VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventivna_kontrola-podozrenie_na_havet

https://forum.viry.cz:443/viewtopic.php?t=109672

Stránka 1 z 1

Preventivna_kontrola-podozrenie_na_havet

Napsal: 20 úno 2011 16:21
od MARTiN27
Zdravim,
Ziadam a preventivnu kontrolu logu, mam podozrenie ze nie je nieco v poriadku, asi pred tydnem sa mi dostalo neco do PC. Prejavovalo sa to tak ze sa spustila ako keby nejaka kontrola ale pri tom nic neslo robit (spravca uloh nesel spustit, restartovat pc, vypinali sa spustene programy atd) na ploche sa zobrazilo pozadie (modre s cislami 0 a 1) bohuzial neslo mi spravit screen. Zistil som ze v C:\ProgramData som mal nejaky adresar v ktorom bol nejaky spustac, nazov bol ako keby hatlanina pismen a cisiel s priponou exe. Po odstraneni sa uz neprejavovali zaidne priznaky. Tak ziadam o kontrolu.

RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2011-02-20 16:03:51
Microsoft Windows 7 Ultimate
System drive C: has 28 GB (28%) free of 100 GB
Total RAM: 3063 MB (55% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\ASUS.SYS\CONFIG\DVMExportService.exe
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {F999D546-9677-452D-9637-B04BE2E02350}
C:\Windows\Explorer.EXE
"C:\Program Files\ASUS\Six Engine\SixEngine.exe" -b
"C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Program Files\NetLimiter 3\NLClientApp.exe" /tray
"C:\Program Files (x86)\Pidgin\pidgin.exe"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
"taskhost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\msdtc.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=536.9ccfe80.1080500612 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" 536 plugin \\.\pipe\gecko-crash-server-pipe.536
"C:\Users\Martin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-10-03 328056]
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2010-03-25 2832384]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-12-22 3037696]
"Pidgin"=C:\Program Files (x86)\Pidgin\pidgin.exe [2010-12-27 48618]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe [2010-03-09 11989960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-02-25 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
C:\Program Files (x86)\MultiScreen\MultiScreen.exe [2008-06-30 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboV]
C:\Program Files\ASUS\TurboV\TurboV.exe [2009-10-20 5516800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD Lite.lnk]
C:\PROGRA~2\GIGABYTE\GAMERH~1\HUD.exe [2009-06-30 1678848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]
C:\PROGRA~2\MICROS~1\Office14\GROOVE.EXE [2010-03-25 30969208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-02-16 384512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-06-05 1310720]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SpywareTerminator"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2010-12-22 2176512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.vbs - edit -
.vbs - open - "C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"

======List of files/folders created in the last 1 months======

2011-02-20 16:03:51 ----D---- C:\rsit
2011-02-20 16:03:51 ----D---- C:\Program Files\trend micro
2011-02-09 12:32:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-02-09 12:32:22 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 12:32:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-02-09 12:32:18 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 12:32:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 12:32:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 12:31:48 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-02-09 12:31:48 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 12:31:46 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 12:31:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-02-09 12:31:44 ----A---- C:\Windows\SYSWOW64\upnp.dll
2011-02-09 12:31:44 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 12:31:44 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 12:31:44 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 12:31:44 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 12:31:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-02-09 12:31:43 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2011-02-09 12:31:43 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-02-09 12:31:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-02-09 12:31:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 12:31:43 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 12:31:42 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2011-02-09 12:31:42 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-02-09 12:31:42 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-02-09 12:31:42 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2011-02-09 12:31:42 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 12:31:42 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 12:31:39 ----A---- C:\Windows\system32\winsrv.dll
2011-02-09 12:31:38 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-09 12:31:38 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 12:31:38 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 12:31:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-02-09 12:31:36 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-02-09 12:31:36 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 12:31:36 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 12:31:33 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-02-09 12:31:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-02-09 12:31:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 12:31:33 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 12:31:32 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 12:31:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-02-09 12:31:31 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-02-09 12:31:31 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 12:31:31 ----A---- C:\Windows\system32\atmfd.dll
2011-01-23 20:57:53 ----D---- C:\Program Files (x86)\World of Warcraft
2011-01-21 22:31:56 ----D---- C:\ProgramData\Blizzard

======List of files/folders modified in the last 1 months======

2011-02-20 16:03:52 ----D---- C:\Windows\Temp
2011-02-20 16:03:51 ----RD---- C:\Program Files
2011-02-20 16:03:47 ----D---- C:\Windows\Prefetch
2011-02-20 16:01:29 ----D---- C:\Users\Martin\AppData\Roaming\.purple
2011-02-20 15:58:49 ----D---- C:\Users\Martin\AppData\Roaming\uTorrent
2011-02-20 15:55:39 ----D---- C:\Windows\registration
2011-02-20 15:49:14 ----D---- C:\Windows
2011-02-20 15:49:07 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-02-20 15:48:56 ----SHD---- C:\Windows\Installer
2011-02-20 15:48:48 ----SHD---- C:\System Volume Information
2011-02-20 15:48:32 ----D---- C:\Windows\system32\appmgmt
2011-02-20 15:04:57 ----D---- C:\Windows\system32\LogFiles
2011-02-20 14:32:14 ----D---- C:\Windows\system32\Tasks
2011-02-20 11:21:14 ----D---- C:\Windows\system32\config
2011-02-20 11:08:00 ----D---- C:\ProgramData\NVIDIA
2011-02-19 22:43:33 ----D---- C:\Users\Martin\AppData\Roaming\FileZilla
2011-02-16 11:45:53 ----D---- C:\Windows\system32\NDF
2011-02-16 01:00:25 ----D---- C:\Windows\system32\catroot2
2011-02-15 17:21:52 ----D---- C:\Windows\debug
2011-02-15 17:18:51 ----HD---- C:\ProgramData
2011-02-15 17:12:07 ----D---- C:\ProgramData\Spyware Terminator
2011-02-15 17:11:28 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-02-15 17:10:05 ----D---- C:\Users\Martin\AppData\Roaming\Spyware Terminator
2011-02-14 23:01:38 ----D---- C:\Users\Martin\AppData\Roaming\dvdcss
2011-02-14 21:29:28 ----SD---- C:\Users\Martin\AppData\Roaming\Microsoft
2011-02-12 20:21:09 ----D---- C:\Users\Martin\AppData\Roaming\Adobe
2011-02-10 15:10:15 ----RSD---- C:\Windows\assembly
2011-02-10 15:10:15 ----D---- C:\Windows\Microsoft.NET
2011-02-10 12:51:10 ----D---- C:\Windows\winsxs
2011-02-10 12:49:16 ----D---- C:\Windows\SysWOW64
2011-02-10 12:49:16 ----D---- C:\Windows\System32
2011-02-10 12:49:16 ----D---- C:\Program Files\Internet Explorer
2011-02-10 12:49:16 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-10 12:49:14 ----D---- C:\Windows\system32\drivers
2011-02-10 01:11:42 ----SHD---- C:\Config.Msi
2011-02-10 01:11:32 ----D---- C:\ProgramData\Microsoft Help
2011-02-10 01:09:41 ----A---- C:\Windows\system32\MRT.exe
2011-02-10 01:08:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-10 01:07:59 ----D---- C:\Windows\inf
2011-02-09 12:31:22 ----D---- C:\Windows\system32\catroot
2011-02-08 13:01:16 ----D---- C:\Windows\SYSWOW64\en-US
2011-02-08 13:01:16 ----D---- C:\Windows\system32\en-US
2011-02-08 13:01:14 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-01-30 22:04:34 ----D---- C:\Users\Martin\AppData\Roaming\gtk-2.0
2011-01-30 21:11:44 ----D---- C:\Users\Martin\AppData\Roaming\DivX
2011-01-24 02:24:46 ----D---- C:\Users\Martin\AppData\Roaming\Skype
2011-01-24 00:01:43 ----D---- C:\Users\Martin\AppData\Roaming\skypePM
2011-01-23 20:57:53 ----D---- C:\Program Files (x86)
2011-01-22 23:55:55 ----D---- C:\Program Files (x86)\Valve

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-11 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2010-03-25 88200]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 53968]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-05-10 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-05-10 43680]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-06-05 475136]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2010-03-25 33416]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 164304]
S3 a4ni7cud;a4ni7cud; C:\Windows\system32\drivers\a4ni7cud.sys []
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2010-03-25 33416]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 35112]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2009-06-05 111616]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-02-25 73728]
R2 MDES;DVM Meta Data Export Service; C:\ASUS.SYS\CONFIG\DVMExportService.exe [2009-02-18 315392]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2010-03-25 1740288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-04-14 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-04-14 189248]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-12-22 488960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-29 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736]

-----------------EOF-----------------


PS:// na NB mi robilo to same, pre log s RSIT mam zalozit novu temu? ci staci to vlozit sem?
Vdaka,

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 20 úno 2011 22:36
od Roli
Zdravím, použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

P.S. až doladíme tohle PC mrknem se na ten notebook, tak že nové téma nezakládej.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 20 úno 2011 23:39
od MARTiN27
Log z Mbam:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verzia databázy: 5824

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20. 2. 2011 23:38:06
mbam-log-2011-02-20 (23-37-58).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 185210
Uplynutý čas: 1 min, 12 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 7

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\Users\Miroslav\AppData\Local\Temp\0.21731967862307744.exe (Trojan.Vilsel) -> No action taken.
c:\Users\Miroslav\AppData\Local\Temp\0.24602157148028536.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Miroslav\AppData\Local\Temp\0.26163034899461435.exe (Trojan.Vilsel) -> No action taken.
c:\Users\Miroslav\AppData\Local\Temp\0.6971460005458637.exe (Trojan.Vilsel) -> No action taken.
c:\Users\Miroslav\AppData\Local\Temp\0.8226670716951077.exe (Trojan.Vilsel) -> No action taken.
c:\Users\Miroslav\AppData\Local\Temp\0.8868080479529711.exe (Trojan.Vilsel) -> No action taken.
c:\Users\Miroslav\AppData\Roaming\MSA\mscj.exe (Trojan.Downloader) -> No action taken.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 21 úno 2011 22:23
od Roli
Vše co Mbam našel nech smazat.

No a pokud se již PC chová korektně dej mi sem log z Rsit toho notebooku.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 21 úno 2011 22:35
od MARTiN27
Ďakujem. Tak PC je už v poriadku.
Prikladám log RSIT NB:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2011-02-21 22:29:10
Microsoft Windows 7 Professional
System drive C: has 20 GB (25%) free of 80 GB
Total RAM: 1908 MB (33% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9b8ce4b6-a92e-4e94-b0ad-9c5fe969b1e0 -SystemEventPortName:HostProcess-18c6a44f-e226-4e45-bfdc-5f10aaca34a0 -IoCancelEventPortName:HostProcess-598d4179-6840-4ff5-8291-0c8a6a9cf674 -NonStateChangingEventPortName:HostProcess-b5042f43-e59a-477f-85ce-6118ae93182f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9755b2ad-4bbb-45ef-b78d-7fb47d8ed81a
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\WLANExt.exe 27043456
\??\C:\Windows\system32\conhost.exe
taskeng.exe {BB29042C-3296-4100-B300-E49110E2DD53}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe"
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
"C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"
C:\ProgramData\DatacardService\DCService.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe"
WLIDSvcM.exe 2704
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe" -Embedding
"C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe" /IpNotifyInstance
"C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
"C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Lenovo\Zoom\TpScrex.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Docking Detection\DockingDetection.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe" /start
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Lenovo\Client Security Solution\password_manager.exe"
"C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe"
"C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5384.bd83fa0.1146247677 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" 5384 plugin \\.\pipe\gecko-crash-server-pipe.5384
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
C:\Windows\system32\sppsvc.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"c:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskeng.exe {64978CDE-F96C-427E-AD48-9A6BEC220897}
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\jusched.exe
"C:\Program Files (x86)\Java\jre6\bin\java.exe" -fullversion
"C:\Windows\System32\Dxpserver.exe" /c
C:\Windows\system32\DeviceDisplayObjectProvider.exe -Embedding
"C:\Users\Martin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-22 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-26 763192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-12-21 69568]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-12-11 380776]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-02 390680]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-02 410136]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2010-04-20 62312]
"AcWin7Hlpr"=C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [2009-10-14 36864]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26 5879608]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-04-23 2097960]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-11-09 328056]
"AdobeBridge"= []
"conhost"=C:\Users\Martin\AppData\Roaming\Microsoft\conhost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-11-09 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2010-02-18 1083680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"DockingDetection"=C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE [2010-03-10 2454016]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"Message Center Plus"=C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Launch Backup Service Once"=C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe [2009-08-28 21304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-01-25 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-03-25 135432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-21 22:29:12 ----D---- C:\Program Files\trend micro
2011-02-21 22:29:10 ----D---- C:\rsit
2011-02-12 23:23:03 ----D---- C:\ProgramData\aNdCpEo14700
2011-02-08 22:47:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-02-08 22:47:31 ----A---- C:\Windows\system32\mshtml.dll
2011-02-08 22:47:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-02-08 22:47:16 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\mstime.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\iertutil.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\iepeers.dll
2011-02-08 22:47:16 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-08 22:47:15 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-02-08 22:47:15 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-02-08 22:47:15 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-08 22:47:15 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-08 22:46:56 ----A---- C:\Windows\system32\kerberos.dll
2011-02-08 22:46:55 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-02-08 22:46:52 ----A---- C:\Windows\system32\win32k.sys
2011-02-08 22:46:47 ----A---- C:\Windows\system32\msxml6.dll
2011-02-08 22:46:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-02-08 22:46:46 ----A---- C:\Windows\SYSWOW64\upnp.dll
2011-02-08 22:46:46 ----A---- C:\Windows\system32\urlmon.dll
2011-02-08 22:46:46 ----A---- C:\Windows\system32\upnp.dll
2011-02-08 22:46:46 ----A---- C:\Windows\system32\msxml3.dll
2011-02-08 22:46:45 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-02-08 22:46:45 ----A---- C:\Windows\system32\wininet.dll
2011-02-08 22:46:45 ----A---- C:\Windows\system32\winhttp.dll
2011-02-08 22:46:44 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-02-08 22:46:44 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-02-08 22:46:44 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-08 22:46:44 ----A---- C:\Windows\system32\davclnt.dll
2011-02-08 22:46:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-02-08 22:46:41 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2011-02-08 22:46:41 ----A---- C:\Windows\system32\wscapi.dll
2011-02-08 22:46:41 ----A---- C:\Windows\system32\ieframe.dll
2011-02-08 22:46:40 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2011-02-08 22:46:40 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-02-08 22:46:40 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-02-08 22:46:40 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2011-02-08 22:46:40 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-08 22:46:40 ----A---- C:\Windows\system32\slwga.dll
2011-02-08 22:46:37 ----A---- C:\Windows\system32\winsrv.dll
2011-02-08 22:46:35 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-02-08 22:46:35 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-02-08 22:46:35 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-02-08 22:46:35 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-08 22:46:35 ----A---- C:\Windows\system32\FntCache.dll
2011-02-08 22:46:35 ----A---- C:\Windows\system32\DWrite.dll
2011-02-08 22:46:35 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-08 22:46:35 ----A---- C:\Windows\system32\d2d1.dll
2011-02-08 22:46:34 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-02-08 22:46:34 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-02-08 22:46:34 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-02-08 22:46:34 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-02-08 22:46:34 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-08 22:46:34 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-02-08 22:46:34 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-08 22:46:34 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-08 22:46:33 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-02-08 22:46:33 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-02-08 22:46:33 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-08 22:46:33 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-08 22:46:33 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-08 22:46:33 ----A---- C:\Windows\system32\cdd.dll
2011-02-08 22:46:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-02-08 22:46:30 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-02-08 22:46:30 ----A---- C:\Windows\system32\vbscript.dll
2011-02-08 22:46:30 ----A---- C:\Windows\system32\jscript.dll
2011-02-08 22:46:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-08 22:46:25 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-02-08 22:46:25 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-02-08 22:46:25 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-02-08 22:46:25 ----A---- C:\Windows\system32\ntdll.dll
2011-02-08 22:46:21 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-02-08 22:46:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-02-08 22:46:21 ----A---- C:\Windows\system32\atmlib.dll
2011-02-08 22:46:21 ----A---- C:\Windows\system32\atmfd.dll
2011-02-04 23:24:01 ----D---- C:\Users\Martin\AppData\Roaming\Update
2011-01-24 14:03:43 ----D---- C:\Program Files (x86)\World of Warcraft

======List of files/folders modified in the last 1 months======

2011-02-21 22:29:12 ----RD---- C:\Program Files
2011-02-21 22:28:23 ----D---- C:\Windows\Temp
2011-02-21 22:27:40 ----SHD---- C:\System Volume Information
2011-02-21 22:26:32 ----D---- C:\Users\Martin\AppData\Roaming\uTorrent
2011-02-21 22:26:16 ----D---- C:\Windows\system32\config
2011-02-21 22:26:10 ----A---- C:\Windows\SYSWOW64\log.txt
2011-02-21 17:39:40 ----D---- C:\swshare
2011-02-21 17:33:26 ----D---- C:\Windows\System32
2011-02-21 17:33:26 ----D---- C:\Windows\inf
2011-02-21 17:33:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-21 16:55:31 ----D---- C:\Windows\system32\drivers
2011-02-21 16:55:31 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-02-21 16:55:29 ----SD---- C:\Users\Martin\AppData\Roaming\Microsoft
2011-02-20 19:53:25 ----SHD---- C:\Windows\Installer
2011-02-20 19:51:43 ----RSD---- C:\Windows\assembly
2011-02-20 19:51:38 ----D---- C:\Windows\SysWOW64
2011-02-20 19:51:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-02-20 19:50:41 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2011-02-20 19:50:16 ----D---- C:\Windows\Registration
2011-02-20 19:48:27 ----D---- C:\Windows\Prefetch
2011-02-12 23:23:03 ----HD---- C:\ProgramData
2011-02-09 17:20:12 ----D---- C:\Windows\winsxs
2011-02-09 17:18:18 ----D---- C:\Program Files\Internet Explorer
2011-02-09 17:18:18 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-08 23:41:16 ----D---- C:\ProgramData\Microsoft Help
2011-02-08 23:39:22 ----A---- C:\Windows\system32\MRT.exe
2011-02-08 22:45:51 ----D---- C:\Windows\system32\catroot
2011-02-08 22:45:49 ----D---- C:\Windows\system32\catroot2
2011-02-05 18:57:48 ----D---- C:\Windows\system32\wdi
2011-02-04 23:22:01 ----D---- C:\Program Files\PC-Doctor
2011-01-24 14:03:43 ----RD---- C:\Program Files (x86)
2011-01-22 12:11:48 ----D---- C:\ProgramData\Blizzard Entertainment

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2009-10-09 136744]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-11 834544]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2010-05-06 13104]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 53968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2010-03-17 161664]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-03-23 53800]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-03-23 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-03-23 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-03-23 21288]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-11-18 32880]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-01-25 7842272]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-01-06 158848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-21 2350240]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 271872]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-11-09 151664]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-10-02 258560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-04-23 318000]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-10-06 35112]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 164304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 120704]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-05-07 24560]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [2010-04-23 124264]
R2 AcSvc;AcSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [2010-04-23 259432]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-02-18 873248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-22 1420560]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-11-18 45928]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-22 831760]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 SUService;System Update; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [2010-03-15 28672]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-08-28 1019904]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 TVT Backup Service;TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [2009-09-04 1474560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-06 75112]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2009-10-09 47656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 81920]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 21 úno 2011 22:48
od Roli
Tak že i tady použij Mbam jako před tím.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 21 úno 2011 22:56
od MARTiN27
Log z Mbam NB:
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5833

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21. 2. 2011 22:54:35
mbam-log-2011-02-21 (22-54-27).txt

Typ kontroly: Rychlý test
Testované objekty: 176329
Uplynulý čas: 2 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Martin\AppData\Local\Temp\0.4976544555262755.exe (Trojan.Downloader) -> No action taken.
c:\Users\Martin\AppData\Local\Temp\jar_cache3190401321621657990.tmp (Trojan.Downloader) -> No action taken.
c:\Users\Martin\AppData\Local\Temp\jar_cache9186452523267509198.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Martin\local settings\9924206.exe (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Martin\local settings\9924207.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Martin\AppData\Local\Temp\0.20663455307664136.exe (Trojan.Dropper) -> No action taken.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 22 úno 2011 14:49
od Roli
To co Mbam našel nech smazat.

Nevidím žádný antivir, tak že by to chtělo napravit ( Avast, Avira ) a PC s ním projet.

Pak dej vědět jaký je stav.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 22 úno 2011 20:35
od MARTiN27
Po odstránení toho čo našiel Mbam som nainštaloval Avast Home a dal úplny sken. Avast mi našiel ešte niečo v cache Javy tak som to odstránil. Dal som urobiť ešte sken po reštarte, pri bootovani a taktiež mi našiel niečo v cache. Všetko som dal odstrániť. Samozrejme som si vyčistil NB pomocou Vit registry fix a tiež som dal defragmentovať disk a v msconfig som si povypínal nejaké nepotrebné veci ktoré sa mi spúšťali pri štarte.
NB sa zatial chová veľmi dobre, všetko pracuje tak ako má.

Veľmi pekne ďakujem za pomoc.

Re: Preventivna_kontrola-podozrenie_na_havet

Napsal: 22 úno 2011 22:04
od Roli
Není zač.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz