ComboFix 12-04-09.05 - Viktor 09.04.2012 23:31:33.1.2 - x86 Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3066.2161 [GMT 2:00] Spuštěný z: c:\documents and settings\Viktor\Plocha\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !! . . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Viktor\LOCALS~1\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll c:\documents and settings\Viktor\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll c:\documents and settings\Viktor\WINDOWS c:\program files\ShopperReports3 c:\program files\ShopperReports3\bin\3.0.517.0\BRNStie.dll c:\program files\ShopperReports3\bin\3.0.517.0\CmndFF.dll c:\program files\ShopperReports3\bin\3.0.517.0\CntntCntr.dll c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf c:\program files\ShopperReports3\bin\3.0.517.0\link.ico c:\program files\ShopperReports3\bin\3.0.517.0\mozillaps.dll c:\program files\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe c:\windows\Downloaded Program Files\IDropPTB.dll c:\windows\system\Pncrt.dll c:\windows\system32\SET103.tmp c:\windows\system32\SET110.tmp c:\windows\system32\SETF7.tmp c:\windows\system32\SETFC.tmp c:\windows\system32\system32 c:\windows\system32\system32\3DAudio.ax c:\windows\system32\system32\avrt.dll c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\mfplat.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((( Soubory vytvořené od 2012-03-09 do 2012-04-09 ))))))))))))))))))))))))))))))) . . 2012-04-09 16:05 . 2012-04-09 16:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI 2012-04-09 14:18 . 2012-04-09 14:20 -------- d-----w- c:\program files\ATI Technologies 2012-04-09 14:18 . 2012-04-09 14:18 -------- d-----w- c:\program files\ATI 2012-04-09 13:12 . 2012-04-09 13:12 -------- d-----w- c:\windows\system32\wbem\Repository 2012-04-09 13:00 . 2012-04-09 13:00 -------- d-----w- c:\documents and settings\All Users\Uniblue 2012-04-08 22:40 . 2010-08-26 09:12 57344 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-08 22:40 . 2010-08-26 09:12 53248 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-08 22:40 . 2010-08-26 09:10 4390912 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-08 22:40 . 2010-08-26 09:01 15876096 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-08 22:40 . 2010-08-26 08:34 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-08 22:40 . 2010-08-26 08:22 64512 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-08 22:40 . 2009-05-12 04:35 118784 ----a-w- c:\windows\system32\atibtmon.exe 2012-04-08 17:54 . 2012-04-08 17:54 251 ----a-w- C:\user.js 2012-04-08 17:53 . 2012-04-08 17:53 -------- d-----w- c:\documents and settings\Viktor\Local Settings\Data aplikací\Babylon 2012-04-08 17:53 . 2012-04-08 17:53 -------- d-----w- c:\documents and settings\Viktor\Data aplikací\Babylon 2012-04-08 17:53 . 2012-04-08 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon 2012-04-08 13:29 . 2012-04-08 13:29 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files 2012-04-08 00:07 . 2012-04-08 00:07 -------- d-----w- C:\AuthLog 2012-04-07 23:52 . 2012-04-07 23:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess 2012-04-07 19:38 . 2012-04-07 19:38 -------- d-----w- c:\documents and settings\Viktor\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-04-07 11:11 . 2012-04-07 11:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\KONAMI 2012-04-06 10:03 . 2012-04-06 10:03 -------- d-----w- c:\documents and settings\Viktor\Data aplikací\Adobe Mini Bridge CS5 2012-04-06 10:03 . 2012-04-06 10:03 -------- d-----w- c:\documents and settings\Viktor\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-04-06 08:43 . 2003-04-15 23:10 110592 ----a-w- c:\windows\system32\tsccvid.dll 2012-04-06 08:43 . 2012-04-06 08:43 -------- d-----w- c:\program files\CDVPlayer 2012-04-06 08:43 . 2012-04-06 08:43 466944 ------w- c:\windows\Setup1.exe 2012-04-06 08:43 . 2012-04-06 08:43 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-04-06 08:40 . 2012-04-06 08:40 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-03-17 23:15 . 2012-03-17 23:15 -------- d-----w- c:\documents and settings\Viktor\Local Settings\Data aplikací\Samsung 2012-03-17 23:15 . 2012-03-17 23:15 -------- d-----w- c:\documents and settings\Viktor\Data aplikací\Samsung 2012-03-17 23:04 . 2011-12-23 19:58 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-03-17 23:03 . 2012-03-17 23:03 -------- d-----w- c:\program files\MarkAny 2012-03-17 23:03 . 2011-12-23 19:58 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-03-17 23:03 . 2011-12-23 19:58 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-03-17 23:02 . 2012-03-17 23:05 -------- d-----w- c:\program files\Samsung 2012-03-17 23:02 . 2012-03-17 23:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Samsung 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\documents and settings\Viktor\Local Settings\Data aplikací\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-06 23:15 . 2011-08-18 16:37 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2011-08-18 16:37 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-06 23:03 . 2011-08-18 16:47 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:03 . 2011-08-18 16:37 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-06 23:02 . 2011-08-18 16:37 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-06 23:01 . 2011-08-18 16:37 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-06 23:01 . 2011-08-18 16:37 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-06 23:01 . 2011-08-18 16:37 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-06 23:01 . 2011-08-18 16:37 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-06 22:58 . 2011-08-18 16:37 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-02-25 22:14 . 2012-01-22 21:15 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll 2012-02-25 22:14 . 2012-01-22 21:15 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll 2012-02-03 09:57 . 2011-08-18 13:46 1860096 ------w- c:\windows\system32\win32k.sys 2012-01-28 15:34 . 2012-01-28 15:34 22016 ----a-w- c:\windows\system32\prospeed_bmp2jpg.dll 2012-01-23 22:01 . 2011-09-01 18:28 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2012-01-22 18:04 . 2011-08-18 16:42 737280 ----a-w- c:\windows\iun6002.exe 2012-01-11 19:07 . 2012-02-15 21:51 3072 ------w- c:\windows\system32\iacenc.dll . . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-17 21416] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "TpShocks"="TpShocks.exe" [2008-06-06 181536] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-01-14 389120] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-01-14 208896] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2011-09-23 64112] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624] "Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2007-05-25 2748416] "Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 918824] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-05 500208] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-28 596584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2008-10-26 16:41 180224 ------w- c:\windows\system32\FpWinlogonNp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 10:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2011 21:47 664064] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.5.2008 16:21 19496] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.8.2011 18:47 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.8.2011 18:37 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.8.2011 18:37 20696] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [26.10.2008 18:33 1676536] R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2.2.2011 15:08 18656] R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [26.10.2008 18:38 98304] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [26.10.2008 18:41 118784] R2 mitsijm2012;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2012;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [8.12.2010 7:28 579384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [10.7.2008 2:22 218136] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [18.8.2011 15:51 53248] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24.11.2008 15:34 520192] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [23.9.2011 21:20 70768] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [23.9.2011 20:21 539248] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [18.8.2011 15:39 482176] R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [25.5.2007 14:55 65024] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.11.2011 22:49 47360] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.2.2008 15:54 37312] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [9.5.2008 17:50 360448] S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [26.10.2008 18:38 106496] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [18.3.2012 1:05 30312] S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [21.8.2011 2:16 135680] S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [21.8.2011 2:16 186752] S3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\drivers\HDJMidi.sys [21.8.2011 2:16 156800] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [18.3.2012 1:05 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [18.3.2012 1:05 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [18.3.2012 1:05 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [18.3.2012 1:05 114280] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [21.8.2011 14:12 16896] S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [10.7.2008 2:15 31256] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.7.2008 11:49 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] . Obsah adresáře 'Naplánované úlohy' . 2012-04-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] . 2011-12-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . 2012-04-08 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-08-18 16:52] . 2012-04-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-08-19 20:18] . . ------- Doplňkový sken ------- . uStart Page = hxxp://isearch.avg.com/?cid={88FB09EC-2AF0-4E8E-A472-74BEFA5FD05E}&mid=00c94baeb78547d08467d1191024e9fb-7968bfeabddc0d669838888be557a188e7212dbc&lang=en&ds=rn011&pr=sa&d=2012-04-08 15:29&v=10.2.0.3&sap=hp mStart Page = hxxp://startsear.ch/?aff=1 uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll LSP: c:\program files\VMware\VMware Player\vsocklib.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\documents and settings\Viktor\Data aplikací\Mozilla\Firefox\Profiles\sniyoho3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Beaba90c4-5ecf-47c0-bd58-73230c9c4d4d%7D&mid=00c94baeb78547d08467d1191024e9fb-7968bfeabddc0d669838888be557a188e7212dbc&ds=rn011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-08%2015%3A29%3A27&sap=ku&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: extensions.BabylonToolbar_i.id - f8d0b5c70000000000000022fac28c1c FF - user.js: extensions.BabylonToolbar_i.hardId - f8d0b5c70000000000000022fac28c1c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:54 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Asociace souborů ------- . .scr=AutoCADScriptFile . - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk Notify-ACNotify - ACNotify.dll AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-09 23:56 Windows 5.1.2600 Service Pack 3 NTFS . skenování skrytých procesů ... . skenování skrytých položek 'Po spuštění' ... . skenování skrytých souborů ... . . c:\windows\system32\TPHDLOG0.LOG 384 bytes . sken byl úspešně dokončen skryté soubory: 1 . ************************************************************************** . --------------------- ZAMKNUTÉ KLÍČE V REGISTRU --------------------- . [HKEY_USERS\S-1-5-21-1611994855-3919075907-1697557839-1005\Software\SecuROM\License information*] "datasecu"=hex:df,bf,25,19,e9,2f,75,af,cd,d6,aa,13,35,87,cf,93,bc,55,a5,14,dc, 24,ad,f2,4a,c7,40,9b,8c,8f,b0,85,b4,80,41,74,5f,c8,01,b3,76,28,27,d4,5f,32,\ "rkeysecu"=hex:fb,b1,6e,46,82,b4,df,c9,be,f4,82,f7,28,18,31,d9 . --------------------- Knihovny navázané na běžící procesy --------------------- . - - - - - - - > 'winlogon.exe'(1280) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(4864) c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll c:\windows\system32\msi.dll c:\windows\system32\AcSignIcon.dll c:\windows\system32\btmmhook.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL c:\progra~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL c:\windows\system32\Sensor.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Jiné spuštené procesy ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\VMware\VMware Player\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\TpShocks.exe c:\windows\system32\wscntfy.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Lenovo\Client Security Solution\password_manager.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe . ************************************************************************** . Celkový čas: 2012-04-10 00:02:25 - počítač byl restartován ComboFix-quarantined-files.txt 2012-04-09 22:02 . Před spuštěním: Volných bajtů: 127 924 932 608 Po spuštění: Volných bajtů: 127 989 678 080 . WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe . - - End Of File - - 1290EF45FC0F1844441307594057DDEA