activate.adobe.com na mnoha portech a procesech

[murdocc]

Dobry den,
chtel bych velmi poprosit o pomoc, protoze nekdo zrejme napadnul nasi firemni sit a mame infikovane pocitace. Doposud se mi vzdy vse podarilo dohledat mwavem. Bohuzel ten ted nic nenasel, ovsem v Network Activity vidim, ze se u me deji velmi podivne veci. Hlavne je to obrovsky pocet portu a ruznych procesu s activate.adobe.com, zde davam jen nektere:

svchost.exe:1344 UDP activate.adobe.com:1900 ***** -
svchost.exe:1344 UDP activate.adobe.com:49155 ***** -
AtService.exe:744 TCP activate.adobe.com:5550 romik-laptop:0 Listening
[System Process]:0 TCP activate.adobe.com:2869 activate.adobe.com:49163 Time_Wait

[System Process]:4 TCP activate.adobe.com:5357 activate.adobe.com:49166 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:49167 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:63179 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:63180 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:63184 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:63185 Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:63186 Time_Wait

firefox.exe:3180 TCP activate.adobe.com:63190 activate.adobe.com:63191 Established
firefox.exe:3180 TCP activate.adobe.com:63191 activate.adobe.com:63190 Established
firefox.exe:3180 TCP activate.adobe.com:63192 activate.adobe.com:63193 Established
firefox.exe:3180 TCP activate.adobe.com:63193 activate.adobe.com:63192 Established

Pak tu mam dalsi podezrele konexe a neustale se otviraji nove:

[System Process]:0 TCP romik-laptop:60082 p3slh006.shr.phx3.secureserver.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60073 fx-in-f165.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60074 fx-in-f165.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60077 fx-in-f165.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60078 fx-in-f155.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60075 fx-in-f155.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60080 fx-in-f155.1e100.net:443 (https) Time_Wait
[System Process]:0 TCP romik-laptop:52287 fra07s07-in-f99.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60079 fra07s07-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52294 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52296 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52311 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52312 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52291 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52292 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52293 fra07s07-in-f106.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52300 ez-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52301 ez-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52302 ez-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52307 ez-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52308 ez-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52288 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52290 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52309 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52310 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:52289 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:51396 ey-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60076 ew-in-f102.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:5357 ecsystem-hp:63827 Time_Wait
[System Process]:0 TCP romik-laptop:52303 ecsystem-hp:139 (netbios-ssn) Time_Wait
[System Process]:0 TCP romik-laptop:52304 ecsystem-hp:139 (netbios-ssn) Time_Wait
[System Process]:0 TCP activate.adobe.com:5357 activate.adobe.com:52305 Time_Wait
[System Process]:0 TCP romik-laptop:51395 192.168.1.1:53 (domain) Time_Wait
[System Process]:0 TCP romik-laptop:60072 192.168.1.1:53 (domain) Time_Wait


[System Process]:0 TCP romik-laptop:52004 192.168.1.1:53 (domain) Time_Wait
[System Process]:0 TCP romik-laptop:63445 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63446 ey-in-f120.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63448 fx-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63449 fx-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63450 fx-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63451 fx-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63452 fx-in-f147.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63455 ey-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63456 ey-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:60850 192.168.1.1:53 (domain) Time_Wait
[System Process]:0 TCP romik-laptop:62809 192.168.1.1:53 (domain) Time_Wait

[System Process]:0 TCP romik-laptop:55211 ey-in-f101.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:55212 ew-in-f100.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63444 fx-in-f103.1e100.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63447 fx-in-f147.1e100.net:80 (http) Time_Wait


[System Process]:0 TCP romik-laptop:63176 192.168.1.1:53 (domain) Time_Wait
[System Process]:0 TCP romik-laptop:63187 ecsystem-hp:139 (netbios-ssn) Time_Wait
[System Process]:0 TCP romik-laptop:63188 ecsystem-hp:139 (netbios-ssn) Time_Wait
[System Process]:0 TCP romik-laptop:5357 ecsystem-hp:52439 Time_Wait
[System Process]:0 TCP romik-laptop:5357 ecsystem-hp:52442 Time_Wait
[System Process]:0 TCP romik-laptop:5357 ecsystem-hp:61196 Time_Wait
[System Process]:0 TCP romik-laptop:5357 ecsystem-hp:61197 Time_Wait

[System Process]:0 TCP romik-laptop:63196 n1plpkivs-v03.any.prod.ams1.secureserver.net:80 (http) Time_Wait
[System Process]:0 TCP romik-laptop:63196 n1plpkivs-v03.any.prod.ams1.secureserver.net:80 (http) Time_Wait

[System Process]:0 TCP romik-laptop:63187 ecsystem-hp:139 (netbios-ssn) Time_Wait
[System Process]:0 TCP romik-laptop:63188 ecsystem-hp:139 (netbios-ssn) Time_Wait

Tyhle procesy se mi zdaji podezrely:
Svchost.exe
Lsass.exe
Services.exe
Wininit.exe:440
WMPNETWK.EXE:696

Nevite nekdo, co to zpusobuje a jak se toho zbavit?

[murdocc]

Zde jeste prikladam log z RSIT:


Logfile of random's system information tool 1.09 (written by random/random)
Run by Romik at 2011-09-01 15:45:10
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 4026 MB (65% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe" -service
/QuitInfo:00000000000007A0;00000000000007A4; /AddRef;
"C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
/QuitInfo:0000000000000908;0000000000000858; /AddRef;
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Flashpaste\Flashpaste.exe"
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\USB Server 2\USB Server.exe" /h
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Romik\AppData\Local\Temp\mexe.com"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Romik\Desktop\malwary.docx
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3ac81e06-5100-4438-a392-b1004ac634ca -SystemEventPortName:HostProcess-cba226ce-0967-414e-b69b-074eaae67cf4 -IoCancelEventPortName:HostProcess-1372438a-cd86-454f-9467-b471847494e1 -NonStateChangingEventPortName:HostProcess-8a2d4c8e-4217-452a-8859-e57537a9286e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ed2489eb-0ac3-4a52-bbce-a544bbf285f1
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
taskmgr.exe /3
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Romik\Downloads\00 malware\RSITx64.exe"
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1729793811-742991553-239403447-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1729793811-742991553-239403447-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Romik\AppData\Roaming\Mozilla\Firefox\Profiles\fg6zs544.default

prefs.js - "browser.startup.homepage" - "https://ecardone.com/gex/Ses_admin/ses1.php"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1, firegestures@xuldev.org:1.6, {5b452c4d-4d32-4cb9-93b2-42c9a1abd719}:0.2, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Romik\AppData\Roaming\Mozilla\Firefox\Profiles\fg6zs544.default\extensions\
{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
{5b452c4d-4d32-4cb9-93b2-42c9a1abd719}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-15 16336416]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2009-10-15 1582328]
"FingerPrintSoftwareSplashScreen"=C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [2009-10-15 107520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Romik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
"Flashpaste"=C:\Program Files (x86)\Flashpaste\flashpaste.exe [2009-11-15 630272]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"USB Server"=C:\Program Files (x86)\USB Server 2\USB Server.exe [2010-04-27 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2011-03-25 941320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-10-19 2185032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-10-28 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
C:\Windows\is-T21T4.exe [2011-08-31 709968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
C:\Windows\system32\PrintDisp.exe [2011-01-03 976896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-07-29 17361032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Romik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bitcoin.lnk]
C:\PROGRA~2\Bitcoin\bitcoin.exe [2011-04-27 7490048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Romik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
C:\PROGRA~1\PACKET~1\VPNCMG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Romik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
C:\PROGRA~1\MICROS~2\Office14\ONENOTEM.EXE [2010-03-29 245120]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisallowCpl"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2011-09-01 15:42:35 ----D---- C:\Program Files\trend micro
2011-09-01 15:42:34 ----D---- C:\rsit
2011-09-01 13:25:23 ----D---- C:\romikuv temp
2011-09-01 13:13:17 ----SHD---- C:\Config.Msi
2011-08-31 14:56:34 ----A---- C:\Windows\is-T21T4.exe
2011-08-24 12:00:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 12:00:26 ----A---- C:\Windows\system32\tzres.dll
2011-08-11 19:04:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-11 19:04:34 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-11 19:04:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-11 19:04:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-11 19:04:33 ----A---- C:\Windows\system32\ieui.dll
2011-08-11 19:04:33 ----A---- C:\Windows\system32\iertutil.dll
2011-08-11 19:04:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-11 19:04:32 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-11 19:04:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-08-11 19:04:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-11 19:04:32 ----A---- C:\Windows\system32\urlmon.dll
2011-08-11 19:04:32 ----A---- C:\Windows\system32\url.dll
2011-08-11 19:04:32 ----A---- C:\Windows\system32\jscript9.dll
2011-08-11 19:04:32 ----A---- C:\Windows\system32\jscript.dll
2011-08-11 19:04:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-11 19:04:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-11 19:04:31 ----A---- C:\Windows\system32\wininet.dll
2011-08-11 19:04:31 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 19:04:30 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-11 19:04:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-11 19:04:28 ----A---- C:\Windows\system32\mshtml.dll
2011-08-11 19:04:27 ----A---- C:\Windows\system32\ieframe.dll
2011-08-11 10:43:34 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-11 10:43:34 ----A---- C:\Windows\system32\xmllite.dll
2011-08-11 10:43:34 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-11 10:43:34 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-11 10:43:34 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-11 10:43:33 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-11 10:43:33 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-11 10:43:33 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-11 10:43:33 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-11 10:43:33 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-11 10:43:33 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-11 10:43:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 10:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 10:43:31 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-11 10:43:31 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-11 10:43:31 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-11 10:43:31 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-11 10:43:31 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\wow64win.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\wow64.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\kernel32.dll
2011-08-11 10:43:31 ----A---- C:\Windows\system32\conhost.exe
2011-08-11 10:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 10:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 10:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 10:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 10:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 10:43:30 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-11 10:43:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-11 10:43:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 10:43:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-11 10:43:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-11 10:43:28 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2011-09-01 15:42:36 ----D---- C:\Windows\Temp
2011-09-01 15:42:35 ----RD---- C:\Program Files
2011-09-01 15:41:19 ----D---- C:\Windows\System32
2011-09-01 15:41:19 ----D---- C:\Windows\inf
2011-09-01 15:41:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-01 14:20:43 ----D---- C:\Windows\system32\config
2011-09-01 14:07:45 ----D---- C:\Windows
2011-09-01 14:03:39 ----D---- C:\Users\Romik\AppData\Roaming\Skype
2011-09-01 13:54:00 ----D---- C:\Windows\SoftwareDistribution
2011-09-01 13:52:45 ----D---- C:\Windows\system32\LogFiles
2011-09-01 13:25:46 ----D---- C:\Windows\SysWOW64
2011-09-01 13:22:16 ----D---- C:\Windows\pss
2011-09-01 13:16:23 ----SHD---- C:\Windows\Installer
2011-09-01 13:16:21 ----SHD---- C:\System Volume Information
2011-09-01 13:15:55 ----RD---- C:\Program Files (x86)
2011-09-01 13:14:40 ----D---- C:\Program Files\PacketiX VPN Client 64-bit Edition English
2011-09-01 13:13:31 ----D---- C:\Program Files (x86)\Adobe
2011-09-01 13:13:17 ----D---- C:\Program Files (x86)\Common Files
2011-09-01 10:32:17 ----D---- C:\Users\Romik\AppData\Roaming\Bitcoin
2011-09-01 10:32:16 ----D---- C:\Users\Romik\AppData\Roaming\flashpaste
2011-09-01 10:31:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-31 16:19:46 ----D---- C:\Windows\debug
2011-08-31 16:18:54 ----D---- C:\Program Files (x86)\CCleaner
2011-08-31 14:56:34 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-31 14:20:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-31 13:51:51 ----D---- C:\Users\Romik\AppData\Roaming\webex
2011-08-30 12:41:35 ----D---- C:\Windows\rescache
2011-08-30 10:44:20 ----D---- C:\Program Files (x86)\Digsby
2011-08-29 10:41:01 ----D---- C:\Windows\system32\NDF
2011-08-24 17:39:24 ----D---- C:\Windows\winsxs
2011-08-24 17:39:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 17:39:23 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 12:00:10 ----D---- C:\Windows\system32\catroot2
2011-08-24 12:00:10 ----D---- C:\Windows\system32\catroot
2011-08-23 12:38:10 ----HD---- C:\ProgramData
2011-08-23 10:35:36 ----D---- C:\Windows\system32\Tasks
2011-08-23 10:35:35 ----RD---- C:\Program Files (x86)\Skype
2011-08-23 10:35:34 ----D---- C:\ProgramData\Skype
2011-08-17 14:58:38 ----D---- C:\ProgramData\Temp
2011-08-17 10:44:39 ----D---- C:\Windows\system32\wdi
2011-08-12 12:30:35 ----D---- C:\Windows\Microsoft.NET
2011-08-12 12:30:34 ----RSD---- C:\Windows\assembly
2011-08-12 10:49:14 ----D---- C:\Windows\SYSWOW64\migration
2011-08-12 10:49:14 ----D---- C:\Windows\system32\migration
2011-08-12 10:49:14 ----D---- C:\Windows\system32\drivers
2011-08-12 10:49:14 ----D---- C:\Windows\AppPatch
2011-08-12 10:49:14 ----D---- C:\Program Files\Internet Explorer
2011-08-12 10:49:14 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-12 10:46:28 ----A---- C:\Windows\system32\MRT.exe
2011-08-12 10:46:06 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2006-11-18 55296]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-10-15 551936]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 EST_BusEnum;Network USB Device Bus; C:\Windows\system32\DRIVERS\GenBus.sys [2009-10-06 29696]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 26928]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 Neo_VPN1;VPN Client Device Driver - VPN1; C:\Windows\system32\DRIVERS\Neo_0013.sys [2011-07-01 29808]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NUS_Bus;Network USB Server Bus; C:\Windows\system32\DRIVERS\NUS_Bus.sys [2010-01-28 30208]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2008-09-25 37440]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-26 6144]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 54272]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 52224]
S3 EST_Server;Network USB Device; C:\Windows\system32\DRIVERS\GenHC.sys [2009-10-06 199168]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2009-10-15 117760]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-06-01 43568]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4908576]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-15 382496]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-10-28 65536]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2009-10-15 2505976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2009-10-15 130048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]

-----------------EOF-----------------

Diky moc za radu.

[murdocc]

Zde jeste log z hijackthis:


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:29, on 1.9.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Flashpaste\Flashpaste.exe
C:\Program Files (x86)\USB Server 2\USB Server.exe
C:\Users\Romik\AppData\Local\Temp\mexe.com
C:\Users\Romik\AppData\Local\Temp\viewtcp.exe
C:\Users\Romik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romik\Downloads\00 malware\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsbcnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Romik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Flashpaste] C:\Program Files (x86)\Flashpaste\flashpaste.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [USB Server] "C:\Program Files (x86)\USB Server 2\USB Server.exe" /h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AuthenTec Fingerprint Service (ATService) - Unknown owner - C:\Windows\system32\AtService.exe (file missing)
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7885 bytes

[motji]

Dobrý večer
Podle pravidel fora se firemní sítí nezabýváme, obraťte se na Vašeho IT technika.
Děkujeme za pochopení.

[murdocc]

Kde to je v pravidlech?

[vyosek]

Zdravim a pekny vecer preji

Omlouvam se kolegyni za vstup.

Je to tam, co jste mel cist jeste pred polozenim dotazu

Pravidla fóra a Důležité informace
Před založením nového příspěvku prosíme o přečtení následujícího
Moderátor: Site admins

Takze zde bod 7 http://viry.cz/forum/viewtopic.php?f=12&t=2784