Preventivní kontrola logu

Zpráva

St. Jimmy · #1 Příspěvek od **St. Jimmy** » 25 lis 2010 08:22

Ahoj lidi, svchost.exe mi po startu zabírá 100% CPU, ale pak se uklidní, je to normální? Jinak přikládám log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jimmy at 2010-11-25 08:14:02
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (58%) free of 50 GB
Total RAM: 4095 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:22, on 25.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\programy\DAEMON Tools Lite\DTLite.exe
D:\programy\stickies\stickies.exe
D:\programy\avast\AvastUI.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jimmy\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Jimmy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "D:\programy\avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\programy\adobe reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stickies.lnk = D:\programy\stickies\stickies.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6655950-0029-435D-A6E4-371A3EF573E6}: NameServer = 81.19.45.14,81.19.45.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8132 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-06 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-07-09 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=D:\programy\QuickTime\QTTask.exe [2010-03-17 421888]
"avast5"=D:\programy\avast\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=D:\programy\adobe reader\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 136176]

C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stickies.lnk - D:\programy\stickies\stickies.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-25 08:14:02 ----D---- C:\rsit
2010-11-25 08:14:02 ----D---- C:\Program Files (x86)\trend micro
2010-11-22 17:46:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-11-22 11:34:55 ----A---- C:\Windows\BlendSettings.ini
2010-11-18 13:40:19 ----D---- C:\Users\Jimmy\AppData\Roaming\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\ProgramData\Spyware Terminator
2010-11-18 13:40:17 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-11-17 13:24:55 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-11-07 21:35:06 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-11-07 21:35:02 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-11-07 21:35:01 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-11-07 21:34:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-11-07 21:34:57 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-11-07 21:34:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-11-07 21:34:52 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-11-07 21:34:51 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-11-07 21:34:50 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-11-07 21:34:49 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-11-07 21:34:47 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-11-07 21:34:46 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-11-07 21:34:44 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-11-07 21:34:43 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-11-07 21:34:42 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-11-07 21:34:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-11-07 21:34:39 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-11-07 21:34:38 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-11-07 21:34:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-11-07 21:34:35 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-11-07 21:34:34 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-11-07 21:34:33 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-11-07 21:34:31 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-11-07 21:34:30 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-11-07 21:34:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-11-07 21:34:27 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-11-07 21:34:26 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-11-07 21:34:24 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-11-07 21:34:23 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-11-07 21:34:22 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-11-07 21:34:21 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-11-07 21:34:20 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-11-07 21:34:19 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-11-07 21:34:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-11-07 21:34:09 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-11-07 21:34:08 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-11-07 21:34:06 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-11-07 21:34:04 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-11-07 21:34:02 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-11-07 21:34:01 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-11-07 21:33:59 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-11-01 19:14:17 ----D---- C:\Users\Jimmy\AppData\Roaming\stickies
2010-11-01 19:14:16 ----A---- C:\Windows\uninstallstickies.bat
2010-10-28 09:47:00 ----D---- C:\Program Files (x86)\Microsoft WSE

======List of files/folders modified in the last 1 months======

2010-11-25 08:14:09 ----D---- C:\Windows\Temp
2010-11-25 08:14:02 ----RD---- C:\Program Files (x86)
2010-11-25 07:56:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-24 16:14:20 ----D---- C:\Users\Jimmy\AppData\Roaming\uTorrent
2010-11-24 11:46:54 ----D---- C:\Windows\Prefetch
2010-11-24 11:45:50 ----SHD---- C:\System Volume Information
2010-11-24 11:35:22 ----D---- C:\Windows
2010-11-22 22:46:18 ----D---- C:\Users\Jimmy\AppData\Roaming\Skype
2010-11-22 21:12:02 ----D---- C:\Users\Jimmy\AppData\Roaming\skypePM
2010-11-22 17:46:32 ----SHD---- C:\Windows\Installer
2010-11-22 10:50:10 ----RSD---- C:\Windows\assembly
2010-11-21 18:23:33 ----D---- C:\Windows\SysWOW64
2010-11-21 10:06:37 ----RD---- C:\Program Files (x86)\Skype
2010-11-21 10:05:49 ----D---- C:\Program Files (x86)\EACOM
2010-11-21 10:01:22 ----HD---- C:\ProgramData
2010-11-19 15:29:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-19 12:29:16 ----D---- C:\Windows\System32
2010-11-19 12:29:16 ----D---- C:\Windows\inf
2010-11-18 13:04:54 ----D---- C:\Users\Jimmy\AppData\Roaming\Audacity
2010-10-28 10:00:19 ----D---- C:\ProgramData\Electronic Arts
2010-10-26 16:58:12 ----D---- C:\Program Files (x86)\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 awtsldxn;awtsldxn; C:\Windows\SysWOW64\drivers\awtsldxn.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-11-18 948775]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\programy\avast\AvastSvc.exe [2010-09-07 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 25 lis 2010 10:16

Zdravim a pekny den preji

Vypnu Vam u Spyware Terminatora rezidentni stitm jelikoz by mohlo dochazet ke kolizi s rez. stitem Avastu - Terminatora tak budete mit jen na obcasyn rucni sken - ono to staci jelikoz avast uz neco takoveho v sobe ma

svchost.exe je legitimni soubor winu, ale podivame se na to

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Spyware Terminator Realtime Shield Service
U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

Spustte HJT a provedeme fixnuti polozek

HJT najdete zde C:\Program Files (x86)\trend micro\Jimmy.exe
Otevre se Vam okno, kliknete na Do a system scan only
V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Google Update"=-

:files
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job
C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

St. Jimmy · #3 Příspěvek od **St. Jimmy** » 25 lis 2010 12:37

Omlouvám se za duplicitu, nevím jak se to stalo

. Každopádně jsem (snad dobře) vše udělal podle instrukcí, uvidíme, jestli to pomohlo. Jinak při nabíhání byl komp pomalejší, asi krz to OTM, že? Tady je z něj log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160225376-1621202661-69369417-1000UA.job moved successfully.
C:\Users\Jimmy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSIAE4B.tmp moved successfully.
C:\Windows\Installer\MSID423.tmp moved successfully.
C:\Windows\Installer\MSID947.tmp moved successfully.
C:\Windows\Installer\MSIF2FB.tmp moved successfully.
C:\Windows\Temp\TS_8FF0.tmp moved successfully.
C:\Windows\Temp\TS_95AB.tmp moved successfully.
C:\Windows\Temp\TS_99B2.tmp moved successfully.
C:\Windows\Temp\TS_A335.tmp moved successfully.
C:\Windows\Temp\TS_A577.tmp moved successfully.
C:\Windows\Temp\TS_A7F7.tmp moved successfully.
C:\Windows\Temp\TS_B947.tmp moved successfully.
C:\Windows\Temp\TS_C587.tmp moved successfully.
C:\Windows\Temp\TS_CF29.tmp moved successfully.
C:\Windows\Temp\UDD60E4.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jimmy
->Temp folder emptied: 46528491 bytes
->Temporary Internet Files folder emptied: 127939691 bytes
->FireFox cache emptied: 84223182 bytes
->Google Chrome cache emptied: 353930292 bytes
->Opera cache emptied: 1113734 bytes
->Flash cache emptied: 46046 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21454 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 585,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 11252010_122855

Files moved on Reboot...
File C:\Users\Jimmy\AppData\Local\Temp\etilqs_RoBAPhvMTZ0BE4CUDC62 not found!
C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

St. Jimmy · #4 Příspěvek od **St. Jimmy** » 25 lis 2010 12:41

Ještě bych měl vlastně dotaz - všiml jsem si, že hodně toho, co jsem fixnul v HJT, bylo nějak spojeno s QIPem, mám si najít nějaký jiný komunikátor? Pokud ano, jaký?

#5 Příspěvek od **vyosek** » 25 lis 2010 14:04

Komunikator QIP Vam muzu narozdil od ICQ velmi doporucit, jeste stoji za uvazenou Miranda. Ty veci co se fixovali se tam dostali pri instalaci - je treba cist co instalojujete, nastavujete...

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy a ani dotazy, je to z me strany vse

St. Jimmy · #6 Příspěvek od **St. Jimmy** » 25 lis 2010 14:16

Díky moc, ještě bych se zeptal, proč se mi seká při startu ta znělka, je to normální?

#7 Příspěvek od **vyosek** » 25 lis 2010 14:21

Nemate na plose nejak hodne veci - nemyslim zastupce - myslim nejake velke soubory...jinak pokud neni zasek nejaky velky, tak bych se v tom nejak nehrabal...asi nestiha v ten momentik procesor...

St. Jimmy · #8 Příspěvek od **St. Jimmy** » 25 lis 2010 14:28

Vypadá to dobře, jinak ten zásek není moc velký, fakt jako kdyby to spíš nestíhalo. Moc vám děkuji

#9 Příspěvek od **vyosek** » 25 lis 2010 14:33

Procistete jak jsem psal vyse a jeste udelejte pripadne defragmentaci

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

St. Jimmy · #10 Příspěvek od **St. Jimmy** » 11 zář 2011 19:44

Vypadá to, že můj komp přežil infekci zatím pro mě neznámým trojanem, kterého zvládl najít jen Lavasoftí Ad-Aware. Trojan se jmenuje "Trojan.Win32.Generic.pak!cobra" - vůbec nevím, co je to zač. No každopádně, přikládám log z HJT, jestli tam nezůstalo ještě něco... za každou pomoc předem děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 11.9.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6660 bytes

#11 Příspěvek od **vyosek** » 11 zář 2011 20:07

Zdravim

Dejte prosim log z RSIT - viz muj podpis - je podrobnejsi nez HJT

Kde se onen trojan vyskytoval

St. Jimmy · #12 Příspěvek od **St. Jimmy** » 11 zář 2011 20:17

Tak nevím, otevřelo mi to dva soubory v poznámkovým bloku, pro jistotu jsem je oba zkopíroval sem.
Jinak cesta k tomu infikovanýmu souboru byla: c:\windows\setup\scripts\windows7loader.exe

LOG 1:

info.txt logfile of random's system information tool 1.09 2011-09-11 21:12:52

======Uninstall list======

7-Zip 9.20-->"D:\Programy\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /X{385DD1DD-65AA-408D-8E70-74601C2DB7E6}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
avast! Free Antivirus-->D:\Programy\avast\aswRunDll.exe "D:\Programy\avast\Setup\setiface.dll" RunSetup
DAEMON Tools Lite-->D:\Programy\DAEMON Tools Lite\uninst.exe
Guitar Pro 5.2-->"D:\Programy\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"D:\Programy\HijackThis.exe" /uninstall
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 6.0.1 (x86 cs)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPRequestAdditionalSoftware
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: USB\VID_093A&PID_2510&REV_0100
P3: 6.1.0.0
P4: 0405
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Připojené soubory:

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_693fea5e647d95e9e84419a42e6a61403ac01242_cab_0216dbec

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: ac5aad92-d588-11e0-b055-e52b1dbc2ad4
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110902172621.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172437.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110902172430.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110902172424.812520-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110902172425.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.520080-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172402.504480-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x2fd55
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172401.911679-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172359.056874-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110902172358.947674-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;D:\Programy\ATI\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

LOG 2

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-09-11 21:12:46
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (62%) free of 50 GB
Total RAM: 4095 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:49, on 11.9.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\avast\AvastUI.exe
D:\Programy\Miranda IM\miranda32.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Programy\hijackthis.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\trend micro\Kuba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "D:\Programy\avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6733 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"D:\Programy\avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Programy\avast\AvastUI.exe" /nogui
"D:\Programy\ATI\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"D:\Programy\ATI\ATI.ACE\Core-Static\CCC.exe" 0
"D:\Programy\Miranda IM\miranda32.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"D:\Programy\Mozilla Firefox\firefox.exe"
"D:\Programy\Mozilla Firefox\plugin-container.exe" --channel=3624.e35b020.393167907 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0.2 -greomni "D:\Programy\Mozilla Firefox\omni.jar" 3624 "\\.\pipe\gecko-crash-server-pipe.3624" plugin
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"D:\Programy\hijackthis.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\splwow64.exe 1
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "D:\Kuba\Knihovna\aaa.docx"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Kuba\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\rvkbx408.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

D:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - D:\Programy\avast\aswWebRepIE64.dll [2011-09-06 959432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Programy\avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=D:\Programy\ATI\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"avast"=D:\Programy\avast\avastUI.exe [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-11 21:12:47 ----D---- C:\Program Files\trend micro
2011-09-11 21:12:46 ----D---- C:\rsit
2011-09-11 18:24:11 ----D---- C:\Windows\system32\appmgmt
2011-09-11 16:31:17 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-09-11 16:31:16 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-09-11 16:31:10 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-09-11 16:31:09 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-09-11 16:31:08 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-09-11 16:30:58 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-09-11 16:30:58 ----A---- C:\Windows\avastSS.scr
2011-09-11 15:09:44 ----A---- C:\Windows\system32\lsdelete.exe
2011-09-11 14:03:45 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-09-11 14:01:03 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-11 14:01:03 ----A---- C:\Windows\system32\drivers\Lbd.sys
2011-09-11 14:01:00 ----D---- C:\ProgramData\Lavasoft
2011-09-11 14:01:00 ----D---- C:\Program Files (x86)\Lavasoft
2011-09-11 13:50:56 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2011-09-11 13:50:35 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-11 13:47:09 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-09-11 13:46:17 ----RHD---- C:\MSOCache
2011-09-11 13:43:25 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-09-11 13:42:13 ----D---- C:\Users\Kuba\AppData\Roaming\DAEMON Tools Lite
2011-09-11 13:42:09 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-09-11 08:02:50 ----D---- C:\Users\Kuba\AppData\Roaming\uTorrent
2011-09-04 14:11:06 ----D---- C:\Windows\PCHEALTH
2011-09-04 14:07:06 ----D---- C:\Program Files\Microsoft Office
2011-09-04 14:06:51 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-04 14:05:51 ----D---- C:\Program Files (x86)\Microsoft Office
2011-09-04 14:05:50 ----D---- C:\ProgramData\Microsoft Help
2011-09-02 20:22:46 ----D---- C:\Windows\Panther
2011-09-02 20:09:59 ----D---- C:\Users\Kuba\AppData\Roaming\ATI
2011-09-02 20:09:59 ----D---- C:\ProgramData\ATI
2011-09-02 20:08:07 ----D---- C:\Program Files\ATI
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2011-09-02 20:03:42 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2011-09-02 20:02:45 ----N---- C:\Windows\system32\MpSigStub.exe
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Macromedia
2011-09-02 20:00:36 ----D---- C:\Users\Kuba\AppData\Roaming\Adobe
2011-09-02 20:00:31 ----D---- C:\Windows\SYSWOW64\Macromed
2011-09-02 19:53:49 ----A---- C:\Windows\system32\aswBoot.exe
2011-09-02 19:53:21 ----SHD---- C:\Windows\Installer
2011-09-02 19:53:11 ----D---- C:\ProgramData\AVAST Software
2011-09-02 19:53:11 ----D---- C:\Program Files\AVAST Software
2011-09-02 19:50:55 ----D---- C:\Users\Kuba\AppData\Roaming\Mozilla
2011-09-02 19:32:12 ----D---- C:\Users\Kuba\AppData\Roaming\Identities
2011-09-02 19:31:50 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2011-09-02 19:31:50 ----D---- C:\Users\Kuba\AppData\Roaming\Media Center Programs
2011-09-02 19:30:21 ----SHD---- C:\Recovery
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Šablony
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Plocha
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Oblíbené položky
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Nabídka Start
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Dokumenty
2011-09-02 19:30:21 ----SHD---- C:\ProgramData\Data aplikací
2011-09-02 19:26:45 ----D---- C:\Windows\SoftwareDistribution
2011-09-02 19:24:00 ----D---- C:\Windows\Prefetch
2011-09-02 19:23:47 ----ASH---- C:\pagefile.sys
2011-09-02 19:23:37 ----SHD---- C:\System Volume Information
2011-09-02 19:23:37 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2011-09-11 21:12:47 ----RD---- C:\Program Files
2011-09-11 21:12:41 ----D---- C:\Windows\Temp
2011-09-11 20:32:29 ----D---- C:\Windows\System32
2011-09-11 20:32:29 ----D---- C:\Windows\inf
2011-09-11 20:32:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-11 20:30:31 ----D---- C:\Windows\Tasks
2011-09-11 20:29:31 ----D---- C:\Windows\system32\wdi
2011-09-11 18:24:10 ----RD---- C:\Program Files (x86)
2011-09-11 18:11:32 ----D---- C:\Windows\system32\Tasks
2011-09-11 16:31:17 ----D---- C:\Windows\system32\drivers
2011-09-11 16:30:58 ----D---- C:\Windows\SysWOW64
2011-09-11 16:30:58 ----D---- C:\Windows
2011-09-11 14:20:55 ----D---- C:\Windows\Microsoft.NET
2011-09-11 14:20:54 ----RSD---- C:\Windows\assembly
2011-09-11 14:02:50 ----D---- C:\Windows\system32\config
2011-09-11 14:01:03 ----D---- C:\Windows\system32\catroot
2011-09-11 14:01:00 ----HD---- C:\ProgramData
2011-09-11 13:52:43 ----D---- C:\Windows\winsxs
2011-09-11 13:51:27 ----RSD---- C:\Windows\Fonts
2011-09-11 13:51:21 ----D---- C:\Windows\ShellNew
2011-09-11 13:51:12 ----D---- C:\Program Files (x86)\MSBuild
2011-09-11 13:50:55 ----D---- C:\Program Files (x86)\Common Files
2011-09-11 13:48:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-11 13:48:35 ----SD---- C:\ProgramData\Microsoft
2011-09-11 13:47:32 ----A---- C:\Windows\win.ini
2011-09-11 13:43:47 ----D---- C:\Windows\system32\DriverStore
2011-09-11 13:31:46 ----D---- C:\Windows\system32\wfp
2011-09-11 13:31:43 ----D---- C:\Windows\system32\wbem
2011-09-11 13:30:49 ----D---- C:\Windows\system32\NDF
2011-09-11 13:30:49 ----D---- C:\Windows\system32\catroot2
2011-09-11 13:30:48 ----D---- C:\Windows\AppCompat
2011-09-11 13:30:29 ----D---- C:\Windows\registration
2011-09-09 14:23:16 ----D---- C:\Windows\Logs
2011-09-05 20:38:19 ----D---- C:\Windows\system32\LogFiles
2011-09-02 20:22:16 ----D---- C:\Windows\Setup
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2011-09-02 20:05:56 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2011-09-02 20:05:54 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd6a.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atiumd64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atitmm64.dll
2011-09-02 20:05:54 ----A---- C:\Windows\system32\atipdl64.dll
2011-09-02 20:05:53 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODE.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\ATIODCLI.exe
2011-09-02 20:05:53 ----A---- C:\Windows\system32\atio6axx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimuixx.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\atimpc64.dll
2011-09-02 20:05:51 ----A---- C:\Windows\system32\amdpcom64.dll
2011-09-02 20:05:50 ----A---- C:\Windows\system32\atiesrxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atiedu64.dll
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atieclxx.exe
2011-09-02 20:05:49 ----A---- C:\Windows\system32\atidxx64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticalrt64.dll
2011-09-02 20:05:48 ----A---- C:\Windows\system32\aticaldd64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2011-09-02 20:05:47 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\aticalcl64.dll
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atibtmon.exe
2011-09-02 20:05:47 ----A---- C:\Windows\system32\atiadlxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2011-09-02 20:05:46 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2011-09-02 19:54:52 ----D---- C:\Windows\system32\CodeIntegrity
2011-09-02 19:52:59 ----D---- C:\Windows\system32\restore
2011-09-02 19:32:08 ----SHD---- C:\$Recycle.Bin
2011-09-02 19:31:50 ----RD---- C:\Users
2011-09-02 19:30:36 ----D---- C:\Windows\rescache
2011-09-02 19:30:21 ----D---- C:\Program Files\Windows NT
2011-09-02 19:29:37 ----D---- C:\Windows\debug
2011-09-02 19:26:40 ----D---- C:\Windows\system32\sysprep
2011-09-02 19:24:24 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-11 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-02 6036480]
R3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-11 17152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-02 203264]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\avast\AvastSvc.exe [2011-09-06 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-11 2151640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#13 Příspěvek od **vyosek** » 11 zář 2011 20:18

Tak nelegalni operacni system tu resit snad nebudeme ne

St. Jimmy · #14 Příspěvek od **St. Jimmy** » 11 zář 2011 20:26

On je nelegální? Nevím, NTB jsem zakoupil od známého. Hm, tak příští týden to vidím na návštěvu prodejny PC. Děkuji za pomoc, mějte se.

#15 Příspěvek od **vyosek** » 11 zář 2011 20:27

Ano je, to co vam nasel ad-aware je prave onen crack....

Po znamem bych pozadoval zaplaceni licence, ale to je uz ciste vase vec...

VIRY.CZ

Preventivní kontrola logu

Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Nový log

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu