OPAKOVANÁ KRÁDEŽ HESLA RAPIDSHARu PREMIUM

[Merloc]

Dobrý den, dnes jsem si všiml, že mi z mého premium účtu na rapidu stahuje od pátku někdo z cizí (polské) IP adresy. Heslo na RS jsem okamžizě změnil a log na stránkách RS jsme sledoval. Asi po třech hodinách se znovu na můj účet přihlásil někdo cizí. Protože se zde podobný problém již řešil, zasílám předem log z RSITu. Děkuji za pomoc.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-03-01 18:53:31
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 52 GB (37%) free of 141 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:02, on 1.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\System32\spool\drivers\w32x86\3\Print2PDF.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Martin\Desktop\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Windows\system32\spool\drivers\w32x86\3\Print2PDF.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: ZákonyČR.lnk = C:\Program Files\ZakonyCR\Update.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Windows\system32\spool\drivers\w32x86\3\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Windows\system32\spool\drivers\w32x86\3\Print602.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O15 - Trusted Zone: http://csnonline.unmz.cz
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,13,3,0
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://dk.waycom.cz:5004/plugin/h263ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12766 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\User_Feed_Synchronization-{EB4D7F0F-7CD0-4430-8FF9-EAA95C99E55F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-11 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - Lenovo ThinkVantage Toolbox - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll [2009-11-22 137712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-08-03 62240]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-10 1045800]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-02-02 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [2008-03-24 64368]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-10-08 256576]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-25 487424]
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2008-06-08 165208]
"LPMailChecker"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe [2008-06-08 124248]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"CreateLMBCShortCut"=C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [2009-01-21 36864]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-25 3077432]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-15 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-15 92704]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]
"AMSG"=C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe [2009-04-29 424512]
"PrintPack dispatcher"=C:\Windows\system32\spool\drivers\w32x86\3\Print2PDF.exe [2009-09-16 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2010-01-06 1070984]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ZákonyČR.lnk - C:\Program Files\ZakonyCR\Update.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-05-21 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"BackupNoCDBurning"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-01 18:53:31 ----D---- C:\rsit
2010-03-01 18:53:31 ----D---- C:\Program Files\trend micro
2010-03-01 13:10:20 ----A---- C:\ComboFix.txt
2010-03-01 13:06:38 ----D---- C:\$RECYCLE.BIN
2010-03-01 12:01:00 ----A---- C:\Windows\zip.exe
2010-03-01 12:01:00 ----A---- C:\Windows\SWSC.exe
2010-03-01 12:01:00 ----A---- C:\Windows\SWREG.exe
2010-03-01 12:01:00 ----A---- C:\Windows\sed.exe
2010-03-01 12:01:00 ----A---- C:\Windows\PEV.exe
2010-03-01 12:01:00 ----A---- C:\Windows\NIRCMD.exe
2010-03-01 12:01:00 ----A---- C:\Windows\MBR.exe
2010-03-01 12:01:00 ----A---- C:\Windows\grep.exe
2010-03-01 11:52:03 ----A---- C:\Windows\SWXCACLS.exe
2010-03-01 11:44:17 ----D---- C:\Windows\ERDNT
2010-03-01 11:44:16 ----A---- C:\Windows\system32\CF502.exe
2010-03-01 11:44:11 ----D---- C:\Qoobox
2010-02-24 09:06:49 ----D---- C:\FLASH
2010-02-24 08:00:06 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 07:59:58 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 07:59:11 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 07:59:08 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 07:58:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 07:58:48 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 07:58:48 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 07:58:48 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 07:58:48 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 07:58:48 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 07:58:48 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 07:58:45 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 07:58:45 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 07:58:44 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 11:38:10 ----A---- C:\Windows\system32\aswBoot.exe
2010-02-23 11:38:00 ----D---- C:\ProgramData\Alwil Software
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MUINST_B.EXE
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MTAG32_B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MSTMON_B.EXE
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MSTMON_B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MSPOOL_B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MLMON__B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MINFIN_B.EXE
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MIMF32_B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MICM___B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MGDI32_B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\system32\MCMM___B.DLL
2010-02-15 10:55:48 ----A---- C:\Windows\MSUMLT_B.INI
2010-02-15 10:55:48 ----A---- C:\Windows\MSTMON_B.INI
2010-02-15 10:55:48 ----A---- C:\Windows\MREADM_B.TXT
2010-02-15 08:09:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-15 08:09:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-13 18:27:18 ----D---- C:\Windows\system32\PolarClock3 dir
2010-02-11 11:23:06 ----A---- C:\Windows\ParrotFlashWiz.INI
2010-02-11 11:22:02 ----D---- C:\Program Files\Parrot Software Update Tool
2010-02-11 07:41:50 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 07:41:49 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-01 18:53:43 ----D---- C:\Windows\Prefetch
2010-03-01 18:53:35 ----D---- C:\Windows\Temp
2010-03-01 18:53:31 ----RD---- C:\Program Files
2010-03-01 18:37:52 ----D---- C:\Windows\Tasks
2010-03-01 18:35:37 ----A---- C:\sysiclog.txt
2010-03-01 16:26:55 ----D---- C:\Windows\System32
2010-03-01 16:26:55 ----D---- C:\Windows\inf
2010-03-01 16:26:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-01 15:45:15 ----D---- C:\Users\Martin\AppData\Roaming\vlc
2010-03-01 14:55:02 ----D---- C:\FILM
2010-03-01 14:40:24 ----SHD---- C:\System Volume Information
2010-03-01 13:10:23 ----D---- C:\Windows\system32\drivers
2010-03-01 13:06:47 ----D---- C:\Windows
2010-03-01 13:06:47 ----A---- C:\Windows\system.ini
2010-03-01 12:14:32 ----D---- C:\Windows\system32\config
2010-03-01 12:10:24 ----D---- C:\Windows\AppPatch
2010-03-01 12:10:23 ----D---- C:\Program Files\Common Files
2010-03-01 11:44:16 ----D---- C:\Windows\system32\cs-CZ
2010-03-01 11:42:34 ----D---- C:\DRIVER
2010-03-01 10:38:32 ----AD---- C:\ProgramData\TEMP
2010-03-01 08:23:50 ----D---- C:\Gview
2010-02-25 13:17:31 ----SHD---- C:\Windows\Installer
2010-02-25 10:43:11 ----D---- C:\DOPISY
2010-02-25 09:58:39 ----SD---- C:\Users\Martin\AppData\Roaming\Microsoft
2010-02-24 10:58:25 ----D---- C:\Windows\rescache
2010-02-24 10:40:51 ----RSD---- C:\Windows\Fonts
2010-02-24 09:31:03 ----D---- C:\Windows\winsxs
2010-02-24 09:30:10 ----D---- C:\Windows\system32\catroot
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 07:58:32 ----D---- C:\Windows\system32\catroot2
2010-02-23 11:38:00 ----D---- C:\ProgramData
2010-02-23 11:38:00 ----D---- C:\Program Files\Alwil Software
2010-02-23 07:46:03 ----D---- C:\Users\Martin\AppData\Roaming\Skype
2010-02-23 07:45:52 ----D---- C:\Users\Martin\AppData\Roaming\skypePM
2010-02-18 11:03:54 ----D---- C:\ProgramData\Adobe
2010-02-18 11:03:54 ----D---- C:\Program Files\Common Files\Adobe
2010-02-15 08:37:34 ----D---- C:\DOTACE-SKÁLA
2010-02-12 08:04:33 ----D---- C:\Program Files\Windows Mail
2010-02-11 15:03:58 ----D---- C:\ProgramData\Microsoft Help
2010-02-11 11:34:53 ----D---- C:\hasici
2010-02-05 13:47:56 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-02-11 291920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888]
R1 Ext2Fsd;Linux ext2 file system driver; C:\Windows\system32\drivers\Ext2Fsd.sys [2009-07-26 659592]
R1 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys [2008-08-28 60352]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2009-06-16 11552]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-07-14 676864]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-16 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2009-05-22 33536]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-09-18 251392]
R3 DCamUSBGene;Integrated Camera; C:\Windows\system32\DRIVERS\usbstk.sys [2008-07-31 173584]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2008-05-14 22312]
R3 MTsensor;ATK0101 ACPI UTILITY; C:\Windows\system32\DRIVERS\A0101V32.sys [2006-12-14 7680]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver; C:\Windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-15 7542656]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-01-07 47360]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-05-22 30144]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-10 199728]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-12-08 50832]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
S1 tvtumon;tvtumon; C:\Windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
S2 MLPTDR_B;MLPTDR_B; \??\C:\Windows\system32\MLPTDR_B.SYS [2006-12-08 20064]
S3 ahvj6b9c;ahvj6b9c; C:\Windows\system32\drivers\ahvj6b9c.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-02-27 84008]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-02-27 109608]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-02-27 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-02-27 18344]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver; C:\Windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 u3kmini;ASUS My Cinema-U3000 Mini; C:\Windows\System32\Drivers\u3kmini.sys [2006-10-16 350720]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-04-19 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [2007-10-30 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2009-02-20 567848]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 IBMPMSVC;ThinkPad PM Service for SL Series; C:\Windows\system32\ibmpmsvc.exe [2008-05-14 36128]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LFKAS;Service of LFKA; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-20 208896]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-15 203296]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-06-16 66848]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2009-01-28 39976]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-25 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-25 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-25 1155072]
R2 UpekSrvc;Upek Service; C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-05-21 35080]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-27 211216]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[Rudy]

Dnes jste dělal sken ComboFix. Dejte z něj log.

[Merloc]

Omlouvám se za uvedení v omyl. Přehlédl jsem se v logu na stránkách RS. Heslo mi bylo zcizeno jen jedenkrát.

Zasílám log z combofix:

ComboFix 10-02-28.03 - Martin 01.03.2010 12:04:22.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3070.2162 [GMT 1:00]
Spuštěný z: c:\driver\Combofix\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-289490717-2739233792-3586406988-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Martin\AppData\Roaming\inst.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 11:13 . 2010-03-01 12:06 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-03-01 11:13 . 2010-03-01 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 10:44 . 2010-03-01 10:44 318976 ----a-w- c:\windows\system32\CF502.exe
2010-02-24 08:06 . 2010-02-24 08:19 -------- d-----w- C:\FLASH
2010-02-24 06:59 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 06:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 06:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 06:58 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 06:58 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 06:58 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 06:58 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:58 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:58 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 06:58 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 06:58 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 06:58 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 06:58 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 10:38 . 2010-02-11 18:43 291920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-02-23 10:38 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-23 10:38 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-23 10:38 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-23 10:38 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-23 10:38 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-23 10:38 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-23 10:38 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-23 10:38 . 2010-02-23 10:38 -------- d-----w- c:\programdata\Alwil Software
2010-02-15 07:09 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 07:09 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-13 17:27 . 2010-02-13 17:27 -------- d-----w- c:\windows\system32\PolarClock3 dir
2010-02-13 17:27 . 2010-02-13 17:27 201728 ----a-w- c:\windows\system32\PolarClock3.scr
2010-02-11 10:22 . 2010-02-11 10:22 -------- d-----w- c:\program files\Parrot Software Update Tool
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\users\Martin\AppData\Roaming\Canneverbe_Limited
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-31 09:13 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 11:14 . 2009-05-22 18:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-01 11:02 . 2009-05-22 17:49 648794 ----a-w- c:\windows\system32\perfh005.dat
2010-03-01 11:02 . 2009-05-22 17:49 133704 ----a-w- c:\windows\system32\perfc005.dat
2010-02-24 17:37 . 2009-05-22 18:29 48734 ----a-w- c:\programdata\nvModes.dat
2010-02-24 09:44 . 2009-08-04 14:13 101016 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 00:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:18 . 2009-08-09 19:02 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-02-23 10:38 . 2009-08-22 17:35 -------- d-----w- c:\program files\Alwil Software
2010-02-23 06:46 . 2009-08-04 15:14 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2010-02-23 06:45 . 2009-08-04 15:15 -------- d-----w- c:\users\Martin\AppData\Roaming\skypePM
2010-02-18 10:03 . 2009-08-05 11:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 07:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 14:03 . 2009-05-22 18:50 -------- d-----w- c:\programdata\Microsoft Help
2010-02-05 12:47 . 2009-09-11 18:04 -------- d-----w- c:\program files\Google
2010-01-26 10:24 . 2010-01-06 10:31 -------- d-----w- c:\program files\Trojan Remover
2010-01-26 09:13 . 2010-01-26 09:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-21 08:45 . 2009-08-06 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 10:12 . 2009-10-25 10:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-20 07:35 . 2009-05-22 18:39 -------- d-----w- c:\programdata\PC-Doctor
2010-01-18 12:18 . 2009-05-22 18:39 -------- d-----w- c:\programdata\PCDr
2010-01-18 12:17 . 2010-01-18 12:16 -------- d-----w- c:\program files\PC-Doctor
2010-01-18 12:17 . 2010-01-18 12:17 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-01-07 12:00 . 2010-01-07 11:59 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\users\Martin\AppData\Roaming\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\users\Martin\AppData\Roaming\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 -------- d-----w- c:\program files\DVDFab 6
2010-01-06 15:38 . 2010-02-24 06:58 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:58 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:58 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:58 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\users\Martin\AppData\Roaming\Simply Super Software
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\programdata\Simply Super Software
2010-01-06 10:10 . 2010-01-03 20:18 -------- d-----w- c:\programdata\TuneUp Software
2010-01-03 20:19 . 2010-01-03 20:19 -------- d-----w- c:\users\Martin\AppData\Roaming\TuneUp Software
2010-01-03 20:18 . 2010-01-03 20:18 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-02 06:38 . 2010-01-22 05:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 05:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 05:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 05:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 09:24 . 2009-08-24 12:32 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2009-12-17 13:37 . 2010-01-18 10:18 14912 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\LTTCheck.exe
2009-12-17 07:44 . 2010-01-18 10:18 560624 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\appupdater.exe
2009-12-11 11:43 . 2010-02-11 06:41 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 06:41 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 06:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 06:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-11 06:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 06:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 06:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 06:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 06:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 06:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 06:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 06:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 06:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 06:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 06:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-22 17:52 . 2009-05-22 17:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-02-11 18:41 135168 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-06-16 660768]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-06-16 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-15 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-15 92704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-04-29 424512]
"PrintPack dispatcher"="c:\windows\system32\spool\drivers\w32x86\3\Print2PDF.exe" [2009-09-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-01-06 1070984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Z kony¬R.lnk - c:\program files\ZakonyCR\Update.exe [2003-9-1 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 14:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3a,cb,c5,bc,82,16,ca,01

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [28.1.2009 16:57 20520]
R1 aswSnx;aswSnx;c:\windows\System32\drivers\aswSnx.sys [23.2.2010 11:38 291920]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [23.2.2010 11:38 162512]
R1 Ext2fs;Ext2fs;c:\windows\System32\drivers\ext2fs.sys [26.9.2009 14:49 189888]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [31.10.2009 12:02 659592]
R1 IfsMount;IfsMount;c:\windows\System32\drivers\ifsmount.sys [26.9.2009 14:49 60352]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20.5.2008 3:12 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23.2.2010 11:38 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23.2.2010 11:38 51792]
R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [22.5.2009 19:39 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [22.5.2009 19:39 66848]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [24.9.2008 3:20 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [25.5.2008 0:17 520192]
R2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [21.5.2009 16:11 35080]
R3 DCamUSBGene;Integrated Camera;c:\windows\System32\drivers\USBSTK.sys [22.5.2009 19:21 173584]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\System32\drivers\mux.sys [18.2.2009 5:08 30768]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [4.3.2009 9:49 4232704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26.6.2009 21:55 66080]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [22.5.2009 19:49 48192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.9.2009 19:06 133104]
S2 MLPTDR_B;MLPTDR_B;c:\windows\System32\MLPTDR_B.SYS [15.2.2010 10:55 20064]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [24.5.2008 23:28 360448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [18.9.2009 9:56 29736]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\System32\drivers\mux.sys [18.2.2009 5:08 30768]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [27.2.2009 6:52 211216]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\System32\drivers\u3kmini.sys [26.9.2009 19:45 350720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 18:04]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 18:06]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 18:06]

2010-02-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-03-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-05 07:16]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{EB4D7F0F-7CD0-4430-8FF9-EAA95C99E55F}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ica.cz\b
Trusted Zone: unmz.cz\csnonline
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,13,3,0
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\30gwhari.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 13:06
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Martin\AppData\Local\Temp\Cab9685.tmp 30313 bytes
c:\users\Martin\AppData\Local\Temp\TarA0A3.tmp 32768 bytes
c:\windows\TEMP\TMP00000056E07BB10D03914193 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys spcj.sys >>UNKNOWN [0x854E2938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9d1d24
\Driver\ACPI -> acpi.sys @ 0x805bbd68
\Driver\iaStor -> iastor.sys @ 0x8a2cc0b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2588)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\windows\system32\conime.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkVantage\AMSG\Amsg.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Celkový čas: 2010-03-01 13:10:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-01 12:10

Před spuštěním: Volných bajtů: 53 864 017 920
Po spuštění: Volných bajtů: 53 804 638 208

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 166FA63A12FD8DAEF561DF8FDF6E058B

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Martin\AppData\Local\Temp\Cab9685.tmp
c:\users\Martin\AppData\Local\Temp\TarA0A3.tmp
c:\windows\TEMP\TMP00000056E07BB10D03914193

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Merloc]

Zasílám nový log s dotazem zda je vše v pořádku a zda byl problém na tomto PC. Mám ještě jedno na kterém používám tentýž RS účet. Díky.

ComboFix 10-02-28.03 - Martin 01.03.2010 21:24:12.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3070.2183 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 20:31 . 2010-03-01 20:31 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-03-01 20:31 . 2010-03-01 20:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-01 20:31 . 2010-03-01 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 17:53 . 2010-03-01 17:54 -------- d-----w- C:\rsit
2010-03-01 17:53 . 2010-03-01 17:54 -------- d-----w- c:\program files\trend micro
2010-03-01 10:44 . 2010-03-01 10:44 318976 ----a-w- c:\windows\system32\CF502.exe
2010-02-24 08:06 . 2010-02-24 08:19 -------- d-----w- C:\FLASH
2010-02-24 06:59 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 06:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 06:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 06:58 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 06:58 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 06:58 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 06:58 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:58 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:58 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 06:58 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 06:58 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 06:58 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 06:58 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 10:38 . 2010-02-11 18:43 291920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-02-23 10:38 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-23 10:38 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-23 10:38 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-23 10:38 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-23 10:38 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-23 10:38 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-23 10:38 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-23 10:38 . 2010-02-23 10:38 -------- d-----w- c:\programdata\Alwil Software
2010-02-15 07:09 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 07:09 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-13 17:27 . 2010-02-13 17:27 -------- d-----w- c:\windows\system32\PolarClock3 dir
2010-02-13 17:27 . 2010-02-13 17:27 201728 ----a-w- c:\windows\system32\PolarClock3.scr
2010-02-11 10:22 . 2010-02-11 10:22 -------- d-----w- c:\program files\Parrot Software Update Tool
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\users\Martin\AppData\Roaming\Canneverbe_Limited
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-31 09:13 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-31 09:13 . 2010-01-31 09:13 -------- d-----w- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 20:18 . 2009-05-22 18:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-01 20:14 . 2009-05-22 18:29 48734 ----a-w- c:\programdata\nvModes.dat
2010-03-01 15:26 . 2009-05-22 17:49 648794 ----a-w- c:\windows\system32\perfh005.dat
2010-03-01 15:26 . 2009-05-22 17:49 133704 ----a-w- c:\windows\system32\perfc005.dat
2010-03-01 14:45 . 2009-08-09 19:02 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-02-24 09:44 . 2009-08-04 14:13 101016 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 00:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 10:38 . 2009-08-22 17:35 -------- d-----w- c:\program files\Alwil Software
2010-02-23 06:46 . 2009-08-04 15:14 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2010-02-23 06:45 . 2009-08-04 15:15 -------- d-----w- c:\users\Martin\AppData\Roaming\skypePM
2010-02-18 10:03 . 2009-08-05 11:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 07:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 14:03 . 2009-05-22 18:50 -------- d-----w- c:\programdata\Microsoft Help
2010-02-05 12:47 . 2009-09-11 18:04 -------- d-----w- c:\program files\Google
2010-01-26 10:24 . 2010-01-06 10:31 -------- d-----w- c:\program files\Trojan Remover
2010-01-26 09:13 . 2010-01-26 09:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-21 08:45 . 2009-08-06 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 10:12 . 2009-10-25 10:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-20 07:35 . 2009-05-22 18:39 -------- d-----w- c:\programdata\PC-Doctor
2010-01-18 12:18 . 2009-05-22 18:39 -------- d-----w- c:\programdata\PCDr
2010-01-18 12:17 . 2010-01-18 12:16 -------- d-----w- c:\program files\PC-Doctor
2010-01-18 12:17 . 2010-01-18 12:17 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-01-07 12:00 . 2010-01-07 11:59 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\users\Martin\AppData\Roaming\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 47360 ----a-w- c:\users\Martin\AppData\Roaming\pcouffin.sys
2010-01-07 11:59 . 2010-01-07 11:59 -------- d-----w- c:\program files\DVDFab 6
2010-01-06 15:38 . 2010-02-24 06:58 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:58 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:58 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:58 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\users\Martin\AppData\Roaming\Simply Super Software
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\programdata\Simply Super Software
2010-01-06 10:10 . 2010-01-03 20:18 -------- d-----w- c:\programdata\TuneUp Software
2010-01-03 20:19 . 2010-01-03 20:19 -------- d-----w- c:\users\Martin\AppData\Roaming\TuneUp Software
2010-01-03 20:18 . 2010-01-03 20:18 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-02 06:38 . 2010-01-22 05:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 05:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 05:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 05:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 09:24 . 2009-08-24 12:32 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2009-12-17 13:37 . 2010-01-18 10:18 14912 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\LTTCheck.exe
2009-12-17 07:44 . 2010-01-18 10:18 560624 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\appupdater.exe
2009-12-11 11:43 . 2010-02-11 06:41 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 06:41 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 06:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 06:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-11 06:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 06:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 06:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 06:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 06:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 06:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 06:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 06:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 06:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 06:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 06:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-22 17:52 . 2009-05-22 17:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-02-11 18:41 135168 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-06-16 660768]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-06-16 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-15 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-15 92704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-04-29 424512]
"PrintPack dispatcher"="c:\windows\system32\spool\drivers\w32x86\3\Print2PDF.exe" [2009-09-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-01-06 1070984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Z kony¬R.lnk - c:\program files\ZakonyCR\Update.exe [2003-9-1 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 14:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3a,cb,c5,bc,82,16,ca,01

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [28.1.2009 16:57 20520]
R1 aswSnx;aswSnx;c:\windows\System32\drivers\aswSnx.sys [23.2.2010 11:38 291920]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [23.2.2010 11:38 162512]
R1 Ext2fs;Ext2fs;c:\windows\System32\drivers\ext2fs.sys [26.9.2009 14:49 189888]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [31.10.2009 12:02 659592]
R1 IfsMount;IfsMount;c:\windows\System32\drivers\ifsmount.sys [26.9.2009 14:49 60352]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20.5.2008 3:12 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23.2.2010 11:38 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23.2.2010 11:38 51792]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [22.5.2009 19:39 66848]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [24.9.2008 3:20 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [25.5.2008 0:17 520192]
R2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [21.5.2009 16:11 35080]
R3 DCamUSBGene;Integrated Camera;c:\windows\System32\drivers\USBSTK.sys [22.5.2009 19:21 173584]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\System32\drivers\mux.sys [18.2.2009 5:08 30768]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [4.3.2009 9:49 4232704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26.6.2009 21:55 66080]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [25.10.2009 10:56 721904]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [22.5.2009 19:49 48192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.9.2009 19:06 133104]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [22.5.2009 19:39 208896]
S2 MLPTDR_B;MLPTDR_B;c:\windows\System32\MLPTDR_B.SYS [15.2.2010 10:55 20064]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [24.5.2008 23:28 360448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [18.9.2009 9:56 29736]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\System32\drivers\mux.sys [18.2.2009 5:08 30768]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [27.2.2009 6:52 211216]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\System32\drivers\u3kmini.sys [26.9.2009 19:45 350720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 18:04]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 18:06]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 18:06]

2010-02-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-03-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-05 07:16]

2010-03-01 c:\windows\Tasks\User_Feed_Synchronization-{EB4D7F0F-7CD0-4430-8FF9-EAA95C99E55F}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ica.cz\b
Trusted Zone: unmz.cz\csnonline
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,13,3,0
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\30gwhari.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 21:31
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-01 21:33:32
ComboFix-quarantined-files.txt 2010-03-01 20:33
ComboFix2.txt 2010-03-01 12:10

Před spuštěním: Volných bajtů: 52 262 977 536
Po spuštění: Volných bajtů: 52 222 955 520

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 127E2969984670B8EC1006B3BAD23FA0

[Rudy]

Log již vypadá čistý. Druhé PC můžeme rovněž zkontrolovat.