Útok, jenž nemá reálné opodstatnění

Zpráva

Keemo · #1 Příspěvek od **Keemo** » 13 lis 2011 19:41

Zdravím, už jsem se s tím problémem obracel na velké množství lidí a nikdo mi nebyl schopen konkrétně odpovědět. Již před půl rokem se stalo přítelkyni, že se dala do řeči s jedním expertem přes PC, bohužel nepochopil, že mu nemůže nabídnout vztah. Od té doby začali anonymní sms. Doslova ji psal, co dělám, co provádím. To co jsem nikomu nesdělil on věděl. Změnil jsem hesla, provedl jsem kontroly logu - bez nálezu.

Bohužel jsme se s přítelkyní rozešli, já to řekl pouze jednomu člověku na internetu, teď mi přišla smska s výsměchem, tak jste docvrlikali? Před týdnem se mi stalo, že jsem měl pc v režimu spánku, zapnu pc a naskočila mi adresa s místem, kde jsme byli s přítelkyní. Byl jsem od PC a slyšel jsem kliknutí.

Může mi někdo říct, jak může takhle sofistikovaně nabourat PC a hlavně, jak ho odhalit a eliminovat? Přeci musí být nějaké řešení.

Děkuji předem za každou radu a pomoc.

#2 Příspěvek od **Pavuk29** » 13 lis 2011 21:41

Ma ten clovek fyzicky pristup k tomu PC? Alebo mal?

Keemo · #3 Příspěvek od **Keemo** » 13 lis 2011 21:58

To je zcela vyloučené.

#4 Příspěvek od **Pavuk29** » 14 lis 2011 11:06

Keemo píše: Před týdnem se mi stalo, že jsem měl pc v režimu spánku, zapnu pc a naskočila mi adresa s místem, kde jsme byli s přítelkyní. Byl jsem od PC a slyšel jsem kliknutí.

Este mi toto trosku blizsie vysvetli

Keemo · #5 Příspěvek od **Keemo** » 14 lis 2011 12:03

Měl jsem zapnuté PC, ale odešel jsem jsem od něj. Po chvilce cca 10 - 15 min. se přepnul do režimu spánku (ale PC dále šlo, normálně vydávalo zvuk) samozřejmě jsem měl na pozadí spuštěn internetový prohlížeč se stránkou uvedu např. seznam.cz. Jsem ve vedlejším pokoj a slyším cvaknutí. Říkám si, co je to za zvuk? Nikdy jsem takový zvuk, když jsem měl pc v daném režimu neslyšel, tento zvuk je vydán při přechodu na jinou webovou stránku.

Přijdu k PC, zatřesu myší a naskočí monitor. A koukám jak blázen, místo stránky kde jsem byl původně jsou informační stránky města Železná Ruda. To bylo město, kde jsme s přítelkyní byly na dovolené.

Ten anonym ví vše, psal ji sms s typu, víš, že si píše s holkami, myslíš si, že nemá něco víc s Romanou.

#6 Příspěvek od **Pavuk29** » 14 lis 2011 12:50

posmejdi, ci tam nemas nejaky SW na spravu pocitaca na dialku.

Keemo · #7 Příspěvek od **Keemo** » 14 lis 2011 22:11

Dříve jsem měl v PC nainstalován Team Viewer, ale ten jsem odinstaloval.

#8 Příspěvek od **Pavuk29** » 15 lis 2011 10:52

Skusim trochu pokonzultovat s kolegami....

#9 Příspěvek od **JaRon** » 15 lis 2011 11:03

pokial to nie je nejaka paranoja, tak doporucujem:
1. vlozit log RSIT
2. nainstalovat firewall
3. pozriet ake uzivatelke konta su v PC
4. zmenit nazov PC + ak je to mozne zmenit IP adresu

Keemo · #10 Příspěvek od **Keemo** » 16 lis 2011 02:35

Tak začíná se pěkně vybarvovat.

Napsal jsem sms z internetové brány a on mi okamžitě napsal, ať nežaluji. Tudíž, jakou cestou může vidět? Co píšu? Znamená to, že mám opravdu hacknuté PC nebo má pod palcem bránu?

#11 Příspěvek od **Pavuk29** » 16 lis 2011 13:28

Keemo píše:Tak začíná se pěkně vybarvovat.

Napsal jsem sms z internetové brány a on mi okamžitě napsal, ať nežaluji. Tudíž, jakou cestou může vidět? Co píšu? Znamená to, že mám opravdu hacknuté PC nebo má pod palcem bránu?

Urob, co ti napisal JaRon. Aj na mojom PC bezi (zamerne) keylogger, ktory v pravidelnych intervaloch okrem ineho aj snima obrazovku a uklada to na FTP

A nie je to ziadna veda.

Keemo · #12 Příspěvek od **Keemo** » 16 lis 2011 15:44

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2011-11-16 15:42:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 81 GB (69%) free of 117 GB
Total RAM: 4094 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:32, on 16.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102876&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{722695B7-150A-41EA-9A3A-3B26FB0921F9}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{722695B7-150A-41EA-9A3A-3B26FB0921F9}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{722695B7-150A-41EA-9A3A-3B26FB0921F9}: NameServer = 156.154.70.25,156.154.71.25
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6840 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Secunia\PSI\psi_tray.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\wuauclt.exe"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Michal\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-766713615-57681013-413964504-1000Core.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ryjbgkw1.default

prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
wikipedia.xml
yahoo-en-GB.xml

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ryjbgkw1.default\extensions\
{e001c731-5e37-4538-a5cb-8168736a2360}

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ryjbgkw1.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-13 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 9264456]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-15 136176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\guard64.dll C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-07-18 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2011-11-16 15:42:23 ----D---- C:\rsit
2011-11-16 15:42:23 ----D---- C:\Program Files\trend micro
2011-11-16 10:41:13 ----D---- C:\Program Files (x86)\Zoner
2011-11-15 19:22:31 ----SHD---- C:\Config.Msi
2011-11-15 19:21:16 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-15 19:21:14 ----A---- C:\Windows\system32\win32k.sys
2011-11-15 02:09:04 ----D---- C:\Users\Michal\AppData\Roaming\J River
2011-11-13 21:07:01 ----D---- C:\ProgramData\Kaspersky Lab
2011-11-13 20:29:40 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2011-11-13 20:03:44 ----A---- C:\Windows\system32\javaws.exe
2011-11-13 20:03:44 ----A---- C:\Windows\system32\javaw.exe
2011-11-13 20:03:44 ----A---- C:\Windows\system32\java.exe
2011-11-13 19:55:04 ----D---- C:\Program Files (x86)\Secunia
2011-11-11 23:29:52 ----D---- C:\Program Files (x86)\PokerStars
2011-11-09 20:37:25 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-11-09 20:37:16 ----D---- C:\Program Files\Microsoft Security Client
2011-11-07 16:44:35 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2011-11-07 16:44:35 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2011-11-06 13:43:15 ----D---- C:\Users\Michal\AppData\Roaming\Apple Computer
2011-11-06 13:42:14 ----D---- C:\ProgramData\Apple Computer
2011-11-06 13:42:14 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-06 13:41:28 ----D---- C:\Program Files (x86)\Apple Software Update
2011-11-06 13:40:35 ----D---- C:\ProgramData\Apple
2011-11-01 17:32:15 ----A---- C:\Windows\system32\shell32.dll
2011-11-01 17:32:10 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-10-23 21:23:23 ----D---- C:\Users\Michal\AppData\Roaming\NeatImage SL 64
2011-10-22 13:02:00 ----D---- C:\Users\Michal\AppData\Roaming\Mp3tag
2011-10-22 13:01:51 ----D---- C:\Program Files (x86)\Mp3tag
2011-10-22 11:26:33 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-22 11:26:33 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-22 11:26:33 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-21 09:07:57 ----A---- C:\Windows\system32\cmdcsr.dll
2011-10-20 15:05:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-20 15:05:20 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-20 15:05:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-20 15:05:19 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-20 15:05:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-20 15:05:19 ----A---- C:\Windows\system32\urlmon.dll
2011-10-20 15:05:19 ----A---- C:\Windows\system32\url.dll
2011-10-20 15:05:19 ----A---- C:\Windows\system32\iertutil.dll
2011-10-20 15:05:18 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-20 15:05:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-20 15:05:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-20 15:05:18 ----A---- C:\Windows\system32\wininet.dll
2011-10-20 15:05:18 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-20 15:05:18 ----A---- C:\Windows\system32\jscript9.dll
2011-10-20 15:05:18 ----A---- C:\Windows\system32\ieui.dll
2011-10-20 15:05:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-20 15:05:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-20 15:05:17 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-20 15:05:17 ----A---- C:\Windows\system32\jscript.dll
2011-10-20 15:05:16 ----A---- C:\Windows\system32\mshtml.dll
2011-10-20 15:05:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-20 15:05:14 ----A---- C:\Windows\system32\ieframe.dll
2011-10-20 15:04:17 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-20 15:04:17 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-20 15:03:38 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-20 15:03:38 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-20 15:03:38 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-20 15:03:38 ----A---- C:\Windows\system32\oleacc.dll
2011-10-05 07:54:20 ----D---- C:\Windows\system32\Macromed
2011-10-04 20:21:34 ----D---- C:\Windows\Downloaded Installations
2011-10-02 20:44:31 ----D---- C:\Program Files\Common Files\Adobe
2011-10-02 20:44:31 ----D---- C:\Program Files\Adobe
2011-09-27 18:48:47 ----A---- C:\Windows\system32\drivers\ggsemc.sys
2011-09-27 18:48:47 ----A---- C:\Windows\system32\drivers\ggflt.sys
2011-09-27 18:45:27 ----D---- C:\ProgramData\Sony Ericsson
2011-09-27 18:45:27 ----D---- C:\Program Files (x86)\Sony Ericsson
2011-09-27 00:36:43 ----A---- C:\Windows\etdrv.sys
2011-09-27 00:33:20 ----A---- C:\Windows\GVTDrv64.sys
2011-09-27 00:32:30 ----D---- C:\Program Files (x86)\AMD
2011-09-27 00:27:50 ----D---- C:\Program Files (x86)\GIGABYTE
2011-09-27 00:27:29 ----A---- C:\Windows\gdrv.sys
2011-09-26 23:20:13 ----D---- C:\Windows\SYSWOW64\System32
2011-09-23 21:41:27 ----D---- C:\Program Files (x86)\Google
2011-09-18 22:57:37 ----A---- C:\Windows\system32\FNTCACHE.DAT
2011-09-18 14:34:24 ----D---- C:\Program Files (x86)\GRETECH
2011-09-18 14:30:28 ----D---- C:\Users\Michal\AppData\Roaming\BSplayer PRO
2011-09-18 09:32:49 ----D---- C:\Users\Michal\AppData\Roaming\Ashampoo
2011-09-18 09:31:53 ----D---- C:\ProgramData\ashampoo
2011-09-18 09:31:07 ----D---- C:\Program Files (x86)\Ashampoo
2011-09-17 21:50:11 ----A---- C:\test.txt
2011-09-17 21:45:56 ----D---- C:\Program Files (x86)\Joboshare
2011-09-16 13:14:49 ----D---- C:\Users\Michal\AppData\Roaming\HideIPEasy
2011-09-16 13:14:49 ----D---- C:\ProgramData\HideIPEasy
2011-09-16 12:48:11 ----D---- C:\Users\Michal\AppData\Roaming\PlatinumHideIP
2011-09-16 12:48:11 ----D---- C:\ProgramData\PlatinumHideIP
2011-09-14 20:30:40 ----D---- C:\Users\Michal\AppData\Roaming\Intelli-studio
2011-09-08 16:20:41 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-09-02 07:25:16 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-09-02 07:25:16 ----A---- C:\Windows\system32\xmllite.dll
2011-08-31 23:43:40 ----D---- C:\Program Files\CCleaner
2011-08-25 09:22:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-25 09:22:21 ----A---- C:\Windows\system32\tzres.dll
2011-08-25 09:22:15 ----A---- C:\Windows\system32\conhost.exe
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-25 09:22:14 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-25 09:22:14 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-25 09:22:14 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-25 09:22:14 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-25 09:22:14 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-25 09:22:14 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\wow64win.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\wow64.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\winsrv.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-25 09:22:14 ----A---- C:\Windows\system32\kernel32.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-25 09:22:13 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-25 09:22:13 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-25 09:22:13 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-25 09:22:12 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-25 09:20:58 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-25 09:20:58 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-25 09:20:58 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-25 09:20:58 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-25 09:20:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-25 09:20:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-25 09:20:51 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

======List of files/folders modified in the last 3 months======

2011-11-16 15:42:32 ----D---- C:\Windows\Prefetch
2011-11-16 15:42:23 ----RD---- C:\Program Files
2011-11-16 15:39:33 ----D---- C:\Windows\temp
2011-11-16 15:13:21 ----D---- C:\Windows\System32
2011-11-16 15:13:21 ----D---- C:\Windows\inf
2011-11-16 15:13:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-16 10:41:55 ----D---- C:\Users\Michal\AppData\Roaming\Zoner
2011-11-16 10:41:13 ----D---- C:\Program Files (x86)
2011-11-16 10:18:24 ----D---- C:\Windows\system32\LogFiles
2011-11-16 10:13:19 ----D---- C:\Windows\winsxs
2011-11-16 10:13:09 ----D---- C:\Windows\system32\config
2011-11-16 10:13:07 ----D---- C:\Windows
2011-11-16 02:48:11 ----D---- C:\Windows\system32\catroot
2011-11-16 02:48:05 ----D---- C:\Program Files\Common Files\System
2011-11-16 02:48:04 ----D---- C:\Windows\system32\drivers
2011-11-15 19:24:26 ----SHD---- C:\Windows\Installer
2011-11-15 19:23:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-15 19:23:21 ----D---- C:\Windows\system32\DriverStore
2011-11-15 19:23:20 ----D---- C:\Program Files (x86)\Common Files
2011-11-15 19:23:19 ----D---- C:\Program Files\Common Files
2011-11-15 19:23:12 ----D---- C:\Windows\SysWOW64
2011-11-15 19:21:25 ----DC---- C:\Windows\system32\DRVSTORE
2011-11-15 19:21:23 ----D---- C:\Windows\debug
2011-11-15 19:21:21 ----A---- C:\Windows\system32\MRT.exe
2011-11-15 19:20:28 ----SHD---- C:\System Volume Information
2011-11-15 19:19:43 ----D---- C:\Windows\system32\catroot2
2011-11-15 19:18:20 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2011-11-15 19:18:08 ----D---- C:\Windows\Panther
2011-11-15 19:18:08 ----D---- C:\Windows\Minidump
2011-11-15 15:32:17 ----D---- C:\Windows\Tasks
2011-11-15 07:48:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-15 02:08:30 ----D---- C:\ProgramData\Hi Suite
2011-11-15 02:07:47 ----D---- C:\Program Files\Kolor
2011-11-13 21:07:01 ----D---- C:\ProgramData
2011-11-13 20:26:04 ----D---- C:\Windows\Logs
2011-11-13 20:22:27 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2011-11-13 20:20:06 ----D---- C:\Windows\ERDNT
2011-11-13 20:03:37 ----A---- C:\Windows\system32\deployJava1.dll
2011-11-13 18:12:49 ----D---- C:\Windows\system32\Tasks
2011-11-13 18:12:47 ----RD---- C:\Program Files (x86)\Skype
2011-11-13 18:12:43 ----D---- C:\ProgramData\Skype
2011-11-09 20:37:30 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-11-09 20:37:25 ----SD---- C:\ProgramData\Microsoft
2011-11-07 16:50:24 ----D---- C:\Windows\Microsoft.NET
2011-11-07 16:45:24 ----RSD---- C:\Windows\assembly
2011-10-30 13:04:05 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-22 12:55:14 ----D---- C:\Windows\system32\drivers\UMDF
2011-10-22 11:26:28 ----D---- C:\Program Files (x86)\Java
2011-10-20 23:38:45 ----D---- C:\Windows\SYSWOW64\migration
2011-10-20 23:38:45 ----D---- C:\Windows\system32\migration
2011-10-20 23:38:45 ----D---- C:\Program Files\Internet Explorer
2011-10-20 23:38:45 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-20 23:38:44 ----D---- C:\Windows\ehome
2011-10-07 18:47:10 ----A---- C:\Windows\SYSWOW64\guard32.dll
2011-10-07 18:47:08 ----A---- C:\Windows\system32\guard64.dll
2011-10-04 20:22:30 ----D---- C:\Program Files (x86)\Samsung
2011-10-04 18:33:41 ----D---- C:\Users\Michal\AppData\Roaming\ICQ
2011-10-04 18:33:41 ----D---- C:\Program Files (x86)\ICQ7.5
2011-10-03 04:06:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-10-02 20:44:53 ----D---- C:\ProgramData\Adobe
2011-10-02 20:42:22 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2011-10-02 16:18:48 ----D---- C:\Program Files (x86)\Adobe
2011-09-18 14:55:00 ----D---- C:\Windows\SYSWOW64\LogFiles
2011-09-18 09:27:40 ----D---- C:\Temp
2011-09-16 22:03:47 ----D---- C:\Users\Michal\AppData\Roaming\QuickScan
2011-09-16 00:10:35 ----D---- C:\ProgramData\Comodo
2011-09-03 07:30:53 ----D---- C:\Windows\system32\wdi
2011-08-29 19:35:38 ----D---- C:\Windows\rescache
2011-08-25 10:22:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-25 10:22:10 ----D---- C:\Windows\system32\cs-CZ
2011-08-25 10:22:08 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-10-07 574216]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-10-07 43248]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-10-07 93200]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-10-27 95928]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 esihdrv;esihdrv; \??\C:\Users\Michal\AppData\Local\Temp\esihdrv.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2011-09-27 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-11-14 25640]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-09-27 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-09-27 27176]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2011-11-14 30528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 203320]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 2663568]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

KEO · #13 Příspěvek od **KEO** » 16 lis 2011 16:16

Zisti si, KDE PRACUJE ten chlapik.

Ak pracuje u mobilneho operatora, alebo poskytovatela internetu /mozno je to oboje/, tak by mohol ako technik mat pristup k SMS, alebo zaznamom z serverov a mal by pristup k tomu, co robil na PC. Potom nemusit byt zrovna najtazsie, presmerovat niekedy na nejaku stranku, ktora by spustila exploit a instaloval by sa do PC backdoor, v hrosom pripade rootkit.

Ak by to pokracovalo su moznosti -

zmenit operatora a poskytovatela internetu, zmenit mobilne cislo, ale registrovat ho na inu osobu. Pocitac komplet premazat, aktualizovat mu BIOS, prepisat MBR cast disku, preformatovat a nainstalovat na cisto, zabezpecit firewallom a dalsimi odporucanymi postupmi tu z fora.

Odporucam preskenovat PC aj v offline mode. Ak bolo infiltrovane rootkitkom.

VIRY.CZ

Útok, jenž nemá reálné opodstatnění

Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění

Re: Útok, jenž nemá reálné opodstatnění