hi, i just did it. thank you for helping once again.
ComboFix 08-07-27.2 - Cermak 2008-07-27 21:26:29.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1609 [GMT 2:00]
Running from: C:\Documents and Settings\Cermak\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
2008-07-26 18:20 . 2008-07-26 18:20 <DIR> d-------- C:\WINDOWS\Sun
2008-07-26 18:19 . 2008-07-26 18:19 <DIR> d-------- C:\Program Files\Sun
2008-07-26 18:18 . 2008-07-26 18:18 <DIR> d-------- C:\Program Files\Java
2008-07-26 18:18 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-26 18:17 . 2008-07-26 18:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 17:53 . 2008-07-26 17:53 <DIR> d-------- C:\Deckard
2008-07-26 17:47 . 2008-07-26 17:47 <DIR> d-------- C:\Documents and Settings\Cermak\Data aplikací\Malwarebytes
2008-07-26 17:47 . 2008-07-26 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-07-26 17:47 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 17:47 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 17:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-26 17:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-26 17:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-26 17:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-26 17:26 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-26 17:26 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-26 17:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-26 17:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-26 17:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-26 17:16 . 2008-07-26 17:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-26 16:09 . 2008-07-26 17:26 4,274 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-26 13:31 . 2008-07-26 13:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-26 13:31 . 2008-07-26 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-07-26 12:39 . 2008-07-26 12:39 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-26 12:39 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-26 12:33 . 2008-07-26 12:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-26 12:11 . 2001-10-25 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-26 12:10 . 2008-07-26 12:10 65,536 ---hs---- C:\Documents and Settings\Cermak\MediaTubeCodec_ver1.1463.0.exe
2008-07-07 20:28 . 2008-07-07 20:28 <DIR> d-------- C:\Documents and Settings\Cermak\Data aplikací\AdobeUM
2008-07-03 07:37 . 2008-07-03 07:37 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-07-03 07:37 . 2008-07-06 20:08 <DIR> d-------- C:\Program Files\Winamp
2008-07-03 07:37 . 2008-07-03 07:41 <DIR> d-------- C:\Documents and Settings\Cermak\Data aplikací\Winamp
2008-07-03 07:37 . 2008-07-03 07:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-06-27 06:42 . 2008-06-27 06:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 06:42 . 2008-06-27 06:42 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:25 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\uTorrent
2008-07-22 17:07 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\Skype
2008-07-22 16:50 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\skypePM
2008-07-17 16:54 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\ICQ
2008-07-17 16:53 --------- d-----w C:\Program Files\ICQ6
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 21:02 --------- d-----w C:\Program Files\Skype
2008-06-18 21:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-18 21:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-06-18 16:24 --------- d-----w C:\Program Files\uTorrent
2008-06-16 16:53 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\ACD Systems
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 16:01 --------- d-----w C:\Program Files\PCDR5
2008-06-14 16:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC-Doctor
2008-06-13 16:05 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\TuneUp Software
2008-06-13 16:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-06-13 15:03 --------- d-----w C:\Program Files\Microcom
2008-06-13 12:50 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
2008-06-13 12:50 --------- d-----w C:\Program Files\QuickTime
2008-06-13 12:49 --------- d-----w C:\Program Files\Ahead
2008-06-13 12:49 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-06-13 12:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-13 12:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 12:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-06-13 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 12:40 --------- d-----w C:\Program Files\CyberLink
2008-06-13 12:39 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 12:39 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-06-13 12:37 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\InstallShield
2008-06-13 12:35 --------- d-----w C:\Documents and Settings\Cermak\Data aplikací\ESET
2008-06-13 12:34 --------- d-----w C:\Program Files\ESET
2008-06-13 12:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-06-13 12:32 --------- d-----w C:\Program Files\ACD Systems
2008-06-13 12:31 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-13 12:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-06-13 12:27 --------- d-----w C:\Program Files\Microsoft Works
2008-06-13 12:25 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-13 12:20 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-13 12:19 --------- d-----w C:\Program Files\Synaptics
2008-06-13 12:18 --------- d-----w C:\Program Files\ATI Technologies
2008-06-13 12:17 0 ---ha-r C:\WINDOWS\system32\drivers\IBM_2373_HTG_TP.MRK
2008-06-13 12:17 --------- d-----w C:\Program Files\Lenovo
2008-06-13 12:02 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-06-13 10:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-13 09:43 --------- d-----w C:\Program Files\NetWaiting
2008-06-13 09:43 --------- d-----w C:\Program Files\Digital Line Detect
2008-06-13 09:43 --------- d-----w C:\Program Files\CONEXANT
2008-06-13 09:42 --------- d-----w C:\Program Files\Intel
2008-06-13 09:38 --------- d-----w C:\Program Files\ThinkPad
2008-06-13 09:36 --------- d-----w C:\Program Files\IBM
2008-06-13 09:33 --------- d-----w C:\Program Files\Analog Devices
2008-06-13 09:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-16 08:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-16 08:36 1,047,552 ----a-w C:\WINDOWS\system32\MFC71u.dll
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"frymxins"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 01:38 110592]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 01:38 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 01:38 396288]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 01:38 208896]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 22:00 856064]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-10-25 09:26 1410304]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-06-13 14:50 98304]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" [2004-06-16 07:55 233472]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-06-13 11:43:58 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhn30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpw28.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-10-25 09:25]
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-10-25 09:27]
R1 Smapint;Smapint;C:\WINDOWS\system32\drivers\Smapint.sys [2006-10-02 01:55]
R1 TDSMAPI;TDSMAPI;C:\WINDOWS\system32\drivers\TDSMAPI.SYS [2006-10-02 01:55]
R1 TPHKDRV;TPHKDRV;C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 14:57]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 01:38]
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-10-25 09:25]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-10-25 09:26]
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-10-25 09:27]
R2 IBMPMSVC;ThinkPad PM Service;C:\WINDOWS\system32\ibmpmsvc.exe [2007-11-02 15:51]
R2 irda;Protokol IrDA;C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 01:00]
R2 Irmon;Sledování infračerveného přenosu;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
R2 RegSrvc;RegSrvc;C:\WINDOWS\system32\RegSrvc.exe [2006-06-16 15:55]
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-06-16 15:50]
R2 SUService;System Update;C:\Program Files\Lenovo\System Update\SUService.exe [2008-05-16 10:52]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service;C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 17:34]
R2 TpKmpSVC;IBM KCU Service;C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 21:26]
R2 TVT Scheduler;TVT Scheduler;C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 10:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 aeaudio;aeaudio;C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 20:53]
R3 BthEnum;Ovladač pro Bluetooth Request Block;C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 23:10]
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 22:58]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth;C:\WINDOWS\system32\Drivers\BTHUSB.sys [2004-08-03 23:10]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 07:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 07:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 07:51]
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-10-25 09:27]
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 17:53]
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 17:52]
R3 IBMPMDRV;IBMPMDRV;C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-11-02 15:50]
R3 NSCIRDA;NSC Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 01:00]
R3 psadd;Lenovo Parties Service Access Device Driver;C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 07:56]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Rasirda;WAN Miniport (IrDA);C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 23:51]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 23:10]
R3 smwdm;smwdm;C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 09:19]
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-05 16:11]
S0 Winhn30;Winhn30;C:\WINDOWS\system32\Drivers\Winhn30.sys []
S0 Winpw28;Winpw28;C:\WINDOWS\system32\Drivers\Winpw28.sys []
S3 BTHPORT;Ovladač portu Bluetooth;C:\WINDOWS\system32\Drivers\BTHport.sys [2008-06-14 20:00]
S3 EhttpSrv;Eset HTTP Server;C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-10-25 09:27]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-26 12:39]
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w70n51.sys [2006-07-13 12:33]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - E:\tu\OneClick.exe [2008-04-16 09:59]
2008-06-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
2008-06-13 C:\WINDOWS\Tasks\BMMTask.job - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-04-20 01:38]
.
.
------- Supplementary Scan -------
.
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-27 21:27:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-07-27 21:28:11
ComboFix-quarantined-files.txt 2008-07-27 19:28:07
Pre-Run: 8,431,710,208
Post-Run: 8,420,802,560
254 --- E O F --- 2008-07-16 22:37:36
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:49, on 27. 7. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\qttask.exe
C:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFD20D2-4E26-4DAC-91FF-7C35EACEED91}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 9482 bytes