Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Preventivní kontrola logu
Ahoj lidi, svchost.exe mi po startu zabírá 100% CPU, ale pak se uklidní, je to normální? Jinak přikládám log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Jimmy at 2010-11-25 08:14:02
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (58%) free of 50 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:22, on 25.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\programy\DAEMON Tools Lite\DTLite.exe
D:\programy\stickies\stickies.exe
D:\programy\avast\AvastUI.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Jimmy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "D:\programy\avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\programy\adobe reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stickies.lnk = D:\programy\stickies\stickies.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6655950-0029-435D-A6E4-371A3EF573E6}: NameServer = 81.19.45.14,81.19.45.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8132 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-06 48080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-07-09 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=D:\programy\QuickTime\QTTask.exe [2010-03-17 421888]
"avast5"=D:\programy\avast\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=D:\programy\adobe reader\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stickies.lnk - D:\programy\stickies\stickies.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-11-25 08:14:02 ----D---- C:\rsit
2010-11-25 08:14:02 ----D---- C:\Program Files (x86)\trend micro
2010-11-22 17:46:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-11-22 11:34:55 ----A---- C:\Windows\BlendSettings.ini
2010-11-18 13:40:19 ----D---- C:\Users\Jimmy\AppData\Roaming\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\ProgramData\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-11-17 13:24:55 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-11-07 21:34:57 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-11-07 21:34:52 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-11-07 21:34:50 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-11-07 21:34:47 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-11-07 21:34:43 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-11-07 21:34:42 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-11-07 21:34:39 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-11-07 21:34:38 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-11-07 21:34:35 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-11-07 21:34:30 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-11-07 21:34:24 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-11-07 21:34:22 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-11-07 21:34:21 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-11-07 21:34:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-11-07 21:34:08 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-11-07 21:34:06 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-11-07 21:34:04 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-11-07 21:34:02 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-11-07 21:34:01 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-11-07 21:33:59 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-11-01 19:14:17 ----D---- C:\Users\Jimmy\AppData\Roaming\stickies
2010-11-01 19:14:16 ----A---- C:\Windows\uninstallstickies.bat
2010-10-28 09:47:00 ----D---- C:\Program Files (x86)\Microsoft WSE
======List of files/folders modified in the last 1 months======
2010-11-25 08:14:09 ----D---- C:\Windows\Temp
2010-11-25 08:14:02 ----RD---- C:\Program Files (x86)
2010-11-25 07:56:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-24 16:14:20 ----D---- C:\Users\Jimmy\AppData\Roaming\uTorrent
2010-11-24 11:46:54 ----D---- C:\Windows\Prefetch
2010-11-24 11:45:50 ----SHD---- C:\System Volume Information
2010-11-24 11:35:22 ----D---- C:\Windows
2010-11-22 22:46:18 ----D---- C:\Users\Jimmy\AppData\Roaming\Skype
2010-11-22 21:12:02 ----D---- C:\Users\Jimmy\AppData\Roaming\skypePM
2010-11-22 17:46:32 ----SHD---- C:\Windows\Installer
2010-11-22 10:50:10 ----RSD---- C:\Windows\assembly
2010-11-21 18:23:33 ----D---- C:\Windows\SysWOW64
2010-11-21 10:06:37 ----RD---- C:\Program Files (x86)\Skype
2010-11-21 10:05:49 ----D---- C:\Program Files (x86)\EACOM
2010-11-21 10:01:22 ----HD---- C:\ProgramData
2010-11-19 15:29:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-19 12:29:16 ----D---- C:\Windows\System32
2010-11-19 12:29:16 ----D---- C:\Windows\inf
2010-11-18 13:04:54 ----D---- C:\Users\Jimmy\AppData\Roaming\Audacity
2010-10-28 10:00:19 ----D---- C:\ProgramData\Electronic Arts
2010-10-26 16:58:12 ----D---- C:\Program Files (x86)\Common Files\InstallShield
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 awtsldxn;awtsldxn; C:\Windows\SysWOW64\drivers\awtsldxn.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-11-18 948775]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Jimmy at 2010-11-25 08:14:02
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (58%) free of 50 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:22, on 25.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\programy\DAEMON Tools Lite\DTLite.exe
D:\programy\stickies\stickies.exe
D:\programy\avast\AvastUI.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Jimmy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "D:\programy\avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\programy\adobe reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stickies.lnk = D:\programy\stickies\stickies.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6655950-0029-435D-A6E4-371A3EF573E6}: NameServer = 81.19.45.14,81.19.45.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8132 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-06 48080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-07-09 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=D:\programy\QuickTime\QTTask.exe [2010-03-17 421888]
"avast5"=D:\programy\avast\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=D:\programy\adobe reader\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stickies.lnk - D:\programy\stickies\stickies.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-11-25 08:14:02 ----D---- C:\rsit
2010-11-25 08:14:02 ----D---- C:\Program Files (x86)\trend micro
2010-11-22 17:46:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-11-22 11:34:55 ----A---- C:\Windows\BlendSettings.ini
2010-11-18 13:40:19 ----D---- C:\Users\Jimmy\AppData\Roaming\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\ProgramData\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-11-17 13:24:55 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-11-07 21:34:57 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-11-07 21:34:52 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-11-07 21:34:50 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-11-07 21:34:47 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-11-07 21:34:43 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-11-07 21:34:42 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-11-07 21:34:39 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-11-07 21:34:38 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-11-07 21:34:35 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-11-07 21:34:30 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-11-07 21:34:24 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-11-07 21:34:22 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-11-07 21:34:21 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-11-07 21:34:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-11-07 21:34:08 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-11-07 21:34:06 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-11-07 21:34:04 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-11-07 21:34:02 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-11-07 21:34:01 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-11-07 21:33:59 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-11-01 19:14:17 ----D---- C:\Users\Jimmy\AppData\Roaming\stickies
2010-11-01 19:14:16 ----A---- C:\Windows\uninstallstickies.bat
2010-10-28 09:47:00 ----D---- C:\Program Files (x86)\Microsoft WSE
======List of files/folders modified in the last 1 months======
2010-11-25 08:14:09 ----D---- C:\Windows\Temp
2010-11-25 08:14:02 ----RD---- C:\Program Files (x86)
2010-11-25 07:56:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-24 16:14:20 ----D---- C:\Users\Jimmy\AppData\Roaming\uTorrent
2010-11-24 11:46:54 ----D---- C:\Windows\Prefetch
2010-11-24 11:45:50 ----SHD---- C:\System Volume Information
2010-11-24 11:35:22 ----D---- C:\Windows
2010-11-22 22:46:18 ----D---- C:\Users\Jimmy\AppData\Roaming\Skype
2010-11-22 21:12:02 ----D---- C:\Users\Jimmy\AppData\Roaming\skypePM
2010-11-22 17:46:32 ----SHD---- C:\Windows\Installer
2010-11-22 10:50:10 ----RSD---- C:\Windows\assembly
2010-11-21 18:23:33 ----D---- C:\Windows\SysWOW64
2010-11-21 10:06:37 ----RD---- C:\Program Files (x86)\Skype
2010-11-21 10:05:49 ----D---- C:\Program Files (x86)\EACOM
2010-11-21 10:01:22 ----HD---- C:\ProgramData
2010-11-19 15:29:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-19 12:29:16 ----D---- C:\Windows\System32
2010-11-19 12:29:16 ----D---- C:\Windows\inf
2010-11-18 13:04:54 ----D---- C:\Users\Jimmy\AppData\Roaming\Audacity
2010-10-28 10:00:19 ----D---- C:\ProgramData\Electronic Arts
2010-10-26 16:58:12 ----D---- C:\Program Files (x86)\Common Files\InstallShield
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 awtsldxn;awtsldxn; C:\Windows\SysWOW64\drivers\awtsldxn.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-11-18 948775]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Re: Preventivní kontrola logu
Zdravim a pekny den preji
Vypnu Vam u Spyware Terminatora rezidentni stitm jelikoz by mohlo dochazet ke kolizi s rez. stitem Avastu - Terminatora tak budete mit jen na obcasyn rucni sken - ono to staci jelikoz avast uz neco takoveho v sobe ma
svchost.exe je legitimni soubor winu, ale podivame se na to
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
Vypnu Vam u Spyware Terminatora rezidentni stitm jelikoz by mohlo dochazet ke kolizi s rez. stitem Avastu - Terminatora tak budete mit jen na obcasyn rucni sken - ono to staci jelikoz avast uz neco takoveho v sobe ma
svchost.exe je legitimni soubor winu, ale podivame se na to
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
services.msc
- Kliknete na OK
- Najdete sluzby nize
- Spyware Terminator Realtime Shield Service
- U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK
- HJT najdete zde C:\Program Files (x86)\trend micro\Jimmy.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file) - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "Google Update"=- :files C:\Program Files (x86)\DAEMON Tools Toolbar C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]
- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
Re: Preventivní kontrola logu
Omlouvám se za duplicitu, nevím jak se to stalo . Každopádně jsem (snad dobře) vše udělal podle instrukcí, uvidíme, jestli to pomohlo. Jinak při nabíhání byl komp pomalejší, asi krz to OTM, že? Tady je z něj log:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job moved successfully.
C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSIAE4B.tmp moved successfully.
C:\Windows\Installer\MSID423.tmp moved successfully.
C:\Windows\Installer\MSID947.tmp moved successfully.
C:\Windows\Installer\MSIF2FB.tmp moved successfully.
C:\Windows\Temp\TS_8FF0.tmp moved successfully.
C:\Windows\Temp\TS_95AB.tmp moved successfully.
C:\Windows\Temp\TS_99B2.tmp moved successfully.
C:\Windows\Temp\TS_A335.tmp moved successfully.
C:\Windows\Temp\TS_A577.tmp moved successfully.
C:\Windows\Temp\TS_A7F7.tmp moved successfully.
C:\Windows\Temp\TS_B947.tmp moved successfully.
C:\Windows\Temp\TS_C587.tmp moved successfully.
C:\Windows\Temp\TS_CF29.tmp moved successfully.
C:\Windows\Temp\UDD60E4.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jimmy
->Temp folder emptied: 46528491 bytes
->Temporary Internet Files folder emptied: 127939691 bytes
->FireFox cache emptied: 84223182 bytes
->Google Chrome cache emptied: 353930292 bytes
->Opera cache emptied: 1113734 bytes
->Flash cache emptied: 46046 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21454 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 585,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11252010_122855
Files moved on Reboot...
File C:\Users\Jimmy\AppData\Local\Temp\etilqs_RoBAPhvMTZ0BE4CUDC62 not found!
C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job moved successfully.
C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSIAE4B.tmp moved successfully.
C:\Windows\Installer\MSID423.tmp moved successfully.
C:\Windows\Installer\MSID947.tmp moved successfully.
C:\Windows\Installer\MSIF2FB.tmp moved successfully.
C:\Windows\Temp\TS_8FF0.tmp moved successfully.
C:\Windows\Temp\TS_95AB.tmp moved successfully.
C:\Windows\Temp\TS_99B2.tmp moved successfully.
C:\Windows\Temp\TS_A335.tmp moved successfully.
C:\Windows\Temp\TS_A577.tmp moved successfully.
C:\Windows\Temp\TS_A7F7.tmp moved successfully.
C:\Windows\Temp\TS_B947.tmp moved successfully.
C:\Windows\Temp\TS_C587.tmp moved successfully.
C:\Windows\Temp\TS_CF29.tmp moved successfully.
C:\Windows\Temp\UDD60E4.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jimmy
->Temp folder emptied: 46528491 bytes
->Temporary Internet Files folder emptied: 127939691 bytes
->FireFox cache emptied: 84223182 bytes
->Google Chrome cache emptied: 353930292 bytes
->Opera cache emptied: 1113734 bytes
->Flash cache emptied: 46046 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21454 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 585,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11252010_122855
Files moved on Reboot...
File C:\Users\Jimmy\AppData\Local\Temp\etilqs_RoBAPhvMTZ0BE4CUDC62 not found!
C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Preventivní kontrola logu
Ještě bych měl vlastně dotaz - všiml jsem si, že hodně toho, co jsem fixnul v HJT, bylo nějak spojeno s QIPem, mám si najít nějaký jiný komunikátor? Pokud ano, jaký?
Re: Preventivní kontrola logu
Komunikator QIP Vam muzu narozdil od ICQ velmi doporucit, jeste stoji za uvazenou Miranda. Ty veci co se fixovali se tam dostali pri instalaci - je treba cist co instalojujete, nastavujete...
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Panel čistič
A pokud nejsou problemy a ani dotazy, je to z me strany vse
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy a ani dotazy, je to z me strany vse
Re: Preventivní kontrola logu
Díky moc, ještě bych se zeptal, proč se mi seká při startu ta znělka, je to normální?
Re: Preventivní kontrola logu
Nemate na plose nejak hodne veci - nemyslim zastupce - myslim nejake velke soubory...jinak pokud neni zasek nejaky velky, tak bych se v tom nejak nehrabal...asi nestiha v ten momentik procesor...
Re: Preventivní kontrola logu
Vypadá to dobře, jinak ten zásek není moc velký, fakt jako kdyby to spíš nestíhalo. Moc vám děkuji
Re: Preventivní kontrola logu
Procistete jak jsem psal vyse a jeste udelejte pripadne defragmentaci
Doporucuji provest defragmentaci disku
Doporucuji provest defragmentaci disku
- Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
- Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
- Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace
Nový log
Vypadá to, že můj komp přežil infekci zatím pro mě neznámým trojanem, kterého zvládl najít jen Lavasoftí Ad-Aware. Trojan se jmenuje "Trojan.Win32.Generic.pak!cobra" - vůbec nevím, co je to zač. No každopádně, přikládám log z HJT, jestli tam nezůstalo ještě něco... za každou pomoc předem děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 11.9.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6660 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 11.9.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6660 bytes
Re: Preventivní kontrola logu
Zdravim
Dejte prosim log z RSIT - viz muj podpis - je podrobnejsi nez HJT
Kde se onen trojan vyskytoval
Dejte prosim log z RSIT - viz muj podpis - je podrobnejsi nez HJT
Kde se onen trojan vyskytoval
Re: Preventivní kontrola logu
Tak nevím, otevřelo mi to dva soubory v poznámkovým bloku, pro jistotu jsem je oba zkopíroval sem.
Jinak cesta k tomu infikovanýmu souboru byla: c:\windows\setup\scripts\windows7loader.exe
LOG 1:
info.txt logfile of random's system information tool 1.09 2011-09-11 21:12:52
======Uninstall list======
7-Zip 9.20-->"D:\Programy\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /X{385DD1DD-65AA-408D-8E70-74601C2DB7E6}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
avast! Free Antivirus-->D:\Programy\avast\aswRunDll.exe "D:\Programy\avast\Setup\setiface.dll" RunSetup
DAEMON Tools Lite-->D:\Programy\DAEMON Tools Lite\uninst.exe
Guitar Pro 5.2-->"D:\Programy\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"D:\Programy\HijackThis.exe" /uninstall
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 6.0.1 (x86 cs)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPRequestAdditionalSoftware
Reakce: Není k dispozici
ID souboru CAB: 0
Podpis problému:
P1: x64
P2: USB\VID_093A&PID_2510&REV_0100
P3: 6.1.0.0
P4: 0405
P5: input.inf
P6: *
P7:
P8:
P9:
P10:
Připojené soubory:
Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_693fea5e647d95e9e84419a42e6a61403ac01242_cab_0216dbec
Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: ac5aad92-d588-11e0-b055-e52b1dbc2ad4
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110902172621.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172437.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172430.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110902172424.812520-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110902172425.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin
Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -
Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.520080-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin
Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -
Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.504480-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x2fd55
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172401.911679-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172359.056874-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172358.947674-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;D:\Programy\ATI\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
LOG 2
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-09-11 21:12:46
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (62%) free of 50 GB
Total RAM: 4095 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:49, on 11.9.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\trend micro\Kuba.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6733 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"D:\Programy\avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Programy\avast\AvastUI.exe" /nogui
"D:\Programy\ATI\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe" 0
"D:\Programy\Miranda IM\miranda32.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"D:\Programy\Mozilla Firefox\firefox.exe"
"D:\Programy\Mozilla Firefox\plugin-container.exe" --channel=3624.e35b020.393167907 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "D:\Programy\Mozilla Firefox\omni.jar" 3624 "\\.\pipe\gecko-crash-server-pipe.3624" plugin
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"D:\Programy\hijackthis.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\splwow64.exe 1
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "D:\Kuba\Knihovna\aaa.docx"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Kuba\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
=========Mozilla firefox=========
ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\rvkbx408.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
D:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
D:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"avast"=D:\Programy\avast\avastUI.exe [2011-09-06 3722416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-09-11 21:12:47 ----D---- C:\Program Files\trend micro
2011-09-11 21:12:46 ----D---- C:\rsit
2011-09-11 18:24:11 ----D---- C:\Windows\system32\appmgmt
2011-09-11 16:31:17 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-09-11 16:31:16 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-09-11 16:31:10 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-09-11 16:31:08 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-09-11 16:30:58 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-09-11 16:30:58 ----A---- C:\Windows\avastSS.scr
2011-09-11 15:09:44 ----A---- C:\Windows\system32\lsdelete.exe
2011-09-11 14:03:45 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-09-11 14:01:03 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-11 14:01:03 ----A---- C:\Windows\system32\drivers\Lbd.sys
2011-09-11 14:01:00 ----D---- C:\ProgramData\Lavasoft
2011-09-11 14:01:00 ----D---- C:\Program Files (x86)\Lavasoft
2011-09-11 13:50:56 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-11 13:47:09 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-09-11 13:46:17 ----RHD---- C:\MSOCache
2011-09-11 13:43:25 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-09-11 13:42:13 ----D---- C:\Users\Kuba\AppData\Roaming\DAEMON Tools Lite
2011-09-11 13:42:09 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-09-11 08:02:50 ----D---- C:\Users\Kuba\AppData\Roaming\uTorrent
2011-09-04 14:11:06 ----D---- C:\Windows\PCHEALTH
2011-09-04 14:07:06 ----D---- C:\Program Files\Microsoft Office
2011-09-04 14:06:51 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-04 14:05:51 ----D---- C:\Program Files (x86)\Microsoft Office
2011-09-04 14:05:50 ----D---- C:\ProgramData\Microsoft Help
2011-09-02 20:22:46 ----D---- C:\Windows\Panther
2011-09-02 20:09:59 ----D---- C:\Users\Kuba\AppData\Roaming\ATI
2011-09-02 20:09:59 ----D---- C:\ProgramData\ATI
2011-09-02 20:08:07 ----D---- C:\Program Files\ATI
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2011-09-02 20:02:45 ----N---- C:\Windows\system32\MpSigStub.exe
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Macromedia
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Adobe
2011-09-02 20:00:31 ----D---- C:\Windows\SYSWOW64\Macromed
2011-09-02 19:53:49 ----A---- C:\Windows\system32\aswBoot.exe
2011-09-02 19:53:21 ----SHD---- C:\Windows\Installer
2011-09-02 19:53:11 ----D---- C:\ProgramData\AVAST Software
2011-09-02 19:53:11 ----D---- C:\Program Files\AVAST Software
2011-09-02 19:50:55 ----D---- C:\Users\Kuba\AppData\Roaming\Mozilla
2011-09-02 19:32:12 ----D---- C:\Users\Kuba\AppData\Roaming\Identities
2011-09-02 19:31:50 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2011-09-02 19:31:50 ----D---- C:\Users\Kuba\AppData\Roaming\Media Center Programs
2011-09-02 19:30:21 ----SHD---- C:\Recovery
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Šablony
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Plocha
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Oblíbené položky
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Nabídka Start
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Dokumenty
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Data aplikací
2011-09-02 19:26:45 ----D---- C:\Windows\SoftwareDistribution
2011-09-02 19:24:00 ----D---- C:\Windows\Prefetch
2011-09-02 19:23:47 ----ASH---- C:\pagefile.sys
2011-09-02 19:23:37 ----SHD---- C:\System Volume Information
2011-09-02 19:23:37 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 month======
2011-09-11 21:12:47 ----RD---- C:\Program Files
2011-09-11 21:12:41 ----D---- C:\Windows\Temp
2011-09-11 20:32:29 ----D---- C:\Windows\System32
2011-09-11 20:32:29 ----D---- C:\Windows\inf
2011-09-11 20:32:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-11 20:30:31 ----D---- C:\Windows\Tasks
2011-09-11 20:29:31 ----D---- C:\Windows\system32\wdi
2011-09-11 18:24:10 ----RD---- C:\Program Files (x86)
2011-09-11 18:11:32 ----D---- C:\Windows\system32\Tasks
2011-09-11 16:31:17 ----D---- C:\Windows\system32\drivers
2011-09-11 16:30:58 ----D---- C:\Windows\SysWOW64
2011-09-11 16:30:58 ----D---- C:\Windows
2011-09-11 14:20:55 ----D---- C:\Windows\Microsoft.NET
2011-09-11 14:20:54 ----RSD---- C:\Windows\assembly
2011-09-11 14:02:50 ----D---- C:\Windows\system32\config
2011-09-11 14:01:03 ----D---- C:\Windows\system32\catroot
2011-09-11 14:01:00 ----HD---- C:\ProgramData
2011-09-11 13:52:43 ----D---- C:\Windows\winsxs
2011-09-11 13:51:27 ----RSD---- C:\Windows\Fonts
2011-09-11 13:51:21 ----D---- C:\Windows\ShellNew
2011-09-11 13:51:12 ----D---- C:\Program Files (x86)\MSBuild
2011-09-11 13:50:55 ----D---- C:\Program Files (x86)\Common Files
2011-09-11 13:48:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-11 13:48:35 ----SD---- C:\ProgramData\Microsoft
2011-09-11 13:47:32 ----A---- C:\Windows\win.ini
2011-09-11 13:43:47 ----D---- C:\Windows\system32\DriverStore
2011-09-11 13:31:46 ----D---- C:\Windows\system32\wfp
2011-09-11 13:31:43 ----D---- C:\Windows\system32\wbem
2011-09-11 13:30:49 ----D---- C:\Windows\system32\NDF
2011-09-11 13:30:49 ----D---- C:\Windows\system32\catroot2
2011-09-11 13:30:48 ----D---- C:\Windows\AppCompat
2011-09-11 13:30:29 ----D---- C:\Windows\registration
2011-09-09 14:23:16 ----D---- C:\Windows\Logs
2011-09-05 20:38:19 ----D---- C:\Windows\system32\LogFiles
2011-09-02 20:22:16 ----D---- C:\Windows\Setup
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2011-09-02 20:05:54 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd6a.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atitmm64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atipdl64.dll
2011-09-02 20:05:53 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODE.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODCLI.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\atio6axx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimuixx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimpc64.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\amdpcom64.dll
2011-09-02 20:05:50 ----A---- C:\Windows\system32\atiesrxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atiedu64.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atieclxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atidxx64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticalrt64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticaldd64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\aticalcl64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atibtmon.exe
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atiadlxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2011-09-02 19:54:52 ----D---- C:\Windows\system32\CodeIntegrity
2011-09-02 19:52:59 ----D---- C:\Windows\system32\restore
2011-09-02 19:32:08 ----SHD---- C:\$Recycle.Bin
2011-09-02 19:31:50 ----RD---- C:\Users
2011-09-02 19:30:36 ----D---- C:\Windows\rescache
2011-09-02 19:30:21 ----D---- C:\Program Files\Windows NT
2011-09-02 19:29:37 ----D---- C:\Windows\debug
2011-09-02 19:26:40 ----D---- C:\Windows\system32\sysprep
2011-09-02 19:24:24 ----D---- C:\Windows\CSC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-11 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-02 6036480]
R3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-11 17152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-02 203264]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\avast\AvastSvc.exe [2011-09-06 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-11 2151640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Jinak cesta k tomu infikovanýmu souboru byla: c:\windows\setup\scripts\windows7loader.exe
LOG 1:
info.txt logfile of random's system information tool 1.09 2011-09-11 21:12:52
======Uninstall list======
7-Zip 9.20-->"D:\Programy\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /X{385DD1DD-65AA-408D-8E70-74601C2DB7E6}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
avast! Free Antivirus-->D:\Programy\avast\aswRunDll.exe "D:\Programy\avast\Setup\setiface.dll" RunSetup
DAEMON Tools Lite-->D:\Programy\DAEMON Tools Lite\uninst.exe
Guitar Pro 5.2-->"D:\Programy\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"D:\Programy\HijackThis.exe" /uninstall
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 6.0.1 (x86 cs)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPRequestAdditionalSoftware
Reakce: Není k dispozici
ID souboru CAB: 0
Podpis problému:
P1: x64
P2: USB\VID_093A&PID_2510&REV_0100
P3: 6.1.0.0
P4: 0405
P5: input.inf
P6: *
P7:
P8:
P9:
P10:
Připojené soubory:
Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_693fea5e647d95e9e84419a42e6a61403ac01242_cab_0216dbec
Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: ac5aad92-d588-11e0-b055-e52b1dbc2ad4
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110902172621.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172437.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172430.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110902172424.812520-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110902172425.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin
Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -
Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.520080-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin
Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -
Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.504480-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x2fd55
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172401.911679-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172359.056874-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172358.947674-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;D:\Programy\ATI\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
LOG 2
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-09-11 21:12:46
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (62%) free of 50 GB
Total RAM: 4095 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:49, on 11.9.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\trend micro\Kuba.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6733 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"D:\Programy\avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Programy\avast\AvastUI.exe" /nogui
"D:\Programy\ATI\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe" 0
"D:\Programy\Miranda IM\miranda32.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"D:\Programy\Mozilla Firefox\firefox.exe"
"D:\Programy\Mozilla Firefox\plugin-container.exe" --channel=3624.e35b020.393167907 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "D:\Programy\Mozilla Firefox\omni.jar" 3624 "\\.\pipe\gecko-crash-server-pipe.3624" plugin
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"D:\Programy\hijackthis.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\splwow64.exe 1
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "D:\Kuba\Knihovna\aaa.docx"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Kuba\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
=========Mozilla firefox=========
ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\rvkbx408.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
D:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
D:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"avast"=D:\Programy\avast\avastUI.exe [2011-09-06 3722416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-09-11 21:12:47 ----D---- C:\Program Files\trend micro
2011-09-11 21:12:46 ----D---- C:\rsit
2011-09-11 18:24:11 ----D---- C:\Windows\system32\appmgmt
2011-09-11 16:31:17 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-09-11 16:31:16 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-09-11 16:31:10 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-09-11 16:31:08 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-09-11 16:30:58 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-09-11 16:30:58 ----A---- C:\Windows\avastSS.scr
2011-09-11 15:09:44 ----A---- C:\Windows\system32\lsdelete.exe
2011-09-11 14:03:45 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-09-11 14:01:03 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-11 14:01:03 ----A---- C:\Windows\system32\drivers\Lbd.sys
2011-09-11 14:01:00 ----D---- C:\ProgramData\Lavasoft
2011-09-11 14:01:00 ----D---- C:\Program Files (x86)\Lavasoft
2011-09-11 13:50:56 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-11 13:47:09 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-09-11 13:46:17 ----RHD---- C:\MSOCache
2011-09-11 13:43:25 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-09-11 13:42:13 ----D---- C:\Users\Kuba\AppData\Roaming\DAEMON Tools Lite
2011-09-11 13:42:09 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-09-11 08:02:50 ----D---- C:\Users\Kuba\AppData\Roaming\uTorrent
2011-09-04 14:11:06 ----D---- C:\Windows\PCHEALTH
2011-09-04 14:07:06 ----D---- C:\Program Files\Microsoft Office
2011-09-04 14:06:51 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-04 14:05:51 ----D---- C:\Program Files (x86)\Microsoft Office
2011-09-04 14:05:50 ----D---- C:\ProgramData\Microsoft Help
2011-09-02 20:22:46 ----D---- C:\Windows\Panther
2011-09-02 20:09:59 ----D---- C:\Users\Kuba\AppData\Roaming\ATI
2011-09-02 20:09:59 ----D---- C:\ProgramData\ATI
2011-09-02 20:08:07 ----D---- C:\Program Files\ATI
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2011-09-02 20:02:45 ----N---- C:\Windows\system32\MpSigStub.exe
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Macromedia
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Adobe
2011-09-02 20:00:31 ----D---- C:\Windows\SYSWOW64\Macromed
2011-09-02 19:53:49 ----A---- C:\Windows\system32\aswBoot.exe
2011-09-02 19:53:21 ----SHD---- C:\Windows\Installer
2011-09-02 19:53:11 ----D---- C:\ProgramData\AVAST Software
2011-09-02 19:53:11 ----D---- C:\Program Files\AVAST Software
2011-09-02 19:50:55 ----D---- C:\Users\Kuba\AppData\Roaming\Mozilla
2011-09-02 19:32:12 ----D---- C:\Users\Kuba\AppData\Roaming\Identities
2011-09-02 19:31:50 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2011-09-02 19:31:50 ----D---- C:\Users\Kuba\AppData\Roaming\Media Center Programs
2011-09-02 19:30:21 ----SHD---- C:\Recovery
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Šablony
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Plocha
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Oblíbené položky
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Nabídka Start
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Dokumenty
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Data aplikací
2011-09-02 19:26:45 ----D---- C:\Windows\SoftwareDistribution
2011-09-02 19:24:00 ----D---- C:\Windows\Prefetch
2011-09-02 19:23:47 ----ASH---- C:\pagefile.sys
2011-09-02 19:23:37 ----SHD---- C:\System Volume Information
2011-09-02 19:23:37 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 month======
2011-09-11 21:12:47 ----RD---- C:\Program Files
2011-09-11 21:12:41 ----D---- C:\Windows\Temp
2011-09-11 20:32:29 ----D---- C:\Windows\System32
2011-09-11 20:32:29 ----D---- C:\Windows\inf
2011-09-11 20:32:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-11 20:30:31 ----D---- C:\Windows\Tasks
2011-09-11 20:29:31 ----D---- C:\Windows\system32\wdi
2011-09-11 18:24:10 ----RD---- C:\Program Files (x86)
2011-09-11 18:11:32 ----D---- C:\Windows\system32\Tasks
2011-09-11 16:31:17 ----D---- C:\Windows\system32\drivers
2011-09-11 16:30:58 ----D---- C:\Windows\SysWOW64
2011-09-11 16:30:58 ----D---- C:\Windows
2011-09-11 14:20:55 ----D---- C:\Windows\Microsoft.NET
2011-09-11 14:20:54 ----RSD---- C:\Windows\assembly
2011-09-11 14:02:50 ----D---- C:\Windows\system32\config
2011-09-11 14:01:03 ----D---- C:\Windows\system32\catroot
2011-09-11 14:01:00 ----HD---- C:\ProgramData
2011-09-11 13:52:43 ----D---- C:\Windows\winsxs
2011-09-11 13:51:27 ----RSD---- C:\Windows\Fonts
2011-09-11 13:51:21 ----D---- C:\Windows\ShellNew
2011-09-11 13:51:12 ----D---- C:\Program Files (x86)\MSBuild
2011-09-11 13:50:55 ----D---- C:\Program Files (x86)\Common Files
2011-09-11 13:48:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-11 13:48:35 ----SD---- C:\ProgramData\Microsoft
2011-09-11 13:47:32 ----A---- C:\Windows\win.ini
2011-09-11 13:43:47 ----D---- C:\Windows\system32\DriverStore
2011-09-11 13:31:46 ----D---- C:\Windows\system32\wfp
2011-09-11 13:31:43 ----D---- C:\Windows\system32\wbem
2011-09-11 13:30:49 ----D---- C:\Windows\system32\NDF
2011-09-11 13:30:49 ----D---- C:\Windows\system32\catroot2
2011-09-11 13:30:48 ----D---- C:\Windows\AppCompat
2011-09-11 13:30:29 ----D---- C:\Windows\registration
2011-09-09 14:23:16 ----D---- C:\Windows\Logs
2011-09-05 20:38:19 ----D---- C:\Windows\system32\LogFiles
2011-09-02 20:22:16 ----D---- C:\Windows\Setup
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2011-09-02 20:05:54 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd6a.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atitmm64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atipdl64.dll
2011-09-02 20:05:53 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODE.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODCLI.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\atio6axx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimuixx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimpc64.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\amdpcom64.dll
2011-09-02 20:05:50 ----A---- C:\Windows\system32\atiesrxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atiedu64.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atieclxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atidxx64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticalrt64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticaldd64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\aticalcl64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atibtmon.exe
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atiadlxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2011-09-02 19:54:52 ----D---- C:\Windows\system32\CodeIntegrity
2011-09-02 19:52:59 ----D---- C:\Windows\system32\restore
2011-09-02 19:32:08 ----SHD---- C:\$Recycle.Bin
2011-09-02 19:31:50 ----RD---- C:\Users
2011-09-02 19:30:36 ----D---- C:\Windows\rescache
2011-09-02 19:30:21 ----D---- C:\Program Files\Windows NT
2011-09-02 19:29:37 ----D---- C:\Windows\debug
2011-09-02 19:26:40 ----D---- C:\Windows\system32\sysprep
2011-09-02 19:24:24 ----D---- C:\Windows\CSC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-11 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-02 6036480]
R3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-11 17152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-02 203264]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\avast\AvastSvc.exe [2011-09-06 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-11 2151640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Re: Preventivní kontrola logu
Tak nelegalni operacni system tu resit snad nebudeme ne
Re: Preventivní kontrola logu
On je nelegální? Nevím, NTB jsem zakoupil od známého. Hm, tak příští týden to vidím na návštěvu prodejny PC. Děkuji za pomoc, mějte se.
Re: Preventivní kontrola logu
Ano je, to co vam nasel ad-aware je prave onen crack....
Po znamem bych pozadoval zaplaceni licence, ale to je uz ciste vase vec...
Po znamem bych pozadoval zaplaceni licence, ale to je uz ciste vase vec...