Trojan DNSChanger

[Miisa]

Zdravím,
nedávno jsem měla problém s Antivirem 2008, objevoval se jako po-up a pořád se chtěl instalovat a zbavil mě ho prográmek Malwarebyte's Anti malware. Díky této zkušenosti jsem si tento prográmek nechala. Nedávno jsem ho pustila a našel mi Trojan DNSChanger. Dala jsem nalezené položky odtranit, on je odstranil, restartoval počítač, pustila jsem scan znovu, abych se ujistila, že je trojan pryč, jenže on tam byl znovu. Bylo mi divné, že ho nezachytil antivirus (eTrust ITM od Computer Associates, www.ca.com). Pustila jsem ho a on nic nenašel. Pustila jsem anti malware znovu a on trojana znovu našel. Začalo mi to být divné a začala jsem hledat na netu. Postahovala všechny možné antiviry a antispywar hledače (Ad-aware, HiJack This, Norton, Avast, Spyware Doctor, Spyware detector, RegClean, prostě všechno možné) a ani jeden z nich toho trojana nenašel. Našli spousty věcí okolo jako tracking cookies, jeden mi dokonce smazal QIP a tvrdil že je to Zlob.Trojan. Projela jsem to všemi těmihle programy a nakonec znovu atni malwarem a on toho trojana pořád nachází. Tak jsem podle nalezených cest vlezla do registru a klíče smazala ručně, jenže po restartu tam byly znovu. Zkoušela jsem to i v nouzovém režimu, pořád ho to nachází. Asi to bude znít blbě, ale nemůže si anti malware vymýšlet? Toho trojana detekuje jen on a žádný jiný program.

[Reklama]

[jaro3]

Vlož sem log z HJT +MbAM, zítra se podívám.

[Miisa]

Okey, děkuju moc

Malwarebytes' Anti-Malware 1.29
Verze databáze: 1276
Windows 6.0.6001 Service Pack 1

22.11.2008 20:38:49
mbam-log-2008-11-22 (20-38-49).txt

Typ skenu: Rychlý sken
Objektu skenováno: 52017
Uplynulý cas: 4 minute(s), 3 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 13
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0e5a443f-d2c3-4f39-a8e6-0820d3047a02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4412b992-9b42-4202-99fc-3718f69ad5cc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4412b992-9b42-4202-99fc-3718f69ad5cc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0e5a443f-d2c3-4f39-a8e6-0820d3047a02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4412b992-9b42-4202-99fc-3718f69ad5cc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4412b992-9b42-4202-99fc-3718f69ad5cc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0e5a443f-d2c3-4f39-a8e6-0820d3047a02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7f772589-0dcc-4b2a-8d04-b20b597fe1d2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.123;85.255.112.234 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:24, on 22.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\inoweb.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\conime.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Windows\Explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QIP\qip.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.24.6.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: LenovoWelcome.lnk = C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://download.boulder.ibm.com/ibmdl/p ... pirexe.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F772589-0DCC-4B2A-8D04-B20B597FE1D2}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Apache Content Server (ApacheContentServer) - Apache Software Foundation - C:\Program Files\CA\eTrustITM\Apache\Bin\Apache.exe
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM Server Service (InoNmSrv) - CA - C:\Program Files\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access Service (InoWeb) - CA - C:\Program Files\CA\eTrustITM\inoweb.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdztk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18242 bytes

Tak tady jsou, snad to nečemu pomůže.

[jaro3]

Je to Wareout..
Zaznamenej si nastavení připojení k netu , zvláště DNS.
▪ Stáhni Fixwareout z některého z odkazů a ulož ho na plochu:
http://www.upnito.sk/download.php?dwTok ... 1ec85f07dc
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lo ... areout.exe

▪ Restartuj počítač do Nouzového režimu, toto není nutný krok, lze jej spustit i v standardním režimu, je však doporučený .
▪ Spusť Fixwareout, klikni na Next, dále na Install, ujisti se, že je zvolena možnost Run fixit a klikni na Finish
▪ Započne čistící proces, postupuj dle instrukcí
▪ V případě odolnějších variant bude vyžadován restart počítače, restartuj ho
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vlož sem. Jestliže se výpis neobjeví, je možné ho najít v cestě C:\fixwareout\report.txt

[Miisa]

zdravim, zdravim,
tak jsme se pokusili pustit fixwareout, "Unsupported windows version". Jedna se o OS windows vista, 32bit, SP1.

Pustili jsme na to combofix, pocet nalezenych viru sice klesnul, ale porad najde nejmene tri. prikladam log:

ComboFix 08-11-23.02 - Misa 2008-11-24 23:33:19.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1029.18.955 [GMT 1:00]
Spuštěný z: c:\tmp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Misa\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service


((((((((((((((((((((((((( Soubory vytvořené od 2008-10-24 do 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\users\Administrator\AppData\Roaming\CyberLink
2008-11-24 21:48 . 2008-11-24 22:52 <DIR> d----c--- C:\fixwareout
2008-11-24 20:43 . 2008-11-24 20:43 550 --a------ c:\windows\WINCMD.INI
2008-11-24 19:40 . 2008-11-24 23:28 <DIR> d----c--- C:\tmp
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:25 . 2008-11-23 11:25 <DIR> d-------- c:\program files\QuickTime
2008-11-22 20:00 . 2008-11-22 20:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 20:00 . 2008-10-16 20:25 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-22 20:00 . 2008-10-16 20:25 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-22 19:23 . 2008-11-22 19:23 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-22 19:06 . 2008-11-22 19:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 17:36 . 2008-11-23 12:48 63 --a------ c:\windows\system\SysSD.dll
2008-11-22 17:35 . 2008-11-22 18:23 <DIR> d-------- c:\program files\SpywareDetector
2008-11-22 17:35 . 2008-11-12 18:36 1,024,000 --a------ c:\windows\System32\CheckDll.dll
2008-11-22 17:35 . 2008-11-12 17:14 12,752 --a------ c:\windows\System32\SDEarlyDelete.exe
2008-11-22 17:35 . 2008-11-22 17:35 110 --a------ c:\windows\System32\SDEarlyDelete.ini
2008-11-22 17:35 . 2005-02-06 09:02 104 --a------ c:\windows\System32\ProxySettings.ini
2008-11-20 23:45 . 2008-11-20 23:45 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\users\Misa\AppData\Roaming\RegClean
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\program files\RegClean
2008-11-20 15:52 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Norton AntiVirus
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\users\All Users\Symantec
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\programdata\Symantec
2008-11-20 15:49 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\users\All Users\Norton
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\programdata\Norton
2008-11-19 22:40 . 2008-11-19 22:40 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DivX
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\programdata\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:08 <DIR> d-------- c:\program files\Ad-Aware
2008-11-19 22:07 . 2008-11-19 22:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-19 22:07 . 2008-11-19 22:07 23,804,784 --a------ c:\temp\aaw2008.exe
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\ICQ
2008-11-19 21:15 . 2008-11-19 21:15 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2008-11-19 17:45 . 2008-11-19 17:45 <DIR> d-------- c:\windows\HDTV Player
2008-11-19 17:45 . 2008-11-19 17:45 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-17 17:11 . 2008-11-17 17:11 <DIR> d-------- c:\users\Misa\AppData\Roaming\Media Player Classic
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\users\All Users\Real
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-15 22:18 . 2008-11-15 22:18 <DIR> d-------- c:\program files\MovieXplayer
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\users\All Users\Meow Intra Bait Face
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\programdata\Meow Intra Bait Face
2008-11-14 22:27 . 2008-11-14 22:27 <DIR> d-------- c:\users\Public\CyberLink
2008-11-12 09:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 19:43 . 2008-11-22 17:46 <DIR> d-------- c:\program files\QIP
2008-10-29 09:55 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 09:55 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 09:55 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-25 16:59 . 2008-11-17 21:47 <DIR> d-------- c:\users\Misa\AppData\Roaming\dvdcss
2008-10-24 15:54 . 2008-10-24 15:54 <DIR> d-------- c:\program files\Microsoft Works
2008-10-24 15:45 . 2008-10-24 15:45 <DIR> d-------- c:\program files\Microsoft Visual Studio 8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:43 --------- d-----w c:\program files\totalcmd
2008-11-24 16:08 --------- d-----w c:\users\Misa\AppData\Roaming\uTorrent
2008-11-23 10:27 --------- d-----w c:\program files\iTunes
2008-11-23 10:27 --------- d-----w c:\program files\iPod
2008-11-23 10:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 15:17 --------- d---a-w c:\programdata\Temp
2008-11-16 14:11 737,280 ----a-w c:\windows\iun6002.exe
2008-11-15 21:10 --------- d-----w c:\programdata\Tons64iso
2008-11-14 21:25 --------- d-----w c:\programdata\CyberLink
2008-11-14 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 21:24 --------- d-----w c:\program files\Common Files\CyberLink
2008-11-14 21:23 --------- d-----w c:\program files\CyberLink
2008-10-24 15:01 --------- d-----w c:\programdata\Microsoft Help
2008-10-24 14:54 --------- d-----w c:\program files\MSBuild
2008-10-21 16:45 --------- d-----w c:\users\Misa\AppData\Roaming\vlc
2008-10-21 14:34 --------- d-----w c:\program files\VideoLAN
2008-10-21 12:35 --------- d-----w c:\users\Misa\AppData\Roaming\Malwarebytes
2008-10-21 12:35 --------- d-----w c:\programdata\Malwarebytes
2008-10-17 11:59 --------- d-----w c:\program files\Windows Mail
2008-10-15 17:05 --------- d-----w c:\users\Misa\AppData\Roaming\CyberLink
2008-10-15 15:32 --------- d-----w c:\program files\ICQ6
2008-10-15 14:04 188,920 ----a-w c:\windows\system32\drivers\ino_fltr.sys
2008-10-06 11:35 --------- d-----w c:\users\Administrator\AppData\Roaming\Lenovo
2008-10-06 11:34 --------- d-----w c:\users\Administrator\AppData\Roaming\Nero
2008-09-25 10:05 1,732 -c--a-w C:\tvtpktfilter.dat
2008-07-12 12:30 47 ----a-w c:\users\Misa\readme.bat
2008-06-25 11:31 174 --sha-w c:\program files\desktop.ini
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 15:36 32,768 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-07-01 3256320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-07-29 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-07-29 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2008-11-12 1148368]
"SDAutoLiveupdate"="c:\program files\SpywareDetector\LiveUpdateSD.exe" [2008-11-12 1926608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LenovoWelcome.lnk - c:\swtools\LenovoWelcome\LenovoWelcome.cmd [2007-03-21 972]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-01 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 06:17 89600 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-10-14 17:02 462848 c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bait face type axis]
c:\programdata\logo user dash.pwk94 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\does bat]
c:\programdata\shim bind bind.v0mxq9 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2006-12-22 03:56 2614848 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{402097BA-88F3-477E-8176-A5876F740CE7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{C8C6B81F-70CB-496A-A43A-B49F0322D163}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{D18A1ED0-819A-4F50-843E-B409A73E82CE}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{0AD778D2-A02D-4CF0-8E60-2367F9FF61A6}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FF744A26-DFB9-428A-B7B7-FC178F0E1251}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{4807F3BA-6772-471C-894E-ABE5EA1731C8}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{F5E9511D-45A0-4B21-B978-D3AD8C48F873}"= UDP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"{8DAFD8A1-F9A9-40DE-821C-075425ADD3E2}"= TCP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"TCP Query User{A545D7D2-395D-4AE8-8705-FC764BF79E1E}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{1912CDC9-5E0C-4A7B-8234-4B4B735DD811}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{24C9018D-2A7A-4B76-83F2-0640B6028A20}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{0F158B85-DB96-4A86-B004-CDA9E44E3E64}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{FEA9EBE6-6D29-4F8C-A01F-72DD52DB7FEA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{1565A30B-D6ED-4A5B-82FD-F20C87AD1120}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{7E5FE363-54D5-4822-B812-3B2043DA8034}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5C7B208D-67AC-4731-A424-523797096ABA}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{52585BFA-56F9-4B3E-949C-FC2295519CF5}c:\\program files\\ca\\etrustitm\\phonhome.exe"= UDP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"UDP Query User{0BF8A9B0-5192-4025-9D34-A904D5DBE4AA}c:\\program files\\ca\\etrustitm\\phonhome.exe"= TCP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"TCP Query User{F780B81D-E2DE-4A64-B899-78B5109196AF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{AF44D93B-824F-486C-96C5-4D30013AED2D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{0E702BCE-8ED2-46D3-915A-F321CDFE041B}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{DA9B8CDD-7217-47A6-A90F-3C97E5BBA1F8}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EF2DF5C3-B002-4678-A39E-E303F42BA590}c:\\program files\\ca\\etrustitm\\realmon.exe"= UDP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"UDP Query User{E5640EFB-5198-45A5-ADA3-03223382A665}c:\\program files\\ca\\etrustitm\\realmon.exe"= TCP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"{3CA2D3EC-E605-444C-8696-A1A36842C73C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D92CA4-297C-44EC-ADF3-44BCD1BF7B6F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B5CF096B-9695-4467-9EBB-27750FE305A1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{285163F7-7C88-4B53-8DF6-7A087808C947}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9EDCAD99-701F-477C-9EAF-38298BB2C9BC}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{BCC8C58B-A40F-4013-B094-104BC06ACBEF}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{2870B4B0-A97E-498F-92C2-67435CF00642}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{6BE5CF77-7EF1-49F1-A36B-0824D92D1643}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"{B9985A88-11BB-46FC-8691-240697E526B8}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{873DD8FC-6692-4EF8-B191-70D0DBE4175F}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{D1393004-6A8C-4410-BDDB-4099806765D4}"= UDP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{156682F1-B3EF-433F-BAAF-B81940EBFB7E}"= TCP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{91655229-2AAD-4EC2-9280-39AE5184CB9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4778D4A1-8AD6-407C-8276-9216B7DACB07}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C207E2A4-F263-4F20-AC29-B8AB39E16BF9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D2BCF8E8-ACC5-4FBD-A754-7021DFECDDAD}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{9EF59D87-24B7-476D-9F8D-D67AB7861718}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E36BD554-3252-4282-9192-DE73B7D5AEBB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F66EA5F7-1553-4403-AB8B-ADE0EF974CEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CED6B641-D55D-4BEF-8259-2C9187CDDCE3}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7E29B023-0F68-42E9-A127-B8BBCE48B8D0}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{409982DF-0B93-4B15-A4D1-6187804629D4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{62501C18-3058-47E2-AA71-8042925F3242}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E8713A57-A823-48D7-B917-CA680BAA1EE8}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{F6959C81-8FEB-4490-B4D0-2ACAB198E44D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{72506B70-72C5-4F05-A0FB-7B2584300C98}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-09 72192]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwr32v.sys [2007-09-01 12080]
R2 Alert Notification Server;Alert Notification Server;"c:\program files\CA\SharedComponents\Alert\ALERT.EXE" [2007-10-06 198808]
R2 ApacheTomcatApplicationServer;Apache Tomcat Application Server;"c:\program files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe" //RS//ApacheTomcatApplicationServer [2005-09-23 102400]
R2 InoWeb;eTrust ITM Web Access Service;"c:\program files\CA\eTrustITM\inoweb.exe" [2007-01-16 288848]
R2 Power Manager DBC Service;Power Manager DBC Service;"c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE" [2008-09-02 66848]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-07-09 58736]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-01 179712]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S2 ApacheContentServer;Apache Content Server;"c:\program files\CA\eTrustITM\Apache\Bin\Apache.exe" -k runservice [2005-05-31 13824]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-09 569344]
S3 InoNmSrv;eTrust ITM Server Service;"c:\program files\CA\eTrustITM\InoNmSrv.exe" [2007-01-16 284752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-19 29192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52ce6c-75b6-11dc-a5ff-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f85dec9-77b6-11dc-aa11-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6111225-232d-11dd-b8ee-001558cae393}]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eec9e435-756f-11dc-a169-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7232bab-63b8-11dd-b764-001558cae393}]
\shell\AutoRun\command - F:\Setupx.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-11-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe [2008-11-19 12:23]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean [2008-11-22 19:28]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-AntispywareBot - c:\program files\AntispywareBot\AntispywareBot.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe


.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = 172.24.6.1:80
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O16 -: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://download.boulder.ibm.com/ibmdl/p ... pirexe.cab
c:\windows\Downloaded Program Files\AcpIRExe.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 23:53:21
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Ad-Aware\aawservice.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\SpywareDetector\SDService.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\System32\conime.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
.
**************************************************************************
.
Celkový čas: 2008-11-25 0:08:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-24 23:08:34

Před spuštěním: Volných bajtů: 30 960 861 184
Po spuštění: Volných bajtů: 31,207,444,480

363 --- E O F --- 2008-11-13 08:03:38

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system\SysSD.dll
c:\windows\System32\CheckDll.dll
c:\windows\System32\SDEarlyDelete.exe
c:\windows\System32\SDEarlyDelete.ini
c:\windows\System32\drivers\ndisprot.sys
c:\windows\iun6002.exe

Folder::
c:\program files\SpywareDetector
C:\fixwareout

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\temp\aaw2008.exe
c:\programdata\Tons64iso
Vlož sem pak výsledky.

[Miisa]

Prikladam log z combofixu:

ComboFix 08-11-23.02 - Misa 2008-11-25 20:32:33.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1029.18.1263 [GMT 1:00]
Spuštěný z: c:\tmp\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\iun6002.exe
c:\windows\system\SysSD.dll
c:\windows\System32\drivers\ndisprot.sys
c:\windows\System32\CheckDll.dll
c:\windows\System32\SDEarlyDelete.exe
c:\windows\System32\SDEarlyDelete.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\fixwareout
c:\fixwareout\FindT\dumphive.exe
c:\fixwareout\FindT\FixWareOut.reg
c:\fixwareout\FindT\nircmd.exe
c:\fixwareout\FindT\patterns.txt
c:\fixwareout\FindT\rbot.bat
c:\fixwareout\FindT\RestartIt.exe
c:\fixwareout\FindT\runs.vbs
c:\fixwareout\FindT\swreg.exe
c:\fixwareout\FindT\vfind.exe
c:\fixwareout\FindT\XP-2K2.cmd
c:\fixwareout\FixIt.BAT
c:\program files\SpywareDetector
c:\program files\SpywareDetector\ActiveProtection.dll
c:\program files\SpywareDetector\AntiRootKitDLL.dll
c:\program files\SpywareDetector\CloseAll.exe
c:\program files\SpywareDetector\Data\SD1.DB
c:\program files\SpywareDetector\Data\SD11.DB
c:\program files\SpywareDetector\Data\SD12.DB
c:\program files\SpywareDetector\Data\SD13.DB
c:\program files\SpywareDetector\Data\SD14.DB
c:\program files\SpywareDetector\Data\SD15.DB
c:\program files\SpywareDetector\Data\SD16.DB
c:\program files\SpywareDetector\Data\SD18.DB
c:\program files\SpywareDetector\Data\SD19.DB
c:\program files\SpywareDetector\Data\SD2.DB
c:\program files\SpywareDetector\Data\SD20.DB
c:\program files\SpywareDetector\Data\SD21.DB
c:\program files\SpywareDetector\Data\SD22.DB
c:\program files\SpywareDetector\Data\SD23.DB
c:\program files\SpywareDetector\Data\SD24.DB
c:\program files\SpywareDetector\Data\SD25.DB
c:\program files\SpywareDetector\Data\SD26.DB
c:\program files\SpywareDetector\Data\SD27.DB
c:\program files\SpywareDetector\Data\SD28.DB
c:\program files\SpywareDetector\Data\SD29.DB
c:\program files\SpywareDetector\Data\SD3.DB
c:\program files\SpywareDetector\Data\SD31.DB
c:\program files\SpywareDetector\Data\SD4.DB
c:\program files\SpywareDetector\Data\SD5.DB
c:\program files\SpywareDetector\Data\SD6.DB
c:\program files\SpywareDetector\Data\SD7.DB
c:\program files\SpywareDetector\Data\SD8.DB
c:\program files\SpywareDetector\Data\SD9.DB
c:\program files\SpywareDetector\Data\SM1.db
c:\program files\SpywareDetector\Data\SM2.db
c:\program files\SpywareDetector\Data\Worms.ini
c:\program files\SpywareDetector\DisasmEngineDll.dll
c:\program files\SpywareDetector\FileSignature.dll
c:\program files\SpywareDetector\Infolsp.dll
c:\program files\SpywareDetector\KeyLoggerHandler.dll
c:\program files\SpywareDetector\KeyLoggerScanner.dll
c:\program files\SpywareDetector\KeyLoggerScanner.exe
c:\program files\SpywareDetector\LiveUpdateSD.exe
c:\program files\SpywareDetector\Log.htm
c:\program files\SpywareDetector\Log\ExecSDLog.txt
c:\program files\SpywareDetector\Log\Export.txt
c:\program files\SpywareDetector\Log\HeurSDLog.txt
c:\program files\SpywareDetector\Log\MD5SDLog.txt
c:\program files\SpywareDetector\Log\RootKitLog.txt
c:\program files\SpywareDetector\Log\SDLiveupdateLog.txt
c:\program files\SpywareDetector\Log\SDLog.txt
c:\program files\SpywareDetector\Log\VoucherLog.txt
c:\program files\SpywareDetector\News.txt
c:\program files\SpywareDetector\Option.dll
c:\program files\SpywareDetector\SDActiveMonitor.exe
c:\program files\SpywareDetector\SDActiveMonitor.chm
c:\program files\SpywareDetector\SDActMon.sys
c:\program files\SpywareDetector\SDActMon2K.sys
c:\program files\SpywareDetector\SDAntiRtKt.sys
c:\program files\SpywareDetector\SDNotify.dll
c:\program files\SpywareDetector\SDRemoveDB.db
c:\program files\SpywareDetector\SDService.exe
c:\program files\SpywareDetector\SendReport.exe
c:\program files\SpywareDetector\Setting\blockActivex.reg
c:\program files\SpywareDetector\Setting\CurrentSettings.ini
c:\program files\SpywareDetector\Setting\English_Strings.ini
c:\program files\SpywareDetector\Setting\exe.dat
c:\program files\SpywareDetector\Setting\exefile.dat
c:\program files\SpywareDetector\Setting\Export.ini
c:\program files\SpywareDetector\Setting\hostInsert.ini
c:\program files\SpywareDetector\Setting\RootKitWhiteDB.ini
c:\program files\SpywareDetector\Setting\SDWormsToDelete.ini
c:\program files\SpywareDetector\Setting\UnReg.reg
c:\program files\SpywareDetector\Setting\Voucher_English_Strings.ini
c:\program files\SpywareDetector\Setting\vssver.scc
c:\program files\SpywareDetector\Setting\WinsockBkp-Win2K.reg
c:\program files\SpywareDetector\Setting\WinsockBkp-Win98.reg
c:\program files\SpywareDetector\Setting\WinsockBkp-WinME.reg
c:\program files\SpywareDetector\Setting\WinsockBkp-WinVista.reg
c:\program files\SpywareDetector\Setting\WinsockBkp-WinXP.reg
c:\program files\SpywareDetector\Setting\WinsockBkp-WinXPHE.reg
c:\program files\SpywareDetector\Setting\wormcounts.ini
c:\program files\SpywareDetector\SignatureScanner.dll
c:\program files\SpywareDetector\SMTPDll.dll
c:\program files\SpywareDetector\SpecialSpyHandler.dll
c:\program files\SpywareDetector\SpywareDetector.dll
c:\program files\SpywareDetector\SpywareDetector.exe
c:\program files\SpywareDetector\SpywareDetector.chm
c:\program files\SpywareDetector\StartUpTipsDll.dll
c:\program files\SpywareDetector\Tips.txt
c:\program files\SpywareDetector\TrayPopUp.exe
c:\program files\SpywareDetector\unins000.dat
c:\program files\SpywareDetector\unins000.exe
c:\program files\SpywareDetector\VchReg.dll
c:\windows\iun6002.exe
c:\windows\system\SysSD.dll
c:\windows\System32\drivers\ndisprot.sys
c:\windows\System32\CheckDll.dll
c:\windows\System32\SDEarlyDelete.exe
c:\windows\System32\SDEarlyDelete.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\users\Administrator\AppData\Roaming\CyberLink
2008-11-24 20:43 . 2008-11-24 20:43 550 --a------ c:\windows\WINCMD.INI
2008-11-24 19:40 . 2008-11-24 23:28 <DIR> d----c--- C:\tmp
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:25 . 2008-11-23 11:25 <DIR> d-------- c:\program files\QuickTime
2008-11-22 20:00 . 2008-11-22 20:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 20:00 . 2008-10-16 20:25 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-22 20:00 . 2008-10-16 20:25 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-22 19:23 . 2008-11-22 19:23 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-22 19:06 . 2008-11-22 19:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 17:35 . 2005-02-06 09:02 104 --a------ c:\windows\System32\ProxySettings.ini
2008-11-20 23:45 . 2008-11-20 23:45 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\users\Misa\AppData\Roaming\RegClean
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\program files\RegClean
2008-11-20 15:52 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Norton AntiVirus
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\users\All Users\Symantec
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\programdata\Symantec
2008-11-20 15:49 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\users\All Users\Norton
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\programdata\Norton
2008-11-19 22:40 . 2008-11-19 22:40 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DivX
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\programdata\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:08 <DIR> d-------- c:\program files\Ad-Aware
2008-11-19 22:07 . 2008-11-19 22:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-19 22:07 . 2008-11-19 22:07 23,804,784 --a------ c:\temp\aaw2008.exe
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\ICQ
2008-11-19 21:15 . 2008-11-19 21:15 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2008-11-19 17:45 . 2008-11-19 17:45 <DIR> d-------- c:\windows\HDTV Player
2008-11-17 17:11 . 2008-11-17 17:11 <DIR> d-------- c:\users\Misa\AppData\Roaming\Media Player Classic
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\users\All Users\Real
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-15 22:18 . 2008-11-15 22:18 <DIR> d-------- c:\program files\MovieXplayer
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\users\All Users\Meow Intra Bait Face
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\programdata\Meow Intra Bait Face
2008-11-14 22:27 . 2008-11-14 22:27 <DIR> d-------- c:\users\Public\CyberLink
2008-11-12 09:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 19:43 . 2008-11-22 17:46 <DIR> d-------- c:\program files\QIP
2008-10-29 09:55 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 09:55 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 09:55 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-25 16:59 . 2008-11-17 21:47 <DIR> d-------- c:\users\Misa\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:43 --------- d-----w c:\program files\totalcmd
2008-11-24 16:08 --------- d-----w c:\users\Misa\AppData\Roaming\uTorrent
2008-11-23 10:27 --------- d-----w c:\program files\iTunes
2008-11-23 10:27 --------- d-----w c:\program files\iPod
2008-11-23 10:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 15:17 --------- d---a-w c:\programdata\Temp
2008-11-15 21:10 --------- d-----w c:\programdata\Tons64iso
2008-11-14 21:25 --------- d-----w c:\programdata\CyberLink
2008-11-14 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 21:24 --------- d-----w c:\program files\Common Files\CyberLink
2008-11-14 21:23 --------- d-----w c:\program files\CyberLink
2008-11-14 21:22 29,480 ----a-w c:\windows\System32\msxml3a.dll
2008-10-24 15:01 --------- d-----w c:\programdata\Microsoft Help
2008-10-24 14:54 --------- d-----w c:\program files\MSBuild
2008-10-24 14:54 --------- d-----w c:\program files\Microsoft Works
2008-10-24 14:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-21 16:45 --------- d-----w c:\users\Misa\AppData\Roaming\vlc
2008-10-21 14:34 --------- d-----w c:\program files\VideoLAN
2008-10-21 12:35 --------- d-----w c:\users\Misa\AppData\Roaming\Malwarebytes
2008-10-21 12:35 --------- d-----w c:\programdata\Malwarebytes
2008-10-17 11:59 --------- d-----w c:\program files\Windows Mail
2008-10-15 17:05 --------- d-----w c:\users\Misa\AppData\Roaming\CyberLink
2008-10-15 15:32 --------- d-----w c:\program files\ICQ6
2008-10-15 14:04 188,920 ----a-w c:\windows\system32\drivers\ino_fltr.sys
2008-10-06 11:35 --------- d-----w c:\users\Administrator\AppData\Roaming\Lenovo
2008-10-06 11:34 --------- d-----w c:\users\Administrator\AppData\Roaming\Nero
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 10:05 1,732 -c--a-w C:\tvtpktfilter.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\System32\divx.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-07-12 12:30 47 ----a-w c:\users\Misa\readme.bat
2008-06-25 11:31 174 --sha-w c:\program files\desktop.ini
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 15:36 32,768 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-25_ 0.06.27.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-24 22:53:20 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-11-25 19:43:26 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-11-24 22:53:19 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-11-25 19:43:25 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-11-24 22:43:18 558,240 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-25 12:09:06 216,760 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-11-24 22:44:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-25 19:38:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-24 22:44:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-25 19:38:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-24 22:51:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 19:41:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-11-24 22:51:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 19:43:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-24 21:55:12 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-25 19:38:45 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-24 21:55:12 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-25 19:38:45 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-24 21:55:12 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-25 19:38:45 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-24 20:48:54 134,346 ----a-w c:\windows\System32\perfc005.dat
+ 2008-11-25 14:02:13 134,346 ----a-w c:\windows\System32\perfc005.dat
- 2008-11-24 20:48:54 120,236 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-25 14:02:13 120,236 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-24 20:48:54 649,420 ----a-w c:\windows\System32\perfh005.dat
+ 2008-11-25 14:02:13 649,420 ----a-w c:\windows\System32\perfh005.dat
- 2008-11-24 20:48:54 637,410 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-25 14:02:13 637,410 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-24 22:50:22 19,318 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-418189073-3617002416-2996736958-1003_UserData.bin
+ 2008-11-25 19:43:35 19,354 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-418189073-3617002416-2996736958-1003_UserData.bin
- 2008-11-24 22:50:22 93,048 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 19:43:35 93,264 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-23 22:24:19 3,016 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-11-25 12:09:07 4,850 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-24 22:00:49 66,312 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 12:14:42 66,392 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-24 19:08:28 232,242 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-25 12:07:57 233,812 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-07-01 3256320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-07-29 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-07-29 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LenovoWelcome.lnk - c:\swtools\LenovoWelcome\LenovoWelcome.cmd [2007-03-21 972]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-01 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 06:17 89600 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bait face type axis]
c:\programdata\logo user dash.pwk94 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\does bat]
c:\programdata\shim bind bind.v0mxq9 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2006-12-22 03:56 2614848 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{402097BA-88F3-477E-8176-A5876F740CE7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{C8C6B81F-70CB-496A-A43A-B49F0322D163}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{D18A1ED0-819A-4F50-843E-B409A73E82CE}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{0AD778D2-A02D-4CF0-8E60-2367F9FF61A6}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FF744A26-DFB9-428A-B7B7-FC178F0E1251}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{4807F3BA-6772-471C-894E-ABE5EA1731C8}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{F5E9511D-45A0-4B21-B978-D3AD8C48F873}"= UDP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"{8DAFD8A1-F9A9-40DE-821C-075425ADD3E2}"= TCP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"TCP Query User{A545D7D2-395D-4AE8-8705-FC764BF79E1E}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{1912CDC9-5E0C-4A7B-8234-4B4B735DD811}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{24C9018D-2A7A-4B76-83F2-0640B6028A20}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{0F158B85-DB96-4A86-B004-CDA9E44E3E64}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{FEA9EBE6-6D29-4F8C-A01F-72DD52DB7FEA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{1565A30B-D6ED-4A5B-82FD-F20C87AD1120}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{7E5FE363-54D5-4822-B812-3B2043DA8034}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5C7B208D-67AC-4731-A424-523797096ABA}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{52585BFA-56F9-4B3E-949C-FC2295519CF5}c:\\program files\\ca\\etrustitm\\phonhome.exe"= UDP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"UDP Query User{0BF8A9B0-5192-4025-9D34-A904D5DBE4AA}c:\\program files\\ca\\etrustitm\\phonhome.exe"= TCP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"TCP Query User{F780B81D-E2DE-4A64-B899-78B5109196AF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{AF44D93B-824F-486C-96C5-4D30013AED2D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{0E702BCE-8ED2-46D3-915A-F321CDFE041B}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{DA9B8CDD-7217-47A6-A90F-3C97E5BBA1F8}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EF2DF5C3-B002-4678-A39E-E303F42BA590}c:\\program files\\ca\\etrustitm\\realmon.exe"= UDP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"UDP Query User{E5640EFB-5198-45A5-ADA3-03223382A665}c:\\program files\\ca\\etrustitm\\realmon.exe"= TCP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"{3CA2D3EC-E605-444C-8696-A1A36842C73C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D92CA4-297C-44EC-ADF3-44BCD1BF7B6F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B5CF096B-9695-4467-9EBB-27750FE305A1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{285163F7-7C88-4B53-8DF6-7A087808C947}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9EDCAD99-701F-477C-9EAF-38298BB2C9BC}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{BCC8C58B-A40F-4013-B094-104BC06ACBEF}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{2870B4B0-A97E-498F-92C2-67435CF00642}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{6BE5CF77-7EF1-49F1-A36B-0824D92D1643}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"{B9985A88-11BB-46FC-8691-240697E526B8}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{873DD8FC-6692-4EF8-B191-70D0DBE4175F}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{D1393004-6A8C-4410-BDDB-4099806765D4}"= UDP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{156682F1-B3EF-433F-BAAF-B81940EBFB7E}"= TCP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{91655229-2AAD-4EC2-9280-39AE5184CB9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4778D4A1-8AD6-407C-8276-9216B7DACB07}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C207E2A4-F263-4F20-AC29-B8AB39E16BF9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D2BCF8E8-ACC5-4FBD-A754-7021DFECDDAD}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{9EF59D87-24B7-476D-9F8D-D67AB7861718}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E36BD554-3252-4282-9192-DE73B7D5AEBB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F66EA5F7-1553-4403-AB8B-ADE0EF974CEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CED6B641-D55D-4BEF-8259-2C9187CDDCE3}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7E29B023-0F68-42E9-A127-B8BBCE48B8D0}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{409982DF-0B93-4B15-A4D1-6187804629D4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{62501C18-3058-47E2-AA71-8042925F3242}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E8713A57-A823-48D7-B917-CA680BAA1EE8}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{F6959C81-8FEB-4490-B4D0-2ACAB198E44D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{72506B70-72C5-4F05-A0FB-7B2584300C98}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-09 72192]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwr32v.sys [2007-09-01 12080]
R2 Alert Notification Server;Alert Notification Server;"c:\program files\CA\SharedComponents\Alert\ALERT.EXE" [2007-10-06 198808]
R2 ApacheTomcatApplicationServer;Apache Tomcat Application Server;"c:\program files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe" //RS//ApacheTomcatApplicationServer [2005-09-23 102400]
R2 InoWeb;eTrust ITM Web Access Service;"c:\program files\CA\eTrustITM\inoweb.exe" [2007-01-16 288848]
R2 Power Manager DBC Service;Power Manager DBC Service;"c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE" [2008-09-02 66848]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-07-09 58736]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-01 179712]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S2 ApacheContentServer;Apache Content Server;"c:\program files\CA\eTrustITM\Apache\Bin\Apache.exe" -k runservice [2005-05-31 13824]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-09 569344]
S3 InoNmSrv;eTrust ITM Server Service;"c:\program files\CA\eTrustITM\InoNmSrv.exe" [2007-01-16 284752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52ce6c-75b6-11dc-a5ff-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f85dec9-77b6-11dc-aa11-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6111225-232d-11dd-b8ee-001558cae393}]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eec9e435-756f-11dc-a169-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7232bab-63b8-11dd-b764-001558cae393}]
\shell\AutoRun\command - F:\Setupx.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-11-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe [2008-11-19 12:23]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean [2008-11-22 19:28]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SDActiveMonitor - c:\program files\SpywareDetector\SDActiveMonitor.exe
HKLM-Run-SDAutoLiveupdate - c:\program files\SpywareDetector\LiveUpdateSD.exe
Notify-SDNotify - c:\program files\SpywareDetector\SDNotify.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:43:06
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'Explorer.exe'(6016)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\windows\system32\btmmhook.dll
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Ad-Aware\aawservice.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Celkový čas: 2008-11-25 20:48:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-25 19:48:03
ComboFix2.txt 2008-11-24 23:08:42

Před spuštěním: Volných bajtů: 31 981 998 080
Po spuštění: Volných bajtů: 32,079,671,296

505 --- E O F --- 2008-11-13 08:03:38



-----------------------------------------------------------------------------------------------------------------------------------------
A prikladam HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:24, on 22.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\inoweb.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\conime.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Windows\Explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QIP\qip.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.24.6.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: LenovoWelcome.lnk = C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://download.boulder.ibm.com/ibmdl/p ... pirexe.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F772589-0DCC-4B2A-8D04-B20B597FE1D2}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Apache Content Server (ApacheContentServer) - Apache Software Foundation - C:\Program Files\CA\eTrustITM\Apache\Bin\Apache.exe
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM Server Service (InoNmSrv) - CA - C:\Program Files\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access Service (InoWeb) - CA - C:\Program Files\CA\eTrustITM\inoweb.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdztk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18242 bytes

-----------------------------------------------------------------------------------------------------------------------------------------
VirusTotal:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 - - -
AntiVir - - -
Authentium - - W32/Swizzor-based.2!Maximus
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.Swizzor.based
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Swizzor-based.2!Maximus
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - Adware/Lop
PCTools - - -
Prevx1 - - -
Rising - - Trojan.Win32.Swizzor.ul
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - OScope.Trojan.BagsWay.D
ViRobot - - -
VirusBuster - - -

P.S. DnsChanger je stale tam...

[jaro3]

Ten výsledek z VT je z kterého souboru?
Psal jsem dva:
c:\temp\aaw2008.exe
c:\programdata\Tons64iso
můžeš k nim přidat ještě jeden:
C:\tmp
Vlož výsledky-celé.

[Miisa]

aaw2008.exe nelze uploadit, je totiz prilis velky, v adresari Tons64iso jsou dva soubory, pro ne je vysledek z virustotal naprosto stejny.

v adresari tmp jsou programy fixwareout a combofix, tam bych zadnou zradu neocekavala.

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\programdata\Tons64iso


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Miisa]

ComboFix 08-11-26.01 - Misa 2008-11-25 23:05:53.3 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1029.18.1147 [GMT 1:00]
Spuštěný z: c:\tmp\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Tons64iso
c:\programdata\Tons64iso\qzdhmjti.exe
c:\programdata\Tons64iso\SECT IDOL.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-25 20:53 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 20:53 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 20:53 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 20:53 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 20:53 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\users\Administrator\AppData\Roaming\CyberLink
2008-11-24 20:43 . 2008-11-24 20:43 550 --a------ c:\windows\WINCMD.INI
2008-11-24 19:40 . 2008-11-25 23:03 <DIR> d----c--- C:\tmp
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:27 . 2008-11-23 11:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:25 . 2008-11-23 11:25 <DIR> d-------- c:\program files\QuickTime
2008-11-22 20:00 . 2008-11-22 20:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 20:00 . 2008-10-16 20:25 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-22 20:00 . 2008-10-16 20:25 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-22 19:23 . 2008-11-22 19:23 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-22 19:06 . 2008-11-22 19:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 17:35 . 2005-02-06 09:02 104 --a------ c:\windows\System32\ProxySettings.ini
2008-11-20 23:45 . 2008-11-20 23:45 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\users\Misa\AppData\Roaming\RegClean
2008-11-20 22:16 . 2008-11-22 19:28 <DIR> d-------- c:\program files\RegClean
2008-11-20 15:52 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Norton AntiVirus
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\users\All Users\Symantec
2008-11-20 15:49 . 2008-11-20 23:30 <DIR> d-------- c:\programdata\Symantec
2008-11-20 15:49 . 2008-11-20 23:34 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\users\All Users\Norton
2008-11-20 00:21 . 2008-11-20 00:21 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-20 00:21 . 2008-11-20 15:40 <DIR> d-------- c:\programdata\Norton
2008-11-19 22:40 . 2008-11-19 22:40 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DivX
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:10 <DIR> d-------- c:\programdata\Lavasoft
2008-11-19 22:08 . 2008-11-19 22:08 <DIR> d-------- c:\program files\Ad-Aware
2008-11-19 22:07 . 2008-11-19 22:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-19 22:07 . 2008-11-19 22:07 23,804,784 --a------ c:\temp\aaw2008.exe
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\Malwarebytes
2008-11-19 21:16 . 2008-11-19 21:16 <DIR> d-------- c:\users\Administrator\AppData\Roaming\ICQ
2008-11-19 21:15 . 2008-11-19 21:15 <DIR> d-------- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2008-11-19 17:45 . 2008-11-19 17:45 <DIR> d-------- c:\windows\HDTV Player
2008-11-17 17:11 . 2008-11-17 17:11 <DIR> d-------- c:\users\Misa\AppData\Roaming\Media Player Classic
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\users\All Users\Real
2008-11-16 16:07 . 2008-11-16 16:07 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-15 22:18 . 2008-11-15 22:18 <DIR> d-------- c:\program files\MovieXplayer
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\users\All Users\Meow Intra Bait Face
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\programdata\Meow Intra Bait Face
2008-11-14 22:27 . 2008-11-14 22:27 <DIR> d-------- c:\users\Public\CyberLink
2008-11-12 09:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 19:43 . 2008-11-22 17:46 <DIR> d-------- c:\program files\QIP
2008-10-29 09:55 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 09:55 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 09:55 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:43 --------- d-----w c:\program files\totalcmd
2008-11-24 16:08 --------- d-----w c:\users\Misa\AppData\Roaming\uTorrent
2008-11-23 10:27 --------- d-----w c:\program files\iTunes
2008-11-23 10:27 --------- d-----w c:\program files\iPod
2008-11-23 10:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 15:17 --------- d---a-w c:\programdata\Temp
2008-11-17 20:47 --------- d-----w c:\users\Misa\AppData\Roaming\dvdcss
2008-11-14 21:25 --------- d-----w c:\programdata\CyberLink
2008-11-14 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 21:24 --------- d-----w c:\program files\Common Files\CyberLink
2008-11-14 21:23 --------- d-----w c:\program files\CyberLink
2008-10-24 15:01 --------- d-----w c:\programdata\Microsoft Help
2008-10-24 14:54 --------- d-----w c:\program files\MSBuild
2008-10-24 14:54 --------- d-----w c:\program files\Microsoft Works
2008-10-24 14:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-21 16:45 --------- d-----w c:\users\Misa\AppData\Roaming\vlc
2008-10-21 14:34 --------- d-----w c:\program files\VideoLAN
2008-10-21 12:35 --------- d-----w c:\users\Misa\AppData\Roaming\Malwarebytes
2008-10-21 12:35 --------- d-----w c:\programdata\Malwarebytes
2008-10-17 11:59 --------- d-----w c:\program files\Windows Mail
2008-10-15 17:05 --------- d-----w c:\users\Misa\AppData\Roaming\CyberLink
2008-10-15 15:32 --------- d-----w c:\program files\ICQ6
2008-10-15 14:04 188,920 ----a-w c:\windows\system32\drivers\ino_fltr.sys
2008-10-06 11:35 --------- d-----w c:\users\Administrator\AppData\Roaming\Lenovo
2008-10-06 11:34 --------- d-----w c:\users\Administrator\AppData\Roaming\Nero
2008-09-25 10:05 1,732 -c--a-w C:\tvtpktfilter.dat
2008-07-12 12:30 47 ----a-w c:\users\Misa\readme.bat
2008-06-25 11:31 174 --sha-w c:\program files\desktop.ini
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 15:36 32,768 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 15:36 16,384 --sh--w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-11-25_20.46.53.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-25 19:43:26 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-11-25 21:14:12 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-11-25 19:43:25 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-11-25 21:14:12 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-11-25 19:38:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-26 22:12:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-25 19:38:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-26 22:12:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-25 19:41:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 22:13:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 22:13:13 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-25 19:43:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 22:12:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 22:12:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-25 19:38:45 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-25 21:09:05 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-25 19:38:45 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-25 21:09:05 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-25 19:38:45 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-25 21:09:05 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-24 22:33:09 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-25 22:05:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-14 23:19:02 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-11-25 21:07:40 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-11-25 19:43:35 19,354 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-418189073-3617002416-2996736958-1003_UserData.bin
+ 2008-11-25 21:15:08 19,394 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-418189073-3617002416-2996736958-1003_UserData.bin
- 2008-11-25 19:43:35 93,264 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 22:16:35 93,426 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-25 12:14:42 66,392 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 21:14:41 66,392 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-13 08:00:42 148,364,958 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-25 19:53:26 151,024,489 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
+ 2008-10-21 05:06:53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2008-01-19 07:36:07 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-19 07:36:07 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-07-01 3256320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-07-29 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-07-29 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LenovoWelcome.lnk - c:\swtools\LenovoWelcome\LenovoWelcome.cmd [2007-03-21 972]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-01 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 06:17 89600 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bait face type axis]
c:\programdata\logo user dash.pwk94 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\does bat]
c:\programdata\shim bind bind.v0mxq9 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2006-12-22 03:56 2614848 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{402097BA-88F3-477E-8176-A5876F740CE7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{C8C6B81F-70CB-496A-A43A-B49F0322D163}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{D18A1ED0-819A-4F50-843E-B409A73E82CE}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{0AD778D2-A02D-4CF0-8E60-2367F9FF61A6}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FF744A26-DFB9-428A-B7B7-FC178F0E1251}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{4807F3BA-6772-471C-894E-ABE5EA1731C8}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{F5E9511D-45A0-4B21-B978-D3AD8C48F873}"= UDP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"{8DAFD8A1-F9A9-40DE-821C-075425ADD3E2}"= TCP:c:\program files\CA\eTrustITM\Apache\bin\Apache.exe:eTrust ITM - Apache Server
"TCP Query User{A545D7D2-395D-4AE8-8705-FC764BF79E1E}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{1912CDC9-5E0C-4A7B-8234-4B4B735DD811}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{24C9018D-2A7A-4B76-83F2-0640B6028A20}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{0F158B85-DB96-4A86-B004-CDA9E44E3E64}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{FEA9EBE6-6D29-4F8C-A01F-72DD52DB7FEA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{1565A30B-D6ED-4A5B-82FD-F20C87AD1120}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{7E5FE363-54D5-4822-B812-3B2043DA8034}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5C7B208D-67AC-4731-A424-523797096ABA}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{52585BFA-56F9-4B3E-949C-FC2295519CF5}c:\\program files\\ca\\etrustitm\\phonhome.exe"= UDP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"UDP Query User{0BF8A9B0-5192-4025-9D34-A904D5DBE4AA}c:\\program files\\ca\\etrustitm\\phonhome.exe"= TCP:c:\program files\ca\etrustitm\phonhome.exe:phonhome
"TCP Query User{F780B81D-E2DE-4A64-B899-78B5109196AF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{AF44D93B-824F-486C-96C5-4D30013AED2D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{0E702BCE-8ED2-46D3-915A-F321CDFE041B}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{DA9B8CDD-7217-47A6-A90F-3C97E5BBA1F8}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EF2DF5C3-B002-4678-A39E-E303F42BA590}c:\\program files\\ca\\etrustitm\\realmon.exe"= UDP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"UDP Query User{E5640EFB-5198-45A5-ADA3-03223382A665}c:\\program files\\ca\\etrustitm\\realmon.exe"= TCP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"{3CA2D3EC-E605-444C-8696-A1A36842C73C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5D92CA4-297C-44EC-ADF3-44BCD1BF7B6F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B5CF096B-9695-4467-9EBB-27750FE305A1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{285163F7-7C88-4B53-8DF6-7A087808C947}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9EDCAD99-701F-477C-9EAF-38298BB2C9BC}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{BCC8C58B-A40F-4013-B094-104BC06ACBEF}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{2870B4B0-A97E-498F-92C2-67435CF00642}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{6BE5CF77-7EF1-49F1-A36B-0824D92D1643}c:\\users\\misa\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\misa\program files\utorrent\utorrent.exe:utorrent.exe
"{B9985A88-11BB-46FC-8691-240697E526B8}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{873DD8FC-6692-4EF8-B191-70D0DBE4175F}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{D1393004-6A8C-4410-BDDB-4099806765D4}"= UDP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{156682F1-B3EF-433F-BAAF-B81940EBFB7E}"= TCP:c:\users\Misa\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{91655229-2AAD-4EC2-9280-39AE5184CB9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4778D4A1-8AD6-407C-8276-9216B7DACB07}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C207E2A4-F263-4F20-AC29-B8AB39E16BF9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D2BCF8E8-ACC5-4FBD-A754-7021DFECDDAD}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{9EF59D87-24B7-476D-9F8D-D67AB7861718}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E36BD554-3252-4282-9192-DE73B7D5AEBB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F66EA5F7-1553-4403-AB8B-ADE0EF974CEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CED6B641-D55D-4BEF-8259-2C9187CDDCE3}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{7E29B023-0F68-42E9-A127-B8BBCE48B8D0}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{409982DF-0B93-4B15-A4D1-6187804629D4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{62501C18-3058-47E2-AA71-8042925F3242}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{E8713A57-A823-48D7-B917-CA680BAA1EE8}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{F6959C81-8FEB-4490-B4D0-2ACAB198E44D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{72506B70-72C5-4F05-A0FB-7B2584300C98}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-09 72192]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwr32v.sys [2007-09-01 12080]
R2 Alert Notification Server;Alert Notification Server;"c:\program files\CA\SharedComponents\Alert\ALERT.EXE" [2007-10-06 198808]
R2 ApacheTomcatApplicationServer;Apache Tomcat Application Server;"c:\program files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe" //RS//ApacheTomcatApplicationServer [2005-09-23 102400]
R2 InoWeb;eTrust ITM Web Access Service;"c:\program files\CA\eTrustITM\inoweb.exe" [2007-01-16 288848]
R2 Power Manager DBC Service;Power Manager DBC Service;"c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE" [2008-09-02 66848]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-07-09 58736]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-01 179712]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S2 ApacheContentServer;Apache Content Server;"c:\program files\CA\eTrustITM\Apache\Bin\Apache.exe" -k runservice [2005-05-31 13824]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-09 569344]
S3 InoNmSrv;eTrust ITM Server Service;"c:\program files\CA\eTrustITM\InoNmSrv.exe" [2007-01-16 284752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52ce6c-75b6-11dc-a5ff-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f85dec9-77b6-11dc-aa11-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6111225-232d-11dd-b8ee-001558cae393}]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eec9e435-756f-11dc-a169-001558cae393}]
\shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7232bab-63b8-11dd-b764-001558cae393}]
\shell\AutoRun\command - F:\Setupx.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-11-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe [2008-11-19 12:23]

2008-11-20 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean [2008-11-22 19:28]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 23:15:10
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'Explorer.exe'(4908)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\windows\system32\btmmhook.dll
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Ad-Aware\aawservice.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Celkový čas: 2008-11-26 23:23:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-26 22:23:44
ComboFix2.txt 2008-11-25 19:48:23
ComboFix3.txt 2008-11-24 23:08:42

Před spuštěním: Volných bajtů: 31 589 777 408
Po spuštění: Volných bajtů: 31,358,193,664

404 --- E O F --- 2008-11-25 21:04:08
-----------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:24, on 22.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\inoweb.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\conime.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Windows\Explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QIP\qip.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.24.6.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O4 - HKUS\S-1-5-21-418189073-3617002416-2996736958-500\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: LenovoWelcome.lnk = C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://download.boulder.ibm.com/ibmdl/p ... pirexe.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F772589-0DCC-4B2A-8D04-B20B597FE1D2}: NameServer = 85.255.112.123;85.255.112.234
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5A443F-D2C3-4F39-A8E6-0820D3047A02}: NameServer = 85.255.112.123;85.255.112.234
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Apache Content Server (ApacheContentServer) - Apache Software Foundation - C:\Program Files\CA\eTrustITM\Apache\Bin\Apache.exe
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM Server Service (InoNmSrv) - CA - C:\Program Files\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access Service (InoWeb) - CA - C:\Program Files\CA\eTrustITM\inoweb.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdztk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18242 bytes

[jaro3]

Dáváš sem 4 dny starý log z HJT? Tomu teda nerozumím....
Dej sem nový po všech výmazech v CF..