Prosim o kontrolu logu. Stahl jsem zkusebni vzorek 6000viru

[radek178]

Ahoj,

potreboval bych po rade Carlse zkontrolovat log. Vcera jsem si stahl vzorek 6000 viru v zipu a rozbalil jsem ho. Nepouzil jsem virtualni pc, protoze jsem netusil, ze by se do PC mohlo dostat neco jen pouhym rozbalenim zipu, tak jsem byl lenosnej. Zadny ze souboru jsem samozrejme nespoustel. Projel jsem dnes pc Nortonem, MBAM, SAS a nic to nenaslo. V hijackthisu nic podezrele nevidim, ale v RSITu se nevyznam, tak ho sem radsi davam. JInak Norton z tech 6000 viru nasel jen cca 2600.

Logfile of random's system information tool 1.08 (written by random/random)
Run by RadekNTB at 2010-12-05 08:29:16
Microsoft Windows 7 Ultimate
System drive C: has 41 GB (56%) free of 73 GB
Total RAM: 4022 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:29:19, on 5.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
D:\Program Files (x86)\ATnotes\ATnotes.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
D:\Program Files\Opera\opera.exe
C:\Program Files\trend micro\RadekNTB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKCU\..\Run: [ATnotes.exe] D:\Program Files (x86)\ATnotes\ATnotes.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: E2S4Outlook64Bit.lnk = ?
O4 - Startup: RocketDock.lnk = ?
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} (MachineInfoActiveX.MachineInfoActiveX) - http://shop.lenovo.com/SEUILibrary/leno ... neInfo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - D:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10263 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-bd7a88f9-7b77-4179-8fb8-b0f2fe6b8c6b -SystemEventPortName:HostProcess-5028284a-513e-41fa-a40d-c9de4d526f0d -IoCancelEventPortName:HostProcess-964bde63-7260-4d21-8762-ac956cf89dbf -NonStateChangingEventPortName:HostProcess-6a0471d5-191f-4c9d-a64f-3c88dffbdd74 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:033725a9-074c-4a0a-b6d6-78e0016ec866
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28438480
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"taskhost.exe"
"C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Lenovo\Zoom\TpScrex.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe"
"D:\Program Files (x86)\ATnotes\ATnotes.exe"
"D:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook64Bit.exe"
"D:\Program Files\RocketDock\RocketDock.exe"
"C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"D:\Program Files\DU Meter\DUMeter.exe"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe -Embedding
"D:\Program Files\Opera\opera.exe"
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"D:\Download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\IPSBHO.DLL [2010-02-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"TpShocks"=C:\Windows\SYSTEM32\TpShocks.exe [2010-07-01 380776]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2010-07-27 69560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-06 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-06 385560]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-06 363544]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2010-09-23 391144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"=D:\Program Files (x86)\ATnotes\ATnotes.exe [2005-01-05 1015808]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=D:\Program Files\DU Meter\DUMeter.exe [2005-02-03 1469440]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
""= []
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-09-23 5502312]

C:\Users\RadekNTB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
E2S4Outlook64Bit.lnk - D:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook64Bit.exe
RocketDock.lnk - D:\Program Files\RocketDock\RocketDock.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\SYSTEM32\igfxdev.dll [2009-08-06 260608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\RadekNTB\Desktop\NewTek iVGA.exe"="C:\Users\RadekNTB\Desktop\NewTek iVGA.exe:*:Enabled:NewTek iVGA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-05 08:29:16 ----D---- C:\rsit
2010-12-05 08:29:16 ----D---- C:\Program Files\trend micro
2010-12-05 08:06:29 ----ASH---- C:\hiberfil.sys
2010-12-05 06:11:07 ----D---- C:\Users\RadekNTB\AppData\Roaming\SUPERAntiSpyware.com
2010-12-05 06:11:07 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-12-05 06:09:09 ----A---- C:\Windows\ntbtlog.txt
2010-12-01 08:19:22 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2010-12-01 08:19:22 ----A---- C:\Windows\system32\msdri.dll
2010-12-01 08:19:22 ----A---- C:\Windows\system32\CPFilters.dll
2010-11-29 21:04:22 ----D---- C:\Users\RadekNTB\AppData\Roaming\Runscanner.net
2010-11-22 16:49:58 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2010-11-22 16:49:51 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2010-11-18 21:06:59 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2010-11-10 06:30:40 ----A---- C:\Windows\system32\drivers\acpi.sys

======List of files/folders modified in the last 1 months======

2010-12-05 08:29:16 ----RD---- C:\Program Files
2010-12-05 08:11:27 ----D---- C:\Windows\System32
2010-12-05 08:11:27 ----D---- C:\Windows\inf
2010-12-05 08:11:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-05 08:09:34 ----D---- C:\Windows\Temp
2010-12-05 08:08:14 ----D---- C:\Windows\Prefetch
2010-12-05 08:08:00 ----A---- C:\Windows\win.ini
2010-12-05 07:44:46 ----A---- C:\Windows\WDICT32.INI
2010-12-05 07:43:56 ----D---- C:\Windows
2010-12-05 06:44:22 ----SHD---- C:\System Volume Information
2010-12-05 06:11:07 ----HD---- C:\ProgramData
2010-12-05 00:37:00 ----D---- C:\Windows\system32\config
2010-12-05 00:36:44 ----D---- C:\Users\RadekNTB\AppData\Roaming\Skype
2010-12-02 09:45:16 ----D---- C:\Windows\Microsoft.NET
2010-12-02 09:44:36 ----RSD---- C:\Windows\assembly
2010-12-01 08:19:49 ----D---- C:\Windows\winsxs
2010-12-01 08:19:45 ----D---- C:\Windows\ehome
2010-12-01 08:19:43 ----D---- C:\Windows\SysWOW64
2010-12-01 08:19:14 ----D---- C:\Windows\system32\catroot
2010-12-01 08:19:12 ----D---- C:\Windows\system32\catroot2
2010-12-01 08:15:10 ----D---- C:\Program Files\Internet Explorer
2010-12-01 08:15:10 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-30 20:51:04 ----RD---- C:\Program Files (x86)
2010-11-30 20:48:36 ----D---- C:\ProgramData\Norton
2010-11-30 20:48:36 ----D---- C:\Program Files (x86)\NortonInstaller
2010-11-30 20:48:22 ----D---- C:\ProgramData\NortonInstaller
2010-11-25 21:48:15 ----D---- C:\ProgramData\PCDr
2010-11-25 20:00:05 ----D---- C:\Users\RadekNTB\AppData\Roaming\FileZilla
2010-11-24 18:13:57 ----A---- C:\Windows\WTRAN32.INI
2010-11-22 16:50:20 ----SHD---- C:\Windows\Installer
2010-11-22 16:50:11 ----D---- C:\Windows\system32\DriverStore
2010-11-22 16:50:11 ----D---- C:\Windows\system32\drivers
2010-11-22 16:49:58 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-21 12:35:17 ----D---- C:\Windows\rescache
2010-11-16 09:27:08 ----D---- C:\Windows\system32\NDF
2010-11-14 17:42:12 ----D---- C:\Program Files\ThinkPad
2010-11-11 20:38:06 ----A---- C:\Windows\red_dialer.ini
2010-11-10 21:14:26 ----D---- C:\ProgramData\Microsoft Help
2010-11-10 21:13:05 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 20:28:37 ----D---- C:\Users\RadekNTB\AppData\Roaming\SPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2010-08-25 30320]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2010-06-16 136816]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-10-21 277088]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2010-02-04 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2010-10-21 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-10-21 970336]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2010-06-16 23664]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-08-03 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvia64.sys [2010-10-19 476720]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [2010-04-22 505392]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS [2010-04-22 32304]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2010-05-06 53808]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2010-08-25 13104]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 53968]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2010-07-13 86584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 17024]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-10-21 279136]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-03 132656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2006-12-21 1511936]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-11-18 32880]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-08-06 6150304]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\ENG64.SYS [2010-09-29 117808]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\EX64.SYS [2010-09-29 1804336]
R3 NETwLv64; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETwLv64.sys [2010-08-16 7530496]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2007-02-19 27136]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-09-12 34032]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2010-08-03 173104]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-03 1379376]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 164304]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2006-12-21 731648]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\RadekNTB\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [2010-02-02 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Users\RadekNTB\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [2010-02-02 74480]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 140160]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2010-09-12 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2010-09-12 27176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 netw5v64;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2010-03-17 7525376]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-05-07 24560]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SASENUM;SASENUM; \??\C:\Users\RadekNTB\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-06-25 43152]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2010-09-23 1079376]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-21 3975088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-11-18 45928]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2009-10-19 28672]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-25 164200]
S3 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-07-19 1429776]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-13 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-13 655624]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
S3 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-07-19 838928]
S3 ScsiAccess;ScsiAccess; D:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [2010-10-26 186760]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2010-06-16 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[radek178]

Jede combofix i na w7 64b? Vim, ze to driv nejelo. Nenechava neco v systemu? Ja si myslim, ze je pc cistej a nechci do neho vrtat zbytecne combofixem a necim podobnym. Tak bych ho rad pouzil jen kdyby to byl fakt nutny.

[Rudy]

1. Včera jsem omylem někomu doporučil sken CF, nevšiml se že má 64b a on kupodivu fungoval.
2. Myslíte-li si že vaše PC je čisté, proč nás tedy žádáte o kontrolu? Log RSIT vypadá čistý.

[radek178]

No zadam o kontrolu pouze proto, ze mne to doporucil carls tady z fora, protoze se pry mohlo stat, ze pri rozbalovani tam mohlo byt neco trosku chytrejsiho, nez jen obyc. trojany. Mam pocit, ze je pc ciste, ale to neznamena, ze opravdu ciste je. Jen si je nechci zbytecne rozhodit combofixem, pokud by se neco nepovedlo, protoze vim, ze na 64b mel problemy. No jsem blb, ze jsem byl linej zapnout vcera virtual.

[Rudy]

OK. V logu jsem nezahlédl nic nebezpečného.

[radek178]

Dobre, diky moc. Ja to teda asi zatim necham tak. Napadla me jedna vec, jak zkusit combofix a tomu bych se ani nijak moc nebranil. Co kdybych spustil "virtual" v Acronisu a pustil Combofix? To by asi nemelo smysl, ze?

[Rudy]

CF se musí spustit v systému. Mám ale informaci, že ten pro 64b není oficiálně vydán.

[radek178]

Ok, ja jsem si myslel, ze se to musi spustit v systemu. No prave proto, ze ot neni na 64b, jsem se to bal dat na pc. Tak to zatim nechame. Diky.

[Rudy]

Dnes jsem se dověděl, že od dnešního odpoledne je CF pro 64bit oficiálně vydán. Nemáte zač!