA1 : db0f893e518938a0427188deeaed3700d169b6d6
SHA256: 87482be07bf850e91b3bd7e084413250be99b200bbb2c335ee749ca929bd6fdc
ssdeep: 1536:EStVZrmaJfNBWSWjdgtd5bd18ffx9YZGldeNSHyHCcSWuBePo3puFlkrVrNT3lXp:rtVhx
SSWjdgeL0Po3polQVrNT3lXnp
File size : 241752 bytes
First seen: 2009-04-09 17:53:27
Last seen : 2011-05-19 18:41:15
TrID:
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2FC0
timedatestamp....: 0x4613A78B (Wed Apr 04 13:26:35 2007)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2B330, 0x2C000, 4.08, 46b8d358ea0ed773f17ab4fde76b01c2
.rdata, 0x2D000, 0x3606, 0x4000, 4.34, db82d5a543df4a5e32c0fd310324d743
.data, 0x31000, 0x416C, 0x3000, 1.83, 0dfaf030cb7405c146d1a5951b2577d6
.idata, 0x36000, 0xD79, 0x1000, 3.81, 9d9e1f93d86efd017ae273fcee7ed8e6
.rsrc, 0x37000, 0x3359, 0x4000, 1.98, c7dfe5a81ee0eccf6eebbebd9813fe66
.reloc, 0x3B000, 0x17B6, 0x2000, 4.97, f17d5067d5af88d0e49e5c5b1408d1fc

[[ 5 import(s) ]]
KERNEL32.dll: MultiByteToWideChar, lstrlenW, CompareStringW, CompareStringA, WideCharToMultiByte, lstrlenA, GetVersionExA, lstrcpynA, IsBadWritePtr, GetModuleFileNameA, lstrcmpiA, GetLocaleInfoW, GetTimeZoneInformation, CloseHandle, GetUserDefaultLCID, EnumSystemLocalesA, RtlUnwind, GetCommandLineA, GetVersion, IsBadReadPtr, HeapValidate, DebugBreak, GetStdHandle, WriteFile, InterlockedDecrement, OutputDebugStringA, GetProcAddress, LoadLibraryA, InterlockedIncrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, FatalAppExitA, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, GetCurrentThread, TerminateProcess, GetCurrentProcess, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, HeapFree, VirtualFree, HeapAlloc, HeapReAlloc, VirtualAlloc, SetConsoleCtrlHandler, SetUnhandledExceptionFilter, IsBadCodePtr, UnhandledExceptionFilter, GetCPInfo, GetACP, GetOEMCP, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetFilePointer, SetStdHandle, Sleep, FlushFileBuffers, IsValidLocale, IsValidCodePage, GetLocaleInfoA, SetEnvironmentVariableA
USER32.dll: wsprintfA
ADVAPI32.dll: RegDeleteKeyA, RegOpenKeyExA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegEnumKeyExA
ole32.dll: CoGetMalloc, StringFromIID
SHLWAPI.dll: PathFindExtensionA

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CodeSize: 180224
EntryPoint: 0x2fc0
FileSize: 236 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 65536
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2007:04:04 15:26:35+02:00
UninitializedDataSize: 0

ken545 · May 19, 2011

Well, I was pretty sure the file was related to Lenovo but just wanted to make sure.

How are things running now, any redirects or unwanted pop up windows ?

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

Click.GiftLoad :-(

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert