Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojan-spy.win32.year2010-wors

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Trojan-spy.win32.year2010-wors

#1 Příspěvek od lukycrust »

Zdravím.potreboval by som pomôcť,s niečim takým som sa ešte nestretol.dnes som reštartoval NB a po prihlásení do WIN 7 mi hodilo túto hlášku: http://img580.imageshack.us/i/p15081005340001.jpg/

trocha ma to znepokojuje,ale ma to aj pobavilo.preto lebo to chce odoslať SMS,ktorá stojí boh vie koľko..určite bude nejaká háveď(spyware,malware),ale neviem ako sa toho zbaviť...nod32 nezistil žiadnu prítomnosť viru...

prikladám výpis z logu RSIT:
  • Logfile of random's system information tool 1.08 (written by random/random)
    Run by Lukáš at 2010-08-15 06:37:40
    Microsoft Windows 7 Professional
    System drive C: has 120 GB (54%) free of 221 GB
    Total RAM: 1973 MB (37% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:37:57, on 15. 8. 2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\windows\system32\taskhost.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\Dwm.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Translate Client\translateclient.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Fraps\fraps.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Lukáš\Desktop\RSIT.exe
    C:\Program Files\trend micro\Lukáš.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
    O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
    O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
    O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
    O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: system32.lnk = C:\Windows\applic\ssh.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
    O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
    O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\windows\system32\flcdlock.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

    --
    End of file - 12643 bytes

    ======Scheduled tasks folder======

    C:\windows\tasks\Embedded Security Backup Schedule.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
    File Sanitizer for HP ProtectTools - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-11-04 117248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
    HP ProtectTools Security Manager Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-11-24 1471752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-12 287800]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
    "NUSB3MON"=c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-21 106496]
    "HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2009-11-20 1690680]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-07-26 1713448]
    "HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [2009-11-20 363064]
    "IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-11-04 111640]
    "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-11-18 495708]
    "PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2009-10-23 563736]
    "IFXSPMGT"=C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2009-10-02 1107232]
    "acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
    ""= []
    "accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
    "File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2009-11-04 11264000]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
    "NetMeter"=C:\Program Files\HooTech\NetMeter\HooNetMeter.exe [2008-12-06 577536]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Translate Client.lnk - C:\Program Files\Translate Client\translateclient.exe

    C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    system32.lnk - C:\Windows\applic\ssh.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
    C:\windows\system32\DeviceNP.dll [2009-11-09 75320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    wlnotify.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=DPPassFilter
    scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "ConsentPromptBehaviorUser"=3
    "EnableLUA"=0
    "EnableUIADesktopToggle"=0
    "PromptOnSecureDesktop"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "SoftwareSASGeneration"=3

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2010-08-15 06:28:17 ----D---- C:\Program Files\trend micro
    2010-08-15 06:28:16 ----D---- C:\rsit
    2010-08-15 05:25:04 ----A---- C:\windows\system32\mshtml.dll
    2010-08-15 05:25:04 ----A---- C:\windows\system32\ieframe.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\wininet.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\urlmon.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\mstime.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\msfeedssync.exe
    2010-08-15 05:25:03 ----A---- C:\windows\system32\msfeedsbs.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\jsproxy.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\ieui.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\iepeers.dll
    2010-08-15 05:25:03 ----A---- C:\windows\system32\iedkcs32.dll
    2010-08-15 05:24:46 ----A---- C:\windows\system32\ntoskrnl.exe
    2010-08-15 05:24:46 ----A---- C:\windows\system32\ntkrnlpa.exe
    2010-08-15 05:24:45 ----A---- C:\windows\system32\drivers\tcpip.sys
    2010-08-15 05:24:44 ----A---- C:\windows\system32\win32k.sys
    2010-08-15 05:24:43 ----A---- C:\windows\system32\rtutils.dll
    2010-08-15 05:24:43 ----A---- C:\windows\system32\drivers\srv2.sys
    2010-08-15 05:24:43 ----A---- C:\windows\system32\drivers\srv.sys
    2010-08-15 05:24:42 ----A---- C:\windows\system32\schannel.dll
    2010-08-15 05:24:42 ----A---- C:\windows\system32\ir32_32.dll
    2010-08-15 05:24:42 ----A---- C:\windows\system32\iccvid.dll
    2010-08-15 05:24:42 ----A---- C:\windows\system32\drivers\srvnet.sys
    2010-08-15 05:24:41 ----A---- C:\windows\system32\msxml3.dll
    2010-08-15 04:57:06 ----D---- C:\NVIDIA
    2010-08-12 14:53:01 ----A---- C:\windows\system32\D3DX9_39.dll
    2010-08-12 14:53:01 ----A---- C:\windows\system32\d3dx10_39.dll
    2010-08-12 14:53:01 ----A---- C:\windows\system32\D3DCompiler_39.dll
    2010-08-08 14:36:39 ----D---- C:\Users\Lukáš\AppData\Roaming\Roxio
    2010-08-06 22:27:10 ----D---- C:\windows\applic
    2010-08-06 20:46:51 ----D---- C:\Users\Lukáš\AppData\Roaming\NVIDIA
    2010-08-06 20:21:31 ----D---- C:\windows\system32\AGEIA
    2010-08-06 20:21:30 ----D---- C:\Program Files\AGEIA Technologies
    2010-08-04 20:56:11 ----D---- C:\Program Files\DAEMON Tools Toolbar
    2010-08-04 20:56:09 ----D---- C:\Program Files\DAEMON Tools Lite
    2010-08-03 20:43:07 ----A---- C:\windows\system32\shell32.dll
    2010-08-02 09:45:04 ----D---- C:\ProgramData\LightScribe
    2010-08-02 09:44:51 ----D---- C:\Users\Lukáš\AppData\Roaming\Nero
    2010-08-02 09:21:07 ----D---- C:\Program Files\Nero
    2010-08-02 09:20:45 ----D---- C:\ProgramData\Nero
    2010-08-02 09:20:43 ----D---- C:\Program Files\Common Files\Nero
    2010-08-02 09:20:26 ----D---- C:\Program Files\Common Files\LightScribe
    2010-08-02 02:24:43 ----D---- C:\windows\system32\appmgmt
    2010-07-29 18:34:38 ----RHD---- C:\Users\Lukáš\AppData\Roaming\SecuROM
    2010-07-29 18:28:51 ----A---- C:\windows\system32\XAudio2_6.dll
    2010-07-29 18:28:51 ----A---- C:\windows\system32\XAPOFX1_4.dll
    2010-07-29 18:28:51 ----A---- C:\windows\system32\xactengine3_6.dll
    2010-07-29 18:28:51 ----A---- C:\windows\system32\X3DAudio1_7.dll
    2010-07-26 15:11:50 ----A---- C:\windows\system32\SynTPCo4.dll
    2010-07-26 15:11:49 ----A---- C:\windows\system32\SynTPAPI.dll
    2010-07-26 15:11:49 ----A---- C:\windows\system32\drivers\SynTP.sys
    2010-07-26 15:11:47 ----A---- C:\windows\system32\SynCtrl.dll
    2010-07-26 15:11:47 ----A---- C:\windows\system32\SynCOM.dll
    2010-07-26 15:00:11 ----D---- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
    2010-07-25 13:11:48 ----A---- C:\windows\system32\drivers\ewusbmdm.sys
    2010-07-25 13:11:48 ----A---- C:\windows\system32\drivers\ewdcsc.sys
    2010-07-25 13:11:20 ----D---- C:\Program Files\Huawei technologies
    2010-07-25 01:03:50 ----D---- C:\ProgramData\NVIDIA Corporation
    2010-07-22 23:08:31 ----A---- C:\windows\system32\msv1_0.dll
    2010-07-22 23:07:22 ----A---- C:\windows\system32\PresentationHostProxy.dll
    2010-07-22 23:07:22 ----A---- C:\windows\system32\PresentationHost.exe
    2010-07-22 23:07:22 ----A---- C:\windows\system32\netfxperf.dll
    2010-07-22 23:07:22 ----A---- C:\windows\system32\mscoree.dll
    2010-07-22 23:07:22 ----A---- C:\windows\system32\dfshim.dll
    2010-07-22 23:03:55 ----A---- C:\windows\system32\MRT.exe
    2010-07-22 23:00:44 ----A---- C:\windows\system32\browserchoice.exe
    2010-07-22 23:00:11 ----D---- C:\Program Files\MSXML 4.0
    2010-07-22 22:59:11 ----A---- C:\windows\system32\lsasrv.dll
    2010-07-22 22:59:11 ----A---- C:\windows\system32\drivers\ksecpkg.sys
    2010-07-22 22:59:10 ----A---- C:\windows\system32\inetcomm.dll
    2010-07-22 22:59:06 ----A---- C:\windows\system32\ntdll.dll
    2010-07-22 22:59:06 ----A---- C:\windows\system32\msasn1.dll
    2010-07-22 22:59:04 ----A---- C:\windows\explorer.exe
    2010-07-22 22:59:03 ----A---- C:\windows\system32\winlogon.exe
    2010-07-22 22:59:02 ----A---- C:\windows\system32\tzres.dll
    2010-07-22 22:58:58 ----A---- C:\windows\system32\drivers\fvevol.sys
    2010-07-22 22:58:56 ----A---- C:\windows\system32\wmp.dll
    2010-07-22 22:58:55 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
    2010-07-22 22:58:55 ----A---- C:\windows\system32\CertEnroll.dll
    2010-07-22 22:58:54 ----A---- C:\windows\system32\winresume.exe
    2010-07-22 22:58:54 ----A---- C:\windows\system32\winload.exe
    2010-07-22 22:58:53 ----A---- C:\windows\system32\wmploc.DLL
    2010-07-22 22:58:50 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
    2010-07-22 22:58:49 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
    2010-07-22 22:58:49 ----A---- C:\windows\system32\drivers\mrxsmb.sys
    2010-07-22 22:58:36 ----A---- C:\windows\system32\msdri.dll
    2010-07-22 22:58:36 ----A---- C:\windows\system32\CPFilters.dll
    2010-07-22 22:58:35 ----A---- C:\windows\system32\psisdecd.dll
    2010-07-22 22:58:31 ----A---- C:\windows\system32\kernel32.dll
    2010-07-22 22:58:30 ----A---- C:\windows\system32\apphelp.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\tsbyuv.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\quartz.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\msyuv.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\msvidc32.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\msrle32.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\mciavi32.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\iyuv_32.dll
    2010-07-22 22:58:28 ----A---- C:\windows\system32\avifil32.dll
    2010-07-22 22:58:27 ----A---- C:\windows\system32\vbscript.dll
    2010-07-22 22:58:27 ----A---- C:\windows\system32\jscript.dll
    2010-07-22 22:58:19 ----A---- C:\windows\system32\t2embed.dll
    2010-07-22 22:58:16 ----A---- C:\windows\system32\asycfilt.dll
    2010-07-22 22:57:19 ----A---- C:\windows\system32\secproc_isv.dll
    2010-07-22 22:57:19 ----A---- C:\windows\system32\secproc.dll
    2010-07-22 22:57:18 ----A---- C:\windows\system32\secproc_ssp_isv.dll
    2010-07-22 22:57:18 ----A---- C:\windows\system32\secproc_ssp.dll
    2010-07-22 22:57:18 ----A---- C:\windows\system32\RMActivate_ssp_isv.exe
    2010-07-22 22:57:18 ----A---- C:\windows\system32\RMActivate_ssp.exe
    2010-07-22 22:57:18 ----A---- C:\windows\system32\RMActivate_isv.exe
    2010-07-22 22:57:18 ----A---- C:\windows\system32\RMActivate.exe
    2010-07-22 22:57:17 ----A---- C:\windows\system32\fontsub.dll
    2010-07-22 22:57:17 ----A---- C:\windows\system32\atmlib.dll
    2010-07-22 22:57:17 ----A---- C:\windows\system32\atmfd.dll
    2010-07-22 22:56:58 ----D---- C:\Users\Lukáš\AppData\Roaming\Media Player Classic
    2010-07-21 23:59:45 ----A---- C:\windows\system32\msonpmon.dll
    2010-07-21 23:58:32 ----D---- C:\Program Files\Microsoft Works
    2010-07-21 23:58:20 ----D---- C:\Program Files\Microsoft Visual Studio
    2010-07-21 23:58:20 ----D---- C:\Program Files\Common Files\DESIGNER
    2010-07-21 23:58:03 ----D---- C:\windows\PCHEALTH
    2010-07-21 23:58:03 ----D---- C:\Program Files\Microsoft.NET
    2010-07-21 23:55:50 ----D---- C:\ProgramData\Microsoft Help
    2010-07-21 23:55:50 ----D---- C:\Program Files\Microsoft Office
    2010-07-21 23:55:36 ----RHD---- C:\MSOCache
    2010-07-21 22:51:47 ----A---- C:\windows\system32\XAudio2_5.dll
    2010-07-21 22:51:47 ----A---- C:\windows\system32\xactengine3_5.dll
    2010-07-21 22:51:47 ----A---- C:\windows\system32\d3dx11_42.dll
    2010-07-21 22:51:47 ----A---- C:\windows\system32\d3dx10_42.dll
    2010-07-21 22:51:47 ----A---- C:\windows\system32\d3dcsx_42.dll
    2010-07-21 22:51:47 ----A---- C:\windows\system32\D3DCompiler_42.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\XAudio2_4.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\XAPOFX1_3.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\xactengine3_4.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\X3DAudio1_6.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\D3DX9_42.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\D3DX9_41.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\d3dx10_41.dll
    2010-07-21 22:51:46 ----A---- C:\windows\system32\D3DCompiler_41.dll
    2010-07-21 22:51:45 ----A---- C:\windows\system32\XAudio2_2.dll
    2010-07-21 22:51:45 ----A---- C:\windows\system32\XAPOFX1_1.dll
    2010-07-21 22:51:45 ----A---- C:\windows\system32\D3DX9_40.dll
    2010-07-21 22:51:45 ----A---- C:\windows\system32\d3dx10_40.dll
    2010-07-21 22:51:45 ----A---- C:\windows\system32\D3DCompiler_40.dll
    2010-07-21 22:51:44 ----A---- C:\windows\system32\xactengine3_2.dll
    2010-07-21 15:38:29 ----A---- C:\windows\system32\unrar.dll
    2010-07-21 15:38:28 ----A---- C:\windows\avisplitter.ini
    2010-07-21 15:38:26 ----A---- C:\windows\system32\yv12vfw.dll
    2010-07-21 15:38:25 ----A---- C:\windows\system32\xvidvfw.dll
    2010-07-21 15:38:25 ----A---- C:\windows\system32\xvidcore.dll
    2010-07-21 15:38:20 ----A---- C:\windows\system32\ff_vfw.dll.manifest
    2010-07-21 15:38:20 ----A---- C:\windows\system32\ff_vfw.dll
    2010-07-21 15:38:17 ----D---- C:\Program Files\K-Lite Codec Pack
    2010-07-21 15:36:12 ----D---- C:\TOTO
    2010-07-21 15:36:11 ----D---- C:\slovnik
    2010-07-21 15:34:42 ----D---- C:\Fraps
    2010-07-21 15:33:34 ----A---- C:\windows\system32\pncrt.dll
    2010-07-21 15:33:14 ----D---- C:\Program Files\FreeTime
    2010-07-21 15:06:18 ----D---- C:\Program Files\CCleaner
    2010-07-20 16:14:15 ----D---- C:\Users\Lukáš\AppData\Roaming\HTNetMeter
    2010-07-20 16:12:55 ----D---- C:\Program Files\HooTech
    2010-07-20 15:43:11 ----D---- C:\Users\Lukáš\AppData\Roaming\ESET
    2010-07-20 15:41:31 ----D---- C:\ProgramData\ESET
    2010-07-20 15:41:31 ----D---- C:\Program Files\ESET
    2010-07-20 15:34:38 ----D---- C:\ProgramData\Adobe
    2010-07-20 15:34:34 ----D---- C:\Program Files\Common Files\Adobe
    2010-07-20 15:34:34 ----D---- C:\Program Files\Adobe
    2010-07-20 15:23:08 ----D---- C:\Users\Lukáš\AppData\Roaming\translateclient
    2010-07-20 15:23:02 ----D---- C:\Program Files\Translate Client
    2010-07-20 15:09:40 ----D---- C:\Users\Lukáš\AppData\Roaming\DigitalPersona
    2010-07-20 15:05:38 ----D---- C:\ProgramData\Roxio
    2010-07-20 15:04:55 ----D---- C:\Program Files\Roxio
    2010-07-20 15:04:55 ----D---- C:\Program Files\Common Files\SureThing Shared
    2010-07-20 15:04:18 ----D---- C:\ProgramData\Sonic
    2010-07-20 15:04:05 ----D---- C:\Program Files\Common Files\Sonic Shared
    2010-07-20 15:04:05 ----D---- C:\Program Files\Common Files\PX Storage Engine
    2010-07-20 15:03:53 ----D---- C:\Program Files\Common Files\Roxio Shared
    2010-07-20 14:59:45 ----D---- C:\Program Files\Common Files\DigitalPersona
    2010-07-20 14:59:15 ----D---- C:\Program Files\Common Files\ActivIdentity
    2010-07-20 14:59:15 ----D---- C:\Program Files\ActivIdentity
    2010-07-20 14:58:19 ----D---- C:\Users\Lukáš\AppData\Roaming\Infineon
    2010-07-20 14:58:19 ----D---- C:\ProgramData\Infineon
    2010-07-20 14:56:05 ----A---- C:\windows\system32\pdfc_port.dll
    2010-07-20 14:56:04 ----D---- C:\Program Files\PDF Complete
    2010-07-20 14:56:01 ----D---- C:\ProgramData\PDFC
    2010-07-20 14:54:45 ----D---- C:\ProgramData\HPQLOG
    2010-07-20 14:54:34 ----D---- C:\windows\system32\zh-Hant
    2010-07-20 14:54:34 ----D---- C:\windows\system32\zh-Hans
    2010-07-20 14:54:34 ----D---- C:\windows\system32\pt
    2010-07-20 14:54:34 ----D---- C:\windows\system32\ko
    2010-07-20 14:54:34 ----D---- C:\windows\system32\ja
    2010-07-20 14:54:34 ----D---- C:\windows\system32\it
    2010-07-20 14:54:34 ----D---- C:\windows\system32\fr
    2010-07-20 14:54:34 ----D---- C:\windows\system32\es
    2010-07-20 14:54:34 ----D---- C:\windows\system32\de
    2010-07-20 14:54:34 ----D---- C:\windows\DPDrv
    2010-07-20 14:54:32 ----D---- C:\ProgramData\Macrovision
    2010-07-20 14:54:29 ----D---- C:\Users\Lukáš\AppData\Roaming\hpqLog
    2010-07-20 14:50:25 ----D---- C:\Users\Lukáš\AppData\Roaming\InstallShield
    2010-07-20 14:49:47 ----A---- C:\windows\system32\VBAR332.DLL
    2010-07-20 14:49:47 ----A---- C:\windows\system32\MSRD2X35.DLL
    2010-07-20 14:49:47 ----A---- C:\windows\system32\MSJTER35.DLL
    2010-07-20 14:49:47 ----A---- C:\windows\system32\MSJINT35.DLL
    2010-07-20 14:49:47 ----A---- C:\windows\system32\MSJET35.DLL
    2010-07-20 14:38:17 ----A---- C:\windows\system32\drivers\cpuz134_x32.sys
    2010-07-19 23:32:19 ----A---- C:\windows\system32\XAudio2_3.dll
    2010-07-19 23:32:19 ----A---- C:\windows\system32\XAPOFX1_2.dll
    2010-07-19 23:32:19 ----A---- C:\windows\system32\xactengine3_3.dll
    2010-07-19 23:32:19 ----A---- C:\windows\system32\X3DAudio1_5.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\XAudio2_1.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\XAudio2_0.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\XAPOFX1_0.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\xactengine3_1.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\xactengine3_0.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\X3DAudio1_4.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\X3DAudio1_3.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\D3DX9_38.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\d3dx10_38.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\d3dx10_37.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\D3DCompiler_38.dll
    2010-07-19 23:32:18 ----A---- C:\windows\system32\D3DCompiler_37.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\xinput1_3.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\xactengine2_9.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\xactengine2_8.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\xactengine2_10.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\X3DAudio1_2.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\D3DX9_37.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx9_36.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx9_35.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx9_34.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx10_36.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx10_35.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\d3dx10_34.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\D3DCompiler_36.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\D3DCompiler_35.dll
    2010-07-19 23:32:17 ----A---- C:\windows\system32\D3DCompiler_34.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\xactengine2_7.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\xactengine2_6.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\xactengine2_5.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\d3dx9_33.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\d3dx9_32.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\d3dx10_33.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\d3dx10.dll
    2010-07-19 23:32:16 ----A---- C:\windows\system32\D3DCompiler_33.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xinput1_2.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xinput1_1.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xactengine2_4.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xactengine2_3.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xactengine2_2.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\xactengine2_1.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\x3daudio1_1.dll
    2010-07-19 23:32:15 ----A---- C:\windows\system32\d3dx9_31.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\xactengine2_0.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\x3daudio1_0.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_30.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_29.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_28.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_27.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_26.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_25.dll
    2010-07-19 23:32:13 ----A---- C:\windows\system32\d3dx9_24.dll
    2010-07-19 23:23:48 ----D---- C:\HRY
    2010-07-19 23:22:28 ----D---- C:\windows\system32\URTTEMP
    2010-07-19 23:00:11 ----A---- C:\windows\system32\drivers\sptd.sys
    2010-07-19 22:59:28 ----D---- C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
    2010-07-19 22:59:26 ----D---- C:\ProgramData\DAEMON Tools Lite
    2010-07-19 22:45:25 ----A---- C:\windows\system32\drivers\cpuz133_x32.sys
    2010-07-19 22:45:24 ----D---- C:\Program Files\CPUID
    2010-07-19 22:39:02 ----D---- C:\Users\Lukáš\AppData\Roaming\WinRAR
    2010-07-19 22:38:44 ----D---- C:\Program Files\WinRAR
    2010-07-19 22:35:55 ----D---- C:\Users\Lukáš\AppData\Roaming\Macromedia
    2010-07-19 22:34:29 ----D---- C:\Users\Lukáš\AppData\Roaming\Mozilla
    2010-07-19 22:34:04 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-19 22:33:05 ----D---- C:\Users\Lukáš\AppData\Roaming\Adobe
    2010-07-19 22:31:02 ----N---- C:\windows\system32\MpSigStub.exe
    2010-07-19 22:30:20 ----A---- C:\windows\system32\wintrust.dll
    2010-07-19 22:30:19 ----A---- C:\windows\system32\cabview.dll
    2010-07-19 22:22:53 ----D---- C:\Users\Lukáš\AppData\Roaming\Identities
    2010-07-19 22:17:14 ----D---- C:\Users\Lukáš\AppData\Roaming\Hewlett-Packard
    2010-07-19 22:16:10 ----D---- C:\Program Files\Windows Live
    2010-07-19 22:16:00 ----D---- C:\Program Files\Windows Live SkyDrive
    2010-07-19 22:15:46 ----D---- C:\Program Files\Microsoft Sync Framework
    2010-07-19 22:15:39 ----D---- C:\Program Files\Microsoft
    2010-07-19 22:15:04 ----D---- C:\Program Files\Common Files\Windows Live
    2010-07-19 22:13:46 ----SD---- C:\Users\Lukáš\AppData\Roaming\Microsoft

    ======List of files/folders modified in the last 1 months======

    2010-08-15 06:37:54 ----D---- C:\windows\Temp
    2010-08-15 06:29:16 ----D---- C:\windows\Prefetch
    2010-08-15 06:28:17 ----RD---- C:\Program Files
    2010-08-15 05:46:29 ----D---- C:\windows\system32\config
    2010-08-15 05:37:10 ----D---- C:\windows\Microsoft.NET
    2010-08-15 05:37:07 ----RSD---- C:\windows\assembly
    2010-08-15 05:34:00 ----D---- C:\windows\System32
    2010-08-15 05:33:36 ----D---- C:\windows\winsxs
    2010-08-15 05:33:30 ----A---- C:\windows\system32\log.txt
    2010-08-15 05:33:18 ----D---- C:\Windows
    2010-08-15 05:31:58 ----D---- C:\windows\system32\drivers
    2010-08-15 05:31:55 ----D---- C:\windows\system32\migration
    2010-08-15 05:31:55 ----D---- C:\Program Files\Internet Explorer
    2010-08-15 05:29:31 ----D---- C:\windows\debug
    2010-08-15 05:28:25 ----SHD---- C:\System Volume Information
    2010-08-15 05:28:04 ----D---- C:\windows\system32\catroot
    2010-08-15 05:24:55 ----D---- C:\windows\system32\catroot2
    2010-08-15 05:17:46 ----D---- C:\windows\system32\wbem
    2010-08-15 05:17:05 ----D---- C:\windows\Tasks
    2010-08-15 05:17:05 ----D---- C:\windows\system32\wfp
    2010-08-15 05:17:05 ----D---- C:\windows\system32\DriverStore
    2010-08-15 05:17:02 ----SHD---- C:\windows\Installer
    2010-08-15 05:17:02 ----D---- C:\windows\inf
    2010-08-15 05:17:01 ----D---- C:\windows\Help
    2010-08-15 05:17:00 ----D---- C:\windows\AppCompat
    2010-08-15 05:16:59 ----D---- C:\Program Files\NVIDIA Corporation
    2010-08-15 05:16:55 ----D---- C:\windows\registration
    2010-08-15 05:06:54 ----D---- C:\windows\LiveKernelReports
    2010-08-15 05:06:47 ----D---- C:\ProgramData\NVIDIA
    2010-08-12 14:41:11 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-08-11 14:28:26 ----A---- C:\windows\system32\PerfStringBackup.INI
    2010-08-08 14:30:10 ----HD---- C:\SYSTEM.SAV
    2010-08-02 09:45:04 ----HD---- C:\ProgramData
    2010-08-02 09:33:10 ----SD---- C:\ProgramData\Microsoft
    2010-08-02 09:20:43 ----D---- C:\Program Files\Common Files
    2010-08-02 02:57:58 ----D---- C:\windows\rescache
    2010-08-02 02:53:44 ----D---- C:\Program Files\Windows Sidebar
    2010-08-02 02:53:44 ----D---- C:\Program Files\Windows Mail
    2010-08-02 02:53:43 ----D---- C:\windows\servicing
    2010-08-02 02:53:43 ----D---- C:\windows\ehome
    2010-08-02 02:53:43 ----D---- C:\Program Files\Windows Photo Viewer
    2010-08-02 02:53:43 ----D---- C:\Program Files\Windows Media Player
    2010-08-02 02:53:43 ----D---- C:\Program Files\Windows Journal
    2010-08-02 02:53:43 ----D---- C:\Program Files\Windows Defender
    2010-08-02 02:53:43 ----D---- C:\Program Files\Common Files\System
    2010-08-02 02:53:42 ----D---- C:\windows\system32\sysprep
    2010-08-02 02:53:42 ----D---- C:\windows\system32\sl-SI
    2010-08-02 02:53:42 ----D---- C:\windows\system32\oobe
    2010-08-02 02:53:42 ----D---- C:\windows\system32\migwiz
    2010-08-02 02:53:42 ----D---- C:\windows\PolicyDefinitions
    2010-08-02 02:53:36 ----D---- C:\windows\system32\WCN
    2010-08-02 02:53:30 ----D---- C:\windows\system32\hr-HR
    2010-08-02 02:53:30 ----D---- C:\windows\system32\en-US
    2010-08-02 02:53:16 ----D---- C:\windows\IME
    2010-08-02 02:53:14 ----D---- C:\windows\system32\winrm
    2010-08-02 02:53:14 ----D---- C:\windows\system32\slmgr
    2010-08-02 02:53:14 ----D---- C:\windows\system32\cs-CZ
    2010-08-02 02:53:14 ----D---- C:\windows\system32\cs
    2010-08-02 02:53:14 ----D---- C:\windows\system32\Boot
    2010-08-02 02:53:05 ----D---- C:\windows\system32\drivers\cs-CZ
    2010-08-02 02:53:04 ----D---- C:\windows\system32\MUI
    2010-08-02 02:53:04 ----D---- C:\windows\system32\drivers\UMDF
    2010-08-02 02:53:04 ----D---- C:\windows\system32\Dism
    2010-08-02 02:53:02 ----D---- C:\windows\system32\Printing_Admin_Scripts
    2010-08-02 02:53:01 ----D---- C:\windows\system32\com
    2010-08-02 02:53:00 ----D---- C:\windows\AppPatch
    2010-08-02 02:52:49 ----D---- C:\Program Files\DVD Maker
    2010-08-02 02:52:48 ----D---- C:\windows\en-US
    2010-08-02 02:52:47 ----D---- C:\windows\system32\drivers\en-US
    2010-08-02 02:52:43 ----D---- C:\windows\Speech
    2010-08-02 02:36:22 ----D---- C:\swsetup
    2010-07-31 08:15:27 ----D---- C:\windows\Logs
    2010-07-27 17:26:36 ----D---- C:\windows\system32\Tasks
    2010-07-26 15:11:21 ----D---- C:\ProgramData\Hewlett-Packard
    2010-07-26 15:00:56 ----D---- C:\Program Files\Hewlett-Packard
    2010-07-25 13:14:43 ----D---- C:\windows\ModemLogs
    2010-07-22 23:11:40 ----D---- C:\windows\system32\wdi
    2010-07-22 23:11:12 ----D---- C:\windows\system32\sk-SK
    2010-07-22 22:46:54 ----SHD---- C:\$Recycle.Bin
    2010-07-22 22:46:42 ----RD---- C:\Users
    2010-07-21 23:58:29 ----D---- C:\Program Files\Common Files\microsoft shared
    2010-07-21 23:58:18 ----D---- C:\windows\ShellNew
    2010-07-21 23:58:08 ----RSD---- C:\windows\Fonts
    2010-07-21 23:56:08 ----A---- C:\windows\win.ini
    2010-07-20 15:07:16 ----D---- C:\ProgramData\Uninstall
    2010-07-20 14:51:02 ----D---- C:\Program Files\Common Files\SNP2UVC
    2010-07-19 22:30:46 ----D---- C:\windows\SoftwareDistribution
    2010-07-19 22:17:11 ----RD---- C:\Program Files\Online Services
    2010-07-19 22:12:31 ----D---- C:\windows\system32\restore
    2010-07-19 21:00:09 ----D---- C:\windows\Panther

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
    R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
    R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
    R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
    R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
    R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
    R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-11-11 110520]
    R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-11-11 51800]
    R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-11-11 13256]
    R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-07-19 691696]
    R0 storvsc;storvsc; C:\windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 387584]
    R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
    R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
    R1 PersonalSecureDrive;PersonalSecureDrive; C:\windows\System32\drivers\psd.sys [2009-10-02 39712]
    R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-11-11 40088]
    R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-01-30 55040]
    R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-01 295128]
    R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
    R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
    R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
    R2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
    R2 rimmptsk;rimmptsk; C:\windows\system32\DRIVERS\rimmptsk.sys [2009-06-26 48128]
    R2 rimsptsk;rimsptsk; C:\windows\system32\DRIVERS\rimsptsk.sys [2009-06-26 44544]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\windows\system32\DRIVERS\rixdptsk.sys [2009-06-26 38400]
    R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-08-03 1161760]
    R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
    R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
    R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
    R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-09-17 86056]
    R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2009-09-17 108072]
    R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-09-17 18472]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
    R3 HECI;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
    R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 58880]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 137728]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
    R3 rismc32;RICOH Smart Card Reader; C:\windows\system32\DRIVERS\rismc32.sys [2009-07-21 49152]
    R3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-09-18 1765168]
    R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt.sys [2009-11-18 420864]
    R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-07-26 242992]
    R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
    R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2010-01-30 165376]
    R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2010-01-30 78336]
    S2 cpuz133;cpuz133; \??\C:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
    S2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe86.sys [2009-10-27 48640]
    S2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
    S2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-29 38912]
    S3 ALSysIO;ALSysIO; \??\C:\Users\LUK~1\AppData\Local\Temp\ALSysIO.sys []
    S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
    S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
    S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2007-07-11 101376]
    S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
    S3 RTCore32;RTCore32; \??\C:\Program Files\RM Clock\RTCore32.sys []
    S3 s3cap;s3cap; C:\windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
    S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
    S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
    S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
    S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
    S3 VMBusHID;VMBusHID; C:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
    R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-08-03 14336]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 595232]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 20992]
    R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-24 300808]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
    R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
    R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-20 102968]
    R2 HP ProtectTools Service;HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-20 102968]
    R2 Hp.Skyroom.Windows.Service;HP SkyRoom; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-21 124984]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
    R2 HpFkCryptService;Drive Encryption Service; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
    R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
    R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 26168]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
    R2 IFXSpMgtSrv;Security Platform Management Service; C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2009-10-02 1107232]
    R2 IFXTCS;Trusted Platform Core Service; C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [2009-10-02 988448]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
    R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
    R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-06-03 129640]
    R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
    R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [2009-10-02 214304]
    R2 rgsender;Remote Graphics Sender Service; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe [2009-11-18 229458]
    R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-05-01 229944]
    S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 20992]
    S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\windows\system32\flcdlock.exe [2009-11-09 362040]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 20992]
    S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
    S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 20992]

    -----------------EOF-----------------

Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:

Re: Trojan-spy.win32.year2010-wors

#2 Příspěvek od Narfyk »

Zdravim.
Skus toto heslo: AgcI
Nasiel som ho na stranke http://www.eset.sk/virus/msil-lockscreen-b?lng=sk .
Vyzera tak isto, tusim je rozdiel vo farbe tlacitka, ale mohlo by to ist.....samozrejme ze nerucim za vysledok.
Zvysok necham na Radcov. :)

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#3 Příspěvek od lukycrust »

ten kód nepomohol...ďakujem za snahu,ale to čo sa mi tam vrilo,bude asi prefikanejsie...čo s tým???? :wink:

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#4 Příspěvek od motji »

Dobrý večer :)

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
system32.lnk 
C:\Windows\applic

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

:Services

:commands
[emptytemp]
[EMPTYFLASH]
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.



:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#5 Příspěvek od lukycrust »

motji:tak nejak som to s tým OTM urobil,dúfam že aj správne...

Kód: Vybrat vše

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP382F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7D31.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP85F2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF906.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI8E88.tmp moved successfully.
C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
File/Folder system32.lnk not found.
C:\Windows\applic folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 201174 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lukáa
 
User: Lukáš
->Temp folder emptied: 5276441 bytes
->Temporary Internet Files folder emptied: 21873483 bytes
->FireFox cache emptied: 78373000 bytes
->Flash cache emptied: 1487 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5645953 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 106.00 mb
 
 
OTM by OldTimer - Version 3.1.15.0 log created on 08162010_185652

Files moved on Reboot...

Registry entries deleted on Reboot...
a ešte aj log z MBAM:

Kód: Vybrat vše

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16. 8. 2010 19:56:30
mbam-log-2010-08-16 (19-56-30).txt

Typ kontroly: Úplná kontrola (C:\|F:\|)
Objektov kontrolovaných: 276150
Uplynulý čas: 49 min, 22 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)
myslíš,žeby mi to mohlo nejako vážnejšie poškodiť systém,nebodaj a notebook????

EDIT: po reštartovaní,ktoré chcelo po mne OTM,už tá modra obrazovka nenabieha,kvôli nejakej chybe net.Frameworku

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#6 Příspěvek od motji »

Nemůže poškodit počítač, chce z Vás jen vytáhnout peníze.

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#7 Příspěvek od lukycrust »

takže log z ComboFixu:

ComboFix 10-08-15.04 - Lukáš . 08. 2010 21:06:06.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.1973.952 [GMT 2:00]
Running from: c:\users\Lukáš\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-16 19:14 . 2010-08-16 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 19:14 . 2010-08-16 19:14 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-08-16 18:14 . 2010-08-16 18:14 -------- d-----w- c:\windows\system32\Wat
2010-08-16 17:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 17:06 . 2010-08-16 17:06 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 17:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 17:06 . 2010-08-16 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 16:56 . 2010-08-16 16:56 -------- d-----w- C:\_OTM
2010-08-15 04:28 . 2010-08-15 04:37 -------- d-----w- c:\program files\trend micro
2010-08-15 04:28 . 2010-08-15 04:28 -------- d-----w- C:\rsit
2010-08-15 03:25 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll
2010-08-15 03:24 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-15 03:24 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-15 03:24 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-15 03:24 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 03:24 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-15 03:24 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 03:24 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-15 03:24 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-15 03:24 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-15 03:24 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-15 03:24 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-15 03:24 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-15 02:57 . 2010-08-15 02:57 -------- d-----w- C:\NVIDIA
2010-08-12 12:53 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-08-12 12:53 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-12 12:53 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-08-06 18:21 . 2010-08-15 03:17 -------- d-----w- c:\windows\system32\AGEIA
2010-08-06 18:21 . 2010-08-15 03:16 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-04 18:56 . 2010-08-04 18:56 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-04 18:56 . 2010-08-04 18:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-02 07:45 . 2010-08-05 18:33 -------- d-----w- c:\programdata\LightScribe
2010-08-02 07:21 . 2010-08-02 07:34 -------- d-----w- c:\program files\Nero
2010-08-02 07:20 . 2010-08-02 07:28 -------- d-----w- c:\programdata\Nero
2010-08-02 07:20 . 2010-08-02 07:43 -------- d-----w- c:\program files\Common Files\Nero
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\program files\Common Files\LightScribe
2010-07-29 16:28 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-07-29 16:28 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-07-29 16:28 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-07-29 16:28 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-07-26 13:11 . 2010-07-26 13:11 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-07-26 13:11 . 2010-07-26 13:11 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-07-26 13:11 . 2010-07-26 13:11 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-07-26 13:11 . 2010-07-26 13:11 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-07-26 13:11 . 2010-07-26 13:11 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-07-26 13:00 . 2010-07-26 13:00 -------- d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-07-26 12:57 . 2010-04-14 17:09 1230088 ----a-w- c:\programdata\Hewlett-Packard\HPSAUpgrade2\HpSAUpgrade.exe
2010-07-25 11:11 . 2007-07-11 09:13 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-07-25 11:11 . 2007-07-11 09:11 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-07-25 11:11 . 2010-07-25 11:11 -------- d-----w- c:\program files\Huawei technologies
2010-07-24 23:03 . 2010-08-15 02:59 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-07-22 21:16 . 2010-07-22 21:16 -------- d-----w- c:\users\Admin\AppData\Local\Broadcom
2010-07-22 21:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-22 21:07 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-22 21:07 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-22 21:07 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-22 21:07 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-22 21:07 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-22 21:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-22 21:00 . 2010-07-22 21:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-22 20:59 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-07-22 20:59 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-22 20:59 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-22 20:59 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-07-22 20:59 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-07-22 20:59 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-07-22 20:59 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-07-22 20:59 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-22 20:57 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-07-22 20:57 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-07-22 20:57 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-07-22 20:57 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-07-22 20:57 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-07-22 20:57 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-07-22 20:57 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-07-22 20:57 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-07-22 20:57 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-22 20:57 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-07-22 20:57 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-07-22 20:47 . 2010-07-22 20:47 -------- d-----w- c:\users\Admin\AppData\Roaming\HPQLOG
2010-07-22 20:47 . 2010-07-22 20:47 124664 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-22 20:47 . 2010-07-22 20:47 -------- d-----w- c:\users\Admin\AppData\Roaming\Infineon
2010-07-22 20:47 . 2010-07-28 14:30 -------- d-----w- c:\users\Admin\AppData\Roaming\translateclient
2010-07-22 20:47 . 2010-07-22 20:47 -------- d-----w- c:\users\Admin\AppData\Local\PDFC
2010-07-22 20:47 . 2010-07-22 21:16 -------- d-----r- c:\users\Admin\Virtual Machines
2010-07-21 22:09 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-07-21 21:59 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-21 21:59 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-21 21:58 . 2010-07-21 21:58 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 21:58 . 2010-08-16 18:14 -------- d-----w- c:\program files\Microsoft.NET
2010-07-21 21:58 . 2010-07-21 21:58 -------- d-----w- c:\windows\PCHEALTH
2010-07-21 21:55 . 2010-07-21 22:00 -------- d-----w- c:\programdata\Microsoft Help
2010-07-21 21:55 . 2010-07-21 21:55 -------- d-----r- C:\MSOCache
2010-07-21 13:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-07-21 13:38 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-21 13:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-21 13:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-21 13:38 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-21 13:38 . 2010-07-21 13:38 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-21 13:36 . 2010-07-21 13:36 -------- d-----w- C:\TOTO
2010-07-21 13:36 . 2010-07-21 13:36 -------- d-----w- C:\slovnik
2010-07-21 13:34 . 2010-07-22 14:18 -------- d-----w- C:\Fraps
2010-07-21 13:33 . 2010-07-21 13:33 -------- d-----w- c:\program files\FreeTime
2010-07-21 13:06 . 2010-07-21 13:06 -------- d-----w- c:\program files\CCleaner
2010-07-20 14:12 . 2010-07-20 14:12 -------- d-----w- c:\program files\HooTech
2010-07-20 13:43 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-07-20 13:41 . 2010-07-21 22:09 -------- d-----w- c:\program files\ESET
2010-07-20 13:34 . 2010-07-20 13:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 13:23 . 2010-07-20 13:23 -------- d-----w- c:\program files\Translate Client
2010-07-20 13:05 . 2010-07-20 13:06 -------- d-----w- c:\programdata\Roxio
2010-07-20 13:04 . 2010-08-08 12:37 -------- d-----w- c:\program files\Roxio
2010-07-20 13:04 . 2010-07-20 13:04 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-20 13:04 . 2010-07-20 13:04 -------- d-----w- c:\programdata\Sonic
2010-07-20 13:04 . 2010-07-20 13:07 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-20 13:04 . 2010-07-20 13:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-20 13:03 . 2010-07-20 13:05 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-20 12:59 . 2010-07-20 12:59 -------- d-----w- c:\program files\Common Files\DigitalPersona
2010-07-20 12:54 . 2010-07-20 12:54 -------- d-----w- c:\windows\DPDrv
2010-07-20 12:54 . 2010-07-20 12:54 -------- d-----w- c:\programdata\Macrovision
2010-07-20 12:49 . 2010-07-20 12:49 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-07-20 12:49 . 2010-07-20 12:49 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-07-20 12:49 . 2010-07-20 12:49 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-07-20 12:49 . 2010-07-20 12:49 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-07-20 12:49 . 2010-07-20 12:49 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-07-20 12:38 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 19:15 . 2010-07-20 12:54 -------- d-----w- c:\programdata\HPQLOG
2010-08-15 03:16 . 2010-03-01 00:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-15 03:06 . 2010-03-01 00:42 -------- d-----w- c:\programdata\NVIDIA
2010-08-12 12:41 . 2010-01-30 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 22:34 . 2010-07-20 12:56 -------- d-----w- c:\programdata\PDFC
2010-08-02 00:53 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-08-02 00:53 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-02 00:53 . 2009-07-27 13:49 -------- d-----w- c:\program files\Windows Journal
2010-08-02 00:53 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-08-02 00:53 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-08-02 00:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-07-26 13:11 . 2010-01-30 18:14 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-26 13:00 . 2010-01-30 18:04 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-22 20:46 . 2010-07-22 20:46 -------- d-----w- c:\users\Admin\AppData\Roaming\DigitalPersona
2010-07-20 13:07 . 2010-03-01 00:58 -------- d-----w- c:\programdata\Uninstall
2010-07-20 12:59 . 2010-07-20 12:59 -------- d-----w- c:\program files\Common Files\ActivIdentity
2010-07-20 12:59 . 2010-07-20 12:59 -------- d-----w- c:\program files\ActivIdentity
2010-07-20 12:58 . 2010-07-20 12:58 -------- d-----w- c:\programdata\Infineon
2010-07-20 12:56 . 2010-07-20 12:56 -------- d-----w- c:\program files\PDF Complete
2010-07-20 12:51 . 2010-03-01 00:53 -------- d-----w- c:\program files\Common Files\SNP2UVC
2010-07-19 20:14 . 2010-07-19 20:14 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_EliteBook 8540p_Y5336AN_0U_QCND0083SBD_E582943-221_4A_I1521_SHP_V32.28_68CVD F.03_T100121_WU48-0_L41B_M1974_J250_7Intel_8652_92.40_#100130_N808610EA;80864239_(WD918EA#ARL)_XMOBILE_CN10_Z_2_G10DE0A2C.MRK
2010-07-16 11:51 . 2010-07-16 11:51 14904 ----a-w- c:\windows\Help\OEM\Scripts\LaunchHPForums.exe
2010-06-16 05:48 . 2010-08-15 03:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-03 17:21 . 2010-06-03 17:21 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-03 17:21 . 2010-06-03 17:21 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-03 17:21 . 2010-06-03 17:21 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-03 17:20 . 2010-06-03 17:20 95994 ----a-w- c:\windows\system32\nvcoproc.bin
2010-06-03 17:20 . 2010-06-03 17:20 149608 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-06-03 17:20 . 2010-06-03 17:20 13684840 ----a-w- c:\windows\system32\nvcpl.dll
2010-05-19 07:31 . 2010-05-19 07:31 14904 ----a-r- c:\windows\Help\OEM\Scripts\launchWebChat.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-05 577536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-07-26 1713448]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

c:\_otm\MovedFiles\08162010_185652\C_Users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
system32.lnk - c:\_otm\MovedFiles\08162010_185652\C_WINDOWS\applic\ssh.exe [2010-8-6 28672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-7-2 1314816]

c:\_otm\MovedFiles\08162010_185652\C_Users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
system32.lnk - c:\_otm\MovedFiles\08162010_185652\C_WINDOWS\applic\ssh.exe [2010-8-6 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-09 09:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
R3 ALSysIO;ALSysIO;c:\users\LUK~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 RTCore32;RTCore32;c:\program files\RM Clock\RTCore32.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-19 691696]
S0 SafeBoot;SafeBoot;c:\windows\System32\Drivers\SafeBoot.sys [2009-11-11 110520]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 137728]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\Embedded Security Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-10-02 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\03pdztpb.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - component: c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\components\dpffcli.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83043000]<< >>UNKNOWN [0x89821000]<< >>UNKNOWN [0x8A6B6000]<< >>UNKNOWN [0x8A67B000]<< >>UNKNOWN [0x8300C000]<< >>UNKNOWN [0x8969B000]<< >>UNKNOWN [0x89A34000]<< >>UNKNOWN [0x91589000]<< >>UNKNOWN [0x8A410000]<< >>UNKNOWN [0x89FBC000]<< >>UNKNOWN [0x8A110000]<< >>UNKNOWN [0x89FBD5FC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-597615714-1545844737-3701375177-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,c4,b9,4a,42,99,a1,58,f9,6b,53,c7,ae,2e,03,b5,e4,fb,ec,bf,76,
ff,c6,a0,3f,b2,de,55,5d,c8,5f,d1,d8,9d,1d,dc,26,dc,0f,42,76,28,fc,f3,f4,f7,\
"rkeysecu"=hex:e7,0f,5c,17,33,67,de,2f,4e,2b,93,51,67,9f,3e,81

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\DPFPApi.DLL

- - - - - - - > 'Explorer.exe'(1180)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-08-16 21:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 19:20

Pre-Run: 125 314 596 864 bytes free
Post-Run: 125 228 736 512 bytes free

- - End Of File - - 9A915681AC3BD9274CC7101301D81BB9
Naposledy upravil(a) lukycrust dne 16 srp 2010 20:32, celkem upraveno 1 x.

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#8 Příspěvek od motji »

Prosím odstraňte log z code, špatně se mi to čte. Díky.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#9 Příspěvek od motji »

:arrow:Otevřete znovu Otm a klikněte na tlačítko CleanUp,potvrďte ok


:arrow: odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

:arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


:arrow: Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

:arrow: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


:arrow: start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
ok

:arrow: vytvoří se log s názvem mbr.log, vložte ho zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#10 Příspěvek od lukycrust »

log Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:24 on 16/08/2010 (Lukáš)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read SafeBoot.sys
SPTD -> Already disabled


-=E.O.F=-

Log z Gmer č.1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 22:31:06
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\LUK~1\AppData\Local\Temp\pgldipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Log z Gmer č.2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 22:45:46
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\LUK~1\AppData\Local\Temp\pgldipow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83006634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83006898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8307E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830A2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\windows\System32\Drivers\SafeBoot.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
.text peauth.sys 9D439C9D 28 Bytes [DE, AE, 6D, C4, C8, 85, AF, ...]
.text peauth.sys 9D439CC1 28 Bytes [DE, AE, 6D, C4, C8, 85, AF, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1716] USER32.dll!TrackPopupMenu 76FB4B3B 5 Bytes JMP 5FB6721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 765D3162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5348] ntdll.dll!LdrLoadDll 76E7F625 5 Bytes JMP 010313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000007b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027136080e0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027136080e0@2021a540899d 0xD6 0x51 0x0F 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x0E 0x2B 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xE9 0x51 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x94 0x27 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027136080e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027136080e0@2021a540899d 0xD6 0x51 0x0F 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x0E 0x2B 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xE9 0x51 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x94 0x27 0x8D ...

---- EOF - GMER 1.0.15 ----

to posledné s tým MBRkom,mi nejako nechce fungovať...

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#11 Příspěvek od motji »

Proč Vám to nefunguje?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#12 Příspěvek od lukycrust »

vypíše mi,že to nemôže spustiť...umiestnenie nieje k dispozícií...

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#13 Příspěvek od motji »

Zkuste tento příkaz
"%userprofile%\desktop\mbr" -t
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

lukycrust
Návštěvník
Návštěvník
Příspěvky: 34
Registrován: 15 srp 2010 05:33

Re: Trojan-spy.win32.year2010-wors

#14 Příspěvek od lukycrust »

to už fungovalo..

log MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8303B000]<< >>UNKNOWN [0x89854000]<< >>UNKNOWN [0x8A5B6000]<< >>UNKNOWN [0x8A608000]<< >>UNKNOWN [0x83004000]<< >>UNKNOWN [0x89682000]<< >>UNKNOWN [0x89A04000]<<
kernel: MBR read successfully
user & kernel MBR OK

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Trojan-spy.win32.year2010-wors

#15 Příspěvek od motji »

Restartujte počítač a poprosím o nový log ze Rsitu a napište, co počítač.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Odpovědět