Having troubles with trojans - please help!

yogibeer

yogibeer

New Member
Hello to everybody, I am new to the forum. Could someone help me to solve my problems with my laptop? I am using AVG freeware 8.5 as my antivirus and from time to time I use to run additional scans using Superantispyware, Adaware or Spybot S&D. Couple of days ago, AVG resident shield detected couple of viruses and quarantined them. After that, the computer speed decreased significantly, so I scanned the computer with AVG and found nothing. I couldn´t even start the operating system in safe mode. The scan in Superantispyware detected and quarantined couple of itmes and from that point the computer speed returned almost to normal and the safe mode became accessible again. However, few times a day my AVG resident shield detects a virus and quarantines it. It looks like the primary problem was not completely solved. Could you please help me?

Here are the logs from AVG resident shield, AVG and Superantispyware scans and a HiJackThis log.

AVG Resident Shield detection
"Infection" "Object" "Result" "Detection time" "Object Type" "Process"
"Trojan horse Generic16.AGYX" "C:\System Volume Information\_restore{FB03446A-C652-43E2-A8EA-F1A49232F318}\RP734\A0061727.exe" "Moved to Virus Vault" "23.1.2010, 11:44:04" "file" "C:\WINDOWS\system32\svchost.exe"
"Trojan horse SHeur2.CHAL" "C:\System Volume Information\_restore{FB03446A-C652-43E2-A8EA-F1A49232F318}\RP734\A0059638.exe" "Moved to Virus Vault" "23.1.2010, 10:26:34" "file" "C:\WINDOWS\system32\svchost.exe"
"Trojan horse Generic16.AHIC" "C:\System Volume Information\_restore{FB03446A-C652-43E2-A8EA-F1A49232F318}\RP734\A0059637.exe" "Moved to Virus Vault" "21.1.2010, 21:57:49" "file" "C:\WINDOWS\system32\svchost.exe"
"Trojan horse Generic16.AHTI" "C:\System Volume Information\_restore{FB03446A-C652-43E2-A8EA-F1A49232F318}\RP734\A0059636.exe" "Moved to Virus Vault" "21.1.2010, 19:25:13" "file" "C:\WINDOWS\system32\svchost.exe"
"Trojan horse Generic16.AGYX" "C:\System Volume Information\_restore{FB03446A-C652-43E2-A8EA-F1A49232F318}\RP733\A0059460.exe" "Moved to Virus Vault" "21.1.2010, 7:04:18" "file" "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"Trojan horse Generic16.AGYX" "C:\WINDOWS\system32\logon.exe" "Moved to Virus Vault" "21.1.2010, 6:39:45" "file" "C:\WINDOWS\system32\svchost.exe"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "21.1.2010, 6:07:00" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\aec.sys" "Infected" "21.1.2010, 6:06:57" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Infected" "21.1.2010, 6:06:47" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "20.1.2010, 19:35:50" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Infected" "20.1.2010, 19:35:41" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "20.1.2010, 18:39:05" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ADIHdAud.sys" "Infected" "20.1.2010, 18:38:49" "file" "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Infected" "20.1.2010, 18:38:45" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "20.1.2010, 17:38:28" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\aec.sys" "Infected" "20.1.2010, 17:38:25" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ADIHdAud.sys" "Infected" "20.1.2010, 17:38:06" "file" "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Infected" "20.1.2010, 17:38:03" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "20.1.2010, 6:30:57" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Moved to Virus Vault" "20.1.2010, 6:30:51" "file" "System"
"Trojan horse Downloader.Generic9.AIKS" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\0_11adwara.exe" "Moved to Virus Vault" "20.1.2010, 6:08:54" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Trojan horse Generic16.AGED" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\1263727019.exe" "Moved to Virus Vault" "20.1.2010, 6:08:41" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Trojan horse SHeur2.CGUB" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\5_odbn0.exe" "Moved to Virus Vault" "20.1.2010, 6:08:39" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Trojan horse Crypt.MGN" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\codec_02955.exe" "Moved to Virus Vault" "19.1.2010, 22:07:29" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\atmarpc.sys" "Object is white-listed (critical/system file that should not be removed)" "19.1.2010, 22:07:28" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\aec.sys" "Moved to Virus Vault" "19.1.2010, 22:07:26" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Moved to Virus Vault" "19.1.2010, 22:07:26" "file" "System"
"Trojan horse Generic16.AFOQ" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\teste1_p.exe" "Moved to Virus Vault" "19.1.2010, 22:07:24" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "19.1.2010, 22:05:36" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Deleted" "19.1.2010, 22:05:25" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\asyncmac.sys" "Object is white-listed (critical/system file that should not be removed)" "19.1.2010, 16:59:30" "file" "System"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\aec.sys" "Deleted" "19.1.2010, 16:59:23" "file" "System"
"Trojan horse SHeur2.CGUB" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\5_odbn0.exe" "Moved to Virus Vault" "19.1.2010, 16:59:21" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Virus identified Worm/Generic.AQVG" "C:\WINDOWS\system32\drivers\ac97intc.sys" "Deleted" "19.1.2010, 16:59:18" "file" "System"
"Trojan horse Crypt.MGN" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\codec_02955.exe" "Moved to Virus Vault" "19.1.2010, 16:59:16" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"
"Trojan horse Generic16.AFOQ" "C:\Documents and Settings\Jana Hřebačková\Local Settings\Temp\teste1_p.exe" "Moved to Virus Vault" "19.1.2010, 16:59:08" "file" "C:\DOCUME~1\JANAHE~1\LOCALS~1\Temp\n.exn"

AVG scan:
"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"19. ledna 2010, 17:10:24"
"Scan finished:";"19. ledna 2010, 21:50:01 (4 hour(s) 39 minute(s) 36 second(s))"
"Total object scanned:";"500430"
"User who launched the scan:";"Jana Hřebačková"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.58ebd3f2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.5b27bfb9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Cookies\jana_hřebačková@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite";"Found Tracking cookie.Tacoda";"Healed"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\ad2.billboard.cz.e137d546";"Found Tracking cookie.Billboard";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\revsci.net.a5a8b88c";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2010 at 06:34 PM

Application Version : 4.33.1000

Core Rules Database Version : 4496
Trace Rules Database Version: 2310

Scan type : Complete Scan
Total Scan Time : 00:44:39

Memory items scanned : 638
Memory threats detected : 4
Registry items scanned : 5939
Registry threats detected : 7
File items scanned : 23480
File threats detected : 17

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\CSRCS.EXE
C:\WINDOWS\SYSTEM32\CSRCS.EXE
[csrcs] C:\WINDOWS\SYSTEM32\CSRCS.EXE
[csrcs] C:\WINDOWS\SYSTEM32\CSRCS.EXE
C:\WINDOWS\Prefetch\CSRCS.EXE-17976F63.pf

Trojan.CTFMon-Fake
C:\WINDOWS\CTFMON.EXE
C:\WINDOWS\CTFMON.EXE
[ctfmon] C:\WINDOWS\CTFMON.EXE
C:\WINDOWS\Prefetch\CTFMON.EXE-1AFEF9C4.pf

Rogue.Unclassified/Mutli-Installer
C:\WINDOWS\SVW.EXE
C:\WINDOWS\SVW.EXE
[netw] C:\WINDOWS\SVW.EXE
C:\WINDOWS\Prefetch\SVW.EXE-295219E6.pf

Trojan.Dropper/Win-NV
C:\WINDOWS\ODBN0.EXE
C:\WINDOWS\ODBN0.EXE
[odbny0] C:\WINDOWS\ODBN0.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#netw [ C:\WINDOWS\svw.exe ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#netc [ C:\WINDOWS\svc.exe ]
C:\WINDOWS\SYSTEM32\SDRA64.EXE
C:\WINDOWS\Prefetch\ODBN0.EXE-25347B6F.pf
C:\WINDOWS\Prefetch\SDRA64.EXE-22920778.pf

Trojan.Agent/Gen
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:18, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
G:\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [servicelayer] C:\WINDOWS\servicelayer.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4101788123-3832799543-219063229-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk.disabled
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk.disabled
O4 - Startup: Samsung Auto Backup Scheduler.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Data aplikací\Macromedia\SwUpdate\swupdate.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8de6c98017248) (gupdate1c8de6c98017248) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 15953 bytes
 
if you please

You can go here and get Malwarebytes. Please download, update, run it, and then post the results here.

Get it here:

http://www.computerforum.com/131398-important-please-read-before-posting.html

I already saw a few things in your HJT log. for one your copy of AVG Free is out of date. AVG 9.0 is out now, you can get it here.

As a side thought, i have noticed that many people are not emptying their virus vault with AVG. As a result the vault is filled to capacity and cant quarantine any more. Check the vault under "computer scanner" in AVG. There should be a button at the bottom to click and the vault will load. If its full you may want to empty the virus vault that way your A/V can work again.

Also you are on Windows XP SP2, the SP3 update is available from Microsoft, if you want.


I would use HJT to fix these items:

R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)

Let a Mod check me on my suggestion of them, however I'm pretty sure I'm right.
 
Last edited:
Done

OK, I updated my AVG to 9.0, installed Malwarebytes and scanned the system and fixed the three items with HiJackThis as you suggested. Here is the Malwarebytes log file plus a fresh HiJackThis log:

Malwarebytes' Anti-Malware 1.44
Database version: 3625
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

24.1.2010 17:32:24
mbam-log-2010-01-24 (17-32-24).txt

Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 239342
Time elapsed: 1 hour(s), 14 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\All Users\Data aplikací\Macromedia\SwUpdate\swupdate.dll (Trojan.Chksyn) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{009541a0-3b00-1f1c-00f3-040224001c01} (Trojan.Chksyn) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\swupdate (Trojan.Chksyn) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicelayer (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Data aplikací\Macromedia\SwUpdate\swupdate.dll (Trojan.Chksyn) -> Delete on reboot.
C:\Documents and Settings\Jana Hřebačková\Data aplikací\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\alg.exe (Trojan.Chksyn) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TWPX2S3C\blank[1].exe (Trojan.Chksyn) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:26, on 24.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4101788123-3832799543-219063229-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk.disabled
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk.disabled
O4 - Startup: Samsung Auto Backup Scheduler.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8de6c98017248) (gupdate1c8de6c98017248) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 15593 bytes
 
on to

There was only one more thing that I could see.

O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)

HJT can fix it as well.

Is your computer running any better, or does more need to be done?
 
Let's go one more step and run combofix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Done

Using HJ I fixed the problem mentioned by gamblingman. I am not sure if there was an improvement in computer behavior, it still took too much time to start up and it looked like something was still wrong.
After that, I downloaded Combofix and scanned the computer. I´m posting its log plus a fresh HJ log.
The computer stiil starts up at unchanged rate. But at least a few things improved as I can access my flashdrive without the need to right-click and choosing "explore" (that I had to do before that). Plus the fan speed seems to be not on the maximum all the time...
 
Combofix log part1

ComboFix 10-01-24.01 - Jana Hřebačková 24.01.2010 23:59:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.476 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jana Hřebačková\Plocha\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\desktop.ini
c:\documents and settings\LocalService\ntuser.ini
c:\documents and settings\NetworkService\Local Settings\desktop.ini
c:\documents and settings\NetworkService\ntuser.ini
c:\windows\Temp\tmp3.tmp
.
---- Předchozí spuštění -------
.
c:\documents and settings\Administrator\Dokumenty\desktop.ini
c:\documents and settings\Administrator\Dokumenty\Hudba\Desktop.ini
c:\documents and settings\Administrator\Dokumenty\Hudba\Ukázky hudby.lnk
c:\documents and settings\Administrator\Local Settings\desktop.ini
c:\documents and settings\Administrator\ntuser.ini
c:\documents and settings\All Users\Data aplikací\Macromedia\SwUpdate\B32.dtd
c:\documents and settings\All Users\Data aplikací\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Data aplikací\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Data aplikací\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Data aplikací\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\All Users\Dokumenty\desktop.ini
c:\documents and settings\All Users\Dokumenty\Filmy\Desktop.ini
c:\documents and settings\All Users\Dokumenty\Hudba\Desktop.ini
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- 4 and 5 star rated.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- Have not heard recently.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- Listen to late at night.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- Listen to on Weekdays.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- Listen to on Weekends.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- One Audio CD worth.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Favorites -- One Data CD-R worth.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Fresh tracks -- yet to be played.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Fresh tracks -- yet to be rated.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Fresh tracks.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\High bitrate media in my library.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Low bitrate media in my library.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Music tracks I dislike.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Music tracks I have not rated.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\000A45F1\Music tracks with content protection.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sample Playlists\desktop.ini
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\01_Music_auto_rated_at_5_stars.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\02_Music_added_in_the_last_month.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\03_Music_rated_at_4_or_5_stars.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\04_Music_played_in_the_last_month.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\05_Pictures_taken_in_the_last_month.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\06_Pictures_rated_4_or_5_stars.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\07_TV_recorded_in_the_last_week.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\08_Video_rated_at_4_or_5_stars.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\09_Music_played_the_most.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\10_All_Music.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\11_All_Pictures.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\0003B6CE\12_All_Video.wpl
c:\documents and settings\All Users\Dokumenty\Hudba\Sync Playlists\desktop.ini
c:\documents and settings\All Users\Dokumenty\Hudba\Ukázky hudby\Beethovenova symfonie č. 9 (Scherzo).wma
c:\documents and settings\All Users\Dokumenty\Hudba\Ukázky hudby\desktop.ini
c:\documents and settings\All Users\Dokumenty\Hudba\Ukázky hudby\Nové příběhy (Highway Blues).wma
c:\documents and settings\All Users\DRM\migration.log
c:\documents and settings\All Users\Plocha\Lenovo License Agreement.lnk
c:\documents and settings\All Users\Plocha\RasWin.lnk
c:\documents and settings\Default User\Data aplikací\desktop.ini
c:\documents and settings\Default User\Data aplikací\Microsoft\CLR Security Config\v1.1.4322\security.config
c:\documents and settings\Default User\Data aplikací\Microsoft\CLR Security Config\v1.1.4322\security.config.cch
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\brndlog.bak
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\brndlog.txt
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\Quick Launch\desktop.ini
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk
c:\documents and settings\Default User\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Zobrazit plochu.scf
c:\documents and settings\Default User\Data aplikací\Microsoft\Protect\CREDHIST
c:\documents and settings\Default User\Data aplikací\Microsoft\Protect\S-1-5-21-2889950374-3272516103-1770818076-500\7fa69c46-629c-4f0b-a21e-7843417e0f44
c:\documents and settings\Default User\Data aplikací\Microsoft\Protect\S-1-5-21-2889950374-3272516103-1770818076-500\Preferred
c:\documents and settings\Default User\Data aplikací\Microsoft\Protect\S-1-5-21-3987532438-822315916-2908630276-500\ec67ed39-0db4-4589-b3a4-58a9a7f3f8b1
c:\documents and settings\Default User\Data aplikací\Microsoft\Protect\S-1-5-21-3987532438-822315916-2908630276-500\Preferred
c:\documents and settings\Default User\Data aplikací\Symantec\Shared\Options.VcPref
c:\documents and settings\Default User\Dokumenty\desktop.ini
c:\documents and settings\Default User\Dokumenty\Hudba\Desktop.ini
c:\documents and settings\Default User\Dokumenty\Hudba\Ukázky hudby.lnk
c:\documents and settings\Default User\Dokumenty\Obrázky\Desktop.ini
c:\documents and settings\Default User\Dokumenty\Obrázky\Ukázky obrázků.lnk
c:\documents and settings\Default User\Nabídka Start\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\Internet Explorer.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Outlook Express.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Adresář.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Příkazový řádek.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Poznámkový blok.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Průvodce ověřením kompatibility programu.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Průzkumník Windows.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Prohlídka systému Windows XP.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Synchronizovat.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Usnadnění\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Usnadnění\Klávesnice na obrazovce.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Usnadnění\Lupa.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Usnadnění\Správce nástrojů.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Zábava\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\Příslušenství\Zábava\Windows Media Player.lnk
c:\documents and settings\Default User\Nabídka Start\Programy\Po spuštění\desktop.ini
c:\documents and settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
c:\documents and settings\Default User\ntuser.ini
c:\documents and settings\Default User\Šablony\amipro.sam
c:\documents and settings\Default User\Šablony\excel.xls
c:\documents and settings\Default User\Šablony\excel4.xls
c:\documents and settings\Default User\Šablony\lotus.wk4
c:\documents and settings\Default User\Šablony\powerpnt.ppt
c:\documents and settings\Default User\Šablony\presenta.shw
c:\documents and settings\Default User\Šablony\quattro.wb2
c:\documents and settings\Default User\Šablony\sndrec.wav
c:\documents and settings\Default User\Šablony\winword.doc
c:\documents and settings\Default User\Šablony\winword2.doc
c:\documents and settings\Default User\Šablony\wordpfct.wpd
c:\documents and settings\Default User\Šablony\wordpfct.wpg
c:\documents and settings\Default User\Oblíbené položky\Desktop.ini
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\Home.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\News.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\Product Registration.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\Products.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\Services, Software, and Accessories.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\Support and Downloads.url
c:\documents and settings\Default User\Oblíbené položky\Lenovo Recommended Sites\ThinkVantage Technologies.url
c:\documents and settings\Default User\Oblíbené položky\MSN.url
c:\documents and settings\Default User\Oblíbené položky\Odkazy\Hotmail.url
c:\documents and settings\Default User\Oblíbené položky\Odkazy\Vlastní odkazy.url
c:\documents and settings\Default User\Oblíbené položky\Odkazy\Windows Media.url
c:\documents and settings\Default User\Oblíbené položky\Odkazy\Windows.url
c:\documents and settings\Default User\Oblíbené položky\Průvodce rozhlasovými stanicemi.url
c:\documents and settings\Jana Hřebačková\Data aplikací\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\LocalService\IETldCache\index.dat
c:\documents and settings\LocalService\Local Settings\desktop.ini
c:\documents and settings\LocalService\ntuser.ini
c:\documents and settings\NetworkService\IETldCache\index.dat
c:\documents and settings\NetworkService\Local Settings\desktop.ini
c:\documents and settings\NetworkService\ntuser.ini
C:\LOG.TXT
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\Dokumenty\desktop.ini
c:\windows\system32\config\systemprofile\Dokumenty\Hudba\Desktop.ini
c:\windows\system32\config\systemprofile\Dokumenty\Hudba\Ukázky hudby.lnk
c:\windows\system32\config\systemprofile\Dokumenty\Obrázky\Desktop.ini
c:\windows\system32\config\systemprofile\Dokumenty\Obrázky\Ukázky obrázků.lnk
c:\windows\system32\config\systemprofile\IETldCache\index.dat
c:\windows\system32\config\systemprofile\Local Settings\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Internet Explorer.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Outlook Express.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Adresář.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Příkazový řádek.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Poznámkový blok.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Průvodce ověřením kompatibility programu.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Průzkumník Windows.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Prohlídka systému Windows XP.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Synchronizovat.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Usnadnění\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Usnadnění\Klávesnice na obrazovce.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Usnadnění\Lupa.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Usnadnění\Správce nástrojů.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Zábava\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Příslušenství\Zábava\Windows Media Player.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\desktop.ini
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Vzdálená pomoc.lnk
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Windows Media Player.lnk
c:\windows\system32\config\systemprofile\Šablony\amipro.sam
c:\windows\system32\config\systemprofile\Šablony\excel.xls
c:\windows\system32\config\systemprofile\Šablony\excel4.xls
c:\windows\system32\config\systemprofile\Šablony\lotus.wk4
c:\windows\system32\config\systemprofile\Šablony\powerpnt.ppt
c:\windows\system32\config\systemprofile\Šablony\presenta.shw
c:\windows\system32\config\systemprofile\Šablony\quattro.wb2
c:\windows\system32\config\systemprofile\Šablony\sndrec.wav
c:\windows\system32\config\systemprofile\Šablony\winword.doc
c:\windows\system32\config\systemprofile\Šablony\winword2.doc
c:\windows\system32\config\systemprofile\Šablony\wordpfct.wpd
c:\windows\system32\config\systemprofile\Šablony\wordpfct.wpg
c:\windows\system32\config\systemprofile\Oblíbené položky\Desktop.ini
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\Home.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\News.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\Product Registration.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\Products.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\Services, Software, and Accessories.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\Support and Downloads.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Lenovo Recommended Sites\ThinkVantage Technologies.url
c:\windows\system32\config\systemprofile\Oblíbené položky\MSN.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Odkazy\Hotmail.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Odkazy\Vlastní odkazy.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Odkazy\Windows Media.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Odkazy\Windows.url
c:\windows\system32\config\systemprofile\Oblíbené položky\Průvodce rozhlasovými stanicemi.url
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 15:01 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 15:01 . 2010-01-24 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 15:01 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 14:21 . 2010-01-24 14:27 -------- d-----w- C:\$AVG
2010-01-24 14:21 . 2010-01-24 14:21 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-24 14:21 . 2010-01-24 14:21 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-24 14:20 . 2010-01-24 14:20 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 14:20 . 2010-01-24 14:20 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-20 16:42 . 2010-01-20 16:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-13 19:20 . 2009-11-21 16:46 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 22:23 . 2009-07-20 05:56 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 16:22 . 2008-07-04 18:26 -------- d-----w- c:\program files\SpeedFan
2010-01-24 14:21 . 2008-05-28 04:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 14:21 . 2008-05-28 04:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 14:21 . 2007-11-06 20:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-24 14:21 . 2008-07-03 06:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 14:20 . 2008-05-28 04:01 -------- d-----w- c:\program files\AVG
2010-01-24 09:22 . 2007-06-20 02:23 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-20 16:41 . 2007-06-20 02:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 06:30 . 2007-06-20 09:41 83940 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 06:30 . 2007-06-20 09:41 441324 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 06:09 . 2009-09-15 20:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 19:08 . 2007-06-20 09:42 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 16:46 . 2007-06-20 09:41 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-24_22.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 22:53 . 2010-01-24 22:53 16384 c:\windows\Temp\Perflib_Perfdata_978.dat
+ 2010-01-24 22:53 . 2010-01-24 22:53 16384 c:\windows\Temp\Perflib_Perfdata_868.dat
.
 
Combofix log part2

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2006-03-15 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-19 110592]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-24 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Jana Hýebaźkov*\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Samsung Auto Backup Guage.lnk.disabled [2009-9-5 591]
Samsung Auto Backup Real-Time Daemon.lnk.disabled [2009-9-5 611]
Samsung Auto Backup Scheduler.lnk.disabled [2009-9-5 595]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk.disabled [2007-7-13 940]
Adobe Gamma Loader.lnk.disabled [2007-7-13 993]
Adobe Reader Speed Launch.lnk.disabled [2008-10-16 1764]
Digital Line Detect.lnk.disabled [2007-6-20 493]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-24 14:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 17:20 40448 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"iRiver Updater"=\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19413:TCP"= 19413:TCP:Azureus TCP
"19413:UDP"= 19413:UDP:Azureus UDP

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [24.1.2010 15:21 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24.1.2010 15:21 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.5.2008 5:01 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.5.2008 5:01 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24.1.2010 15:20 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [24.1.2010 15:20 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [24.1.2010 15:20 5832712]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.7.2009 6:57 222968]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.3.2006 15:05 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [14.7.2006 14:55 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25.4.2006 18:00 3456]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12.10.2009 17:33 46824]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [24.1.2010 15:20 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [24.1.2010 15:20 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [24.1.2010 15:20 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [24.1.2010 15:20 25736]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.9.2009 14:09 721904]
S2 gupdate1c8de6c98017248;Google Update Service (gupdate1c8de6c98017248);c:\program files\Google\Update\GoogleUpdate.exe [15.7.2008 8:04 133104]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.9.2009 14:08 102400]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [24.1.2010 15:20 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 04:40]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 04:40]

2010-01-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-06-20 16:13]

2010-01-20 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-01-20 14:31]

2010-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jana Hřebačková\Data aplikací\Mozilla\Firefox\Profiles\fto3rbgm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://puvodni.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-8461-7759-5462-8226 - c:\program files\Azureus\uninstall.exe
AddRemove-Azureus - c:\program files\Azureus\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 00:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1940)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Celkový čas: 2010-01-25 00:07:49
ComboFix-quarantined-files.txt 2010-01-24 23:07

Před spuštěním: Volných bajtů: 10*379*853*824
Po spuštění: Volných bajtů: 10*341*109*760

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 024873D76E096E00EEC3B11A2DB702D6
 
HJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:19:01, on 25.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk.disabled
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk.disabled
O4 - Startup: Samsung Auto Backup Scheduler.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8de6c98017248) (gupdate1c8de6c98017248) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 14951 bytes
 
yogibeer said:
Using HJ I fixed the problem mentioned by gamblingman. I am not sure if there was an improvement in computer behavior, it still took too much time to start up and it looked like something was still wrong.
After that, I downloaded Combofix and scanned the computer. I´m posting its log plus a fresh HJ log.
The computer still starts up at unchanged rate. But at least a few things improved as I can access my flashdrive without the need to right-click and choosing "explore" (that I had to do before that). Plus the fan speed seems to be not on the maximum all the time...
Click to expand...

How is it showing odd behaviour?

And for the slowness of your machine, wow you have so many startup and running processes. I am sure that Johnb will have some recommendations on what can be turned off so that you can boot and run faster. I'll also look though your processes as well to try and sort some of that out.

But there is something you can provide me, what programs do you use on a regular basis? And also how good are you with remembering to update things?

As a "for instance", I turn off all auto-updates except for the Microsoft offerings. This way I dont have programs like Apple Updater, Google Updater, Java Updater, etc... running all the time. It freed up a lot of system resources to just go to those providers and just manually check once every week or two.

Do you use wireless capability on your computer? I have a laptop, but it never leaves my desk but three times a year. So I turned off ALL the wireless tools and managements. That reduced the heat on my laptop and freed up resources as well.

So tell me, what programs do you use, and how do you use your laptop? I'm not trying to be nosy, and if there is something you'd rather not tell, that's fine.

(I would have suggested running combofix, but I am not trained on how to read the report. Thats why we have great people like Johnb!)
 
I use my laptotp in the same way you described - "desktop".
On regular basis I do not use more than MS Office tools, Internet browsers, ICQ, Skype, Adobe utilities, music and video players. From wireless capabilities only occasionally bluetooth.
In updating, I more or less rely on update reminders if there are any. I would definitely invite recommendations on which of the running processes can be turned off to get a better performance.
 
processes

I'll have to get back to you on that in a few days. I have a very busy week ahead of me. But I'll try to work on a way for you to speed up that machine. Though I'm sure there are others who will be glad to toss some thoughts your way.

But I think you will find this useful. Its one of the resources I used to get my computer in shape after purchase. My computer was full of inefficiencies straight from Dell.

Its from PCStats, and I think its a very thorough guide. Its full of tips that will help you to use XP more efficiently. Some of the tips will help you to set your OS to work better, and some will just make life easier on you while doing repetitive tasks (I love #27).

Though be mindful, some of these items used in the wrong way could create problems. #3 for instance, leave pre-fetch alone unless you want a slower computer. Or #19, I would NEVER use remote access, I believe it to be a problem waiting to happen.

And just so you know, its not like you have to go in order of the list. I would get started with the guide, especially with numbers 5, 6, 7, 9 & 17. If you have questions, just ask.

PCStats Beginner Guide for Windows: http://www.pcstats.com/articleview.cfm?articleID=1494

And remember, Google is your friend!
http://www.google.com/
 
Last edited:
or....not.

Ok, I mis-spoke. After working on your startup and running processes, wow it would take me more than a few days to go through all that. Ive already found about 6 items, but it would take me at least a week or more to get through all of it.

You could probably do it faster than me because you can look in task manager to see whats taking up the most memory and processing time to see if they can be stopped.
 
Rerun hijackthis and place a check next to these entries.


O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: Samsung Auto Backup Guage.lnk.disabled
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk.disabled
O4 - Startup: Samsung Auto Backup Scheduler.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk.disabled

Then click on fix checked at the bottom. Do you really use all those ibm programs on startup? If not, I would disable those as well.
 
Its not bigfoot, just an Oregonian mountain man

I was wondering the same thing Johnb. While looking at quite a few of those processes it was coming back with things that I was unsure about disabling. I didnt even know IBMs still existed, and most of those processes were very difficult to look up. I'm much more familiar with HP, Dell, and Toshiba computers.

This is the list I had so far, I added some descriptions of each one. The descriptions I added are in parentheses:

(* provides support for setting extra keys) O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

(* its a quick access link) O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

(* IBM ad center)O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe

(*fast link for video card, will start as needed) O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

(*Sonic DVD burner) O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

(*InstallShield Update Service Schedlr)O4 - HKLM\..\Run: [ISUSPM Startup]

Though I would double check on those before disabling them. But with the work I had done, using the Bleepingcomputer.com process database, they dont seem to be necessary.
 
Sppeding up

Hi. Thanks for the advice. I already started to go through the programs I use in order to disable the reminders, processes set as actvive that I do not need and such sort of stuff. I also followed Johnb´s advice and disabled suggested programs/entries (since I do not use them at all). I will check all the other "IBM" entries I post a result of how the computer is running.
 
You must log in or register to reply here.
Back
Top