Zavirovaný notebook

[stivi]

Zdravím,
chtěl bych tímto požádat o pomoc. Podle informací od ISP je můj notebook zavirovaný, údajně má jít o vir Conficker nebo nějakou jeho novější mutaci. Prý se projevuje tím, že se snaží spojit se serverem do číny. ISP tuto snahu o komunikaci vidí v podobě velkého množství dns dotazů směřujících z mého notebooku na dns server od ISP. Na internetu jsem dohledal, že se vir šíří přes usb flash disky. Antivir mi nic nenašel, mohl bych touto cestou poprosit o zkontrolování logu? Děkuji mnohokrát.

Logfile of random's system information tool 1.09 (written by random/random)
Run by admin056 at 2012-09-20 12:15:33
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 189 GB (83%) free of 228 GB
Total RAM: 1831 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:38, on 20.9.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\igfxsrvc.exe
C:\windows\system32\conime.exe
C:\Users\admin056\Desktop\hijackthis.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: Wireless modem support. - Unknown owner - C:\Program Files\Anydata\Anydata ADU890-WH\CMSrv.exe

--
End of file - 4517 bytes


======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-04-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-22 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-22 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-22 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-04 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-04 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-04 141848]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-05-08 238984]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"IFXSPMGT"=c:\Windows\system32\ifxspmgt.exe [2008-03-21 1090840]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2008-04-16 10240000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-31 177456]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"CAF_SystemTray"=C:\Program Files\CA\DSM\bin\cfSysTray.exe [2010-04-26 84232]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2008-04-14 318488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2008-04-21 197904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
VPN Client.lnk - C:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2008-05-20 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-09-20 11:49:11 ----D---- C:\Users\admin056\AppData\Roaming\Wireshark
2012-09-20 09:19:53 ----A---- C:\info.txt
2012-09-20 09:18:42 ----A---- C:\log.txt
2012-09-20 08:52:11 ----D---- C:\Program Files\trend micro
2012-09-20 08:52:09 ----D---- C:\rsit
2012-09-18 16:30:52 ----D---- C:\Program Files\WinPcap
2012-09-18 16:29:51 ----D---- C:\Program Files\Wireshark
2012-09-05 08:47:12 ----D---- C:\windows\$Reconfig$
2012-09-05 08:01:46 ----D---- C:\Program Files\VMware
2012-09-05 08:00:32 ----D---- C:\ProgramData\VMware
2012-09-03 21:02:04 ----D---- C:\VProRecovery
2012-08-23 08:29:53 ----D---- C:\windows\system32\EventProviders
2012-07-09 11:21:23 ----D---- C:\ProgramData\Google
2012-07-09 11:21:23 ----D---- C:\Program Files\Google
2012-07-09 11:21:20 ----A---- C:\windows\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 3 months======

2012-09-20 12:18:34 ----D---- C:\windows\Temp
2012-09-20 12:01:35 ----D---- C:\windows\System32
2012-09-20 12:01:34 ----D---- C:\windows\inf
2012-09-20 12:01:34 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-20 10:40:22 ----D---- C:\windows\system32\drivers
2012-09-20 08:55:46 ----D---- C:\windows\Prefetch
2012-09-20 08:52:11 ----RD---- C:\Program Files
2012-09-18 16:25:15 ----SHD---- C:\System Volume Information
2012-09-18 16:17:41 ----SHD---- C:\$Recycle.Bin
2012-09-18 16:15:47 ----D---- C:\windows\SoftwareDistribution
2012-09-18 16:14:55 ----D---- C:\ProgramData\hpqLog
2012-09-18 16:07:53 ----RD---- C:\Users
2012-09-18 16:07:48 ----A---- C:\windows\system32\rpcnetp.exe
2012-09-18 16:07:45 ----A---- C:\windows\system32\rpcnet.dll
2012-09-05 08:47:12 ----D---- C:\Windows
2012-09-05 08:46:52 ----D---- C:\windows\system32\config
2012-09-05 08:46:15 ----SHD---- C:\boot
2012-09-05 08:04:09 ----SHD---- C:\windows\Installer
2012-09-05 08:03:42 ----HD---- C:\Config.Msi
2012-09-05 08:03:42 ----D---- C:\windows\winsxs
2012-09-05 08:00:32 ----HD---- C:\ProgramData
2012-08-23 08:38:51 ----SD---- C:\Users\admin056\AppData\Roaming\Microsoft
2012-08-16 03:01:14 ----A---- C:\windows\system32\mrt.exe
2012-08-13 09:43:03 ----A---- C:\windows\system32\rpcnetp.dll
2012-07-23 08:46:29 ----D---- C:\windows\system32\catroot2
2012-07-09 11:22:02 ----D---- C:\windows\Tasks
2012-07-09 11:22:02 ----D---- C:\windows\system32\Tasks
2012-06-27 15:59:12 ----HD---- C:\windows\system32\GroupPolicy
2012-06-25 10:56:29 ----A---- C:\windows\win.ini
2012-06-25 10:56:21 ----RSD---- C:\windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2008-04-07 25448]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-04-15 312344]
R0 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2008-05-14 108752]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2008-05-14 12928]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 ctxusbm;Citrix USB Monitor Driver; C:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\windows\System32\drivers\psd.sys [2008-03-21 39712]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-14 12496]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\windows\system32\Drivers\CVPNDRVA.sys [2009-11-17 308859]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-12 22768]
R3 DNE;Deterministic Network Enhancer Miniport; C:\windows\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
S3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-04-07 34664]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
S3 adusbnet;Anydata USB-NDIS miniport; C:\windows\system32\DRIVERS\adusbnet.sys [2010-12-20 129024]
S3 adusbser;Anydata USB Device for Legacy Serial Communication; C:\windows\system32\DRIVERS\adusbser.sys [2010-12-20 107776]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\windows\System32\Drivers\ATSwpWDF.sys [2008-05-13 475520]
S3 Axtmvflt;Axesstel USB Filter Service; C:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
S3 bmdrvr;Modified Clusters Tracking Driver; C:\windows\system32\drivers\bmdrvr.sys [2011-03-15 54384]
S3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
S3 CVirtA;Cisco Systems VPN Adapter; C:\windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-05-20 2360832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
S3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-10 1168632]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 caf;CA DSM r12 Common Application Framework; C:\Program Files\CA\DSM\bin\caf.exe [2010-04-26 208648]
R2 CA-MessageQueuing;CA Message Queuing Server; C:\Program Files\CA\SC\CAM\bin\cam.exe [2010-03-09 181512]
R2 CA-SAM-Pmux;CA Connection Broker; C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe [2010-08-02 169288]
R2 CASPLiteAgent;CA Systems Performance LiteAgent; C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe [2009-02-12 135168]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2009-11-17 1528624]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-04-16 77824]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-04-07 24936]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\Windows\system32\ifxspmgt.exe [2008-03-21 1090840]
R2 IFXTCS;Trusted Platform Core Service; c:\Windows\system32\ifxtcs.exe [2008-03-21 980248]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-14 576536]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:\Windows\system32\IfxPsdSv.exe [2008-03-21 210200]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2012-05-16 58288]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-09 136176]
S2 Wireless modem support.;Wireless modem support.; C:\Program Files\Anydata\Anydata ADU890-WH\CMSrv.exe [2011-08-26 79360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-09 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-22 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[JaRon]

ahoj,
na zaciatok vloz log z TDSSKiller a potom prescanuj PC s AVPTool

[stivi]

Zdravím,
omlouvám se, že reaguji až teď (zdržela mě dovolená). Bohužel ten výše uváděný RSIT log byl vytvořen na druhém počítači (podle všeho nezavirovaném), mám tedy přiložit aktuální log ze zavirovaného pc?

ahoj,
na zaciatok vloz log z TDSSKiller a potom prescanuj PC s AVPTool

TDSSKiller mi na konci skenu nic nezahlásil, stejně tak AVPTool. Sice jsem v této oblasti začátečník, ale předpokládám, že jsem oba nástroje použil správným způsobem. Jsou ještě nějaké jiné způsoby jak vir vystopovat?

[JaRon]

ano vloz aktualny RSIT

[stivi]

Přikládám aktuální RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-10-01 13:51:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 445 GB (95%) free of 466 GB
Total RAM: 3559 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:28, on 1.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Pavel\Desktop\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.army.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
O4 - HKLM\..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user')
O4 - Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
O4 - Startup: _uninst_46556538.lnk = C:\Users\Pavel\AppData\Local\Temp\_uninst_46556538.bat
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Services\IPT\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: O2SDIOAssist - Unknown owner - c:\Windows\system32\srvany.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.36 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--
End of file - 10582 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-06-07 1152264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-24 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-06-07 1152264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2011-07-21 505720]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2011-01-25 536668]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-28 142616]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-28 177432]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-28 176408]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [2011-01-15 5955072]
"FreeFallProtection"=C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [2011-07-25 686704]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-08-09 112408]
"DFEPApplication"=c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [2011-08-25 6306712]
"TdmNotify"=C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [2011-05-28 214384]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2010-10-02 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2010-09-18 50472]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [2010-11-25 240112]
"Desktop Disc Tool"=C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [2010-11-17 514544]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-08-17 81000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Smart Settings.lnk - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
_uninst_46556538.lnk - C:\Users\Pavel\AppData\Local\Temp\_uninst_46556538.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 293888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15 1971536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27076992.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\27076992.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-01 10:02:09 ----A---- C:\Windows\system32\MRT.exe
2012-10-01 09:51:48 ----A---- C:\TDSSKiller.2.8.10.0_01.10.2012_09.51.48_log.txt
2012-10-01 08:27:40 ----D---- C:\ProgramData\Kaspersky Lab
2012-10-01 08:25:42 ----A---- C:\TDSSKiller.2.8.10.0_01.10.2012_08.25.42_log.txt
2012-10-01 08:19:11 ----A---- C:\TDSSKiller.2.8.10.0_01.10.2012_08.19.11_log.txt
2012-09-27 13:36:26 ----D---- C:\rsit
2012-09-27 13:36:26 ----D---- C:\Program Files\trend micro
2012-09-27 11:56:03 ----D---- C:\Users\Pavel\AppData\Roaming\Wireshark
2012-09-27 11:53:31 ----D---- C:\Program Files\WinPcap
2012-09-27 11:53:16 ----D---- C:\Program Files\Wireshark
2012-09-05 12:31:19 ----D---- C:\Program Files\VMware
2012-09-05 12:28:37 ----D---- C:\ProgramData\VMware
2012-09-05 09:38:44 ----D---- C:\Users\Pavel\AppData\Roaming\Roxio Burn

======List of files/folders modified in the last 1 month======

2012-10-01 13:51:10 ----D---- C:\Windows\Temp
2012-10-01 13:51:10 ----D---- C:\Windows\system32\drivers
2012-10-01 13:48:47 ----D---- C:\Windows\Prefetch
2012-10-01 13:40:22 ----D---- C:\Windows\system32\config
2012-10-01 13:31:07 ----D---- C:\Windows\System32
2012-10-01 13:31:07 ----D---- C:\Windows\inf
2012-10-01 13:31:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-01 13:29:02 ----A---- C:\Windows\system32\log.txt
2012-10-01 10:02:10 ----D---- C:\Windows\debug
2012-10-01 08:27:44 ----SHD---- C:\System Volume Information
2012-10-01 08:27:40 ----HD---- C:\ProgramData
2012-10-01 07:48:26 ----D---- C:\ProgramData\Sonic
2012-09-27 13:36:26 ----RD---- C:\Program Files
2012-09-27 12:07:03 ----D---- C:\Windows\system32\Tasks
2012-09-27 10:09:43 ----D---- C:\Windows
2012-09-06 09:08:34 ----SHD---- C:\$Recycle.Bin
2012-09-06 09:08:28 ----RD---- C:\Users
2012-09-05 12:31:58 ----SHD---- C:\Windows\Installer
2012-09-05 12:21:45 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-06 354840]
R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2010-07-21 26608]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 17904]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\Windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-12 22768]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2011-01-15 18496]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c6232.sys [2011-07-20 268968]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\accelern.sys [2011-07-22 44144]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2011-05-26 305488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BCM43XX;Ovladač pro bezdrátovou síťovou kartu DW WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2011-01-15 4248128]
S3 bmdrvr;Modified Clusters Tracking Driver; C:\Windows\system32\drivers\bmdrvr.sys [2011-03-15 54384]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-11-24 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-11-24 60416]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-11-24 302120]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-11-24 93224]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-11-24 114728]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-11-24 33832]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-11-24 18728]
S3 cvusbdrv;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys [2011-05-10 33896]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 HBtnKey;DELL Tablet PC Key Buttons HID Driver; C:\Windows\system32\drivers\HBtnKey.sys [2011-07-20 11008]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-06-10 10788352]
S3 Impcd;Impcd; C:\Windows\system32\drivers\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 O2MDFRDR;O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
S3 O2MDRRDR;O2MDRRDR; C:\Windows\system32\DRIVERS\O2MDRw7.sys [2011-01-05 62440]
S3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 STHDA;@%SystemRoot%\system32\stlang.dll,-10322; C:\Windows\system32\DRIVERS\stwrt.sys [2011-01-25 435200]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-02-08 660768]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-11 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-11 31648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-06-29 112800]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-08-09 325912]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2010-02-11 72296]
R2 O2SDIOAssist;O2SDIOAssist; c:\Windows\system32\srvany.exe [2003-04-19 8192]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.36 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2011-02-17 1633280]
R2 TdmService;TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2011-05-28 2605424]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 wltrysvc;DW WLAN Tray Service; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [2011-01-15 40960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DFEPService;Dell Feature Enhancement Pack Service; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-25 1568664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 STacSV;@%SystemRoot%\system32\stlang.dll,-10122; C:\Program Files\IDT\WDM\STacSV.exe [2011-01-25 274514]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2011-05-24 1508232]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2010-11-09 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]

-----------------EOF-----------------

[JaRon]

nepripada mi to zavirene - skus Stinger >> http://download.cnet.com/McAfee-Labs-St ... 52057.html
P.S. nie je ten NTB firemny

[stivi]

Ano, ten který má být zavirovaný je můj "pracovní" - dostal jsem ho ve firmě ale fakticky se z něho stal "domácí". Do práce ho nenosím a ani na něm nepracuji, ani se nijak nepřipojuji do firemní sítě. Myslíte, že se snaží nějak automaticky připojovat do firmy a proto generuje nějaký "podezřelý" provoz do číny?

Díky za tip na Stingera, hned ho vyzkouším. Já zkoušel nějaké rescue cd od avastu nebo avg a taky mi nic nenašly. Začínám mít pochybnosti o tom, jestli ten provoz u ISP opravdu generuji já.

[stivi]

Stinger taky nic nenašel...tak nevim, je to zvláštní...

[motji]

Zdravím,
zkuste ještě http://forum.viry.cz/viewtopic.php?f=29&t=58179
Pak napište, zda něco našel.