Prosím o kontrolu logu

Zpráva

zarofka · #1 Příspěvek od **zarofka** » 15 kvě 2011 03:58

Zdravím, mohu poprosit o kontrolu logu. Eset online scanner mi našel pár trojských hřebců, ale já nehodlám hrát dostihy a sázky...

Sundalo mi to MS Security Essentials a když ho spustím, tak se vypne

Jedná se o Win7 64bit

Děkuji za pomoc...

#2 Příspěvek od **vyosek** » 15 kvě 2011 06:05

Zdravim a pekny den preji

Vlozte prosim log sem - pripadne jej rozdelte do vice prispevku

zarofka · #3 Příspěvek od **zarofka** » 15 kvě 2011 14:48

info.txt logfile of random's system information tool 1.08 2011-05-15 04:17:52

======Uninstall list======

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Dreamweaver CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Artisteer 3-->"C:\Program Files (x86)\Artisteer 3\bin\Uninstall.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
CD'n'Go! Suite 2.00-->"C:\Program Files (x86)\CD'n'Go! Suite\unins000.exe"
Centrum zařízení Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
Cisco AnyConnect VPN Client-->MsiExec.exe /X{6005535D-8A83-4108-A757-E1AB9886AECA}
Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Half-Life 2: Deathmatch-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/320
High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
HLSW v1.3.3.7b-->"C:\Program Files (x86)\HLSW\unins000.exe"
HTC BMP USB Driver-->MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{6B0A8356-2312-497F-B11D-0839D0BDB7CE}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 24 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416024FF}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Java(TM) SE Development Kit 6 Update 24 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160240}
LEGO Digital Designer-->C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Uninstall.exe
Leo's RC Simulator-->"C:\Program Files (x86)\Leo's RC Simulator\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
M-Audio Xponent Driver 6.0.2 (x64)-->MsiExec.exe /X{8D703B88-F5A8-47F9-9360-42AFCE6FB60B}
Maxthon 3-->C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Outlook Web Access S/MIME (2007)-->MsiExec.exe /I{CF1A6387-88F6-4BD9-B0BE-EA1AF7024C7C}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}
Microsoft Security Client-->MsiExec.exe /I{E77543EE-6FB5-4FF6-AB70-635392C8C756}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Moto assistant 1.3-->"C:\Moto assistant\unins000.exe"
Mozilla Firefox 4.0 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.9)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Native Instruments Traktor DJ Studio 3-->C:\PROGRA~2\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~2\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero CoverDesigner 10-->MsiExec.exe /X{FCF00A6E-FB58-477A-ABE9-232907105521}
Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD}
Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
OpenOffice.org 3.2-->MsiExec.exe /I{FAB43061-FEFB-46E8-A159-96710395DB5E}
Opera 11.10-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pb install.exe -u
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Rise of Nations-->"C:\Program Files (x86)\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
Secunia PSI (2.0.0.3001)-->"C:\Program Files (x86)\Secunia\PSI\uninstall.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellar Phoenix Windows Data Recovery V3.0-->"C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery\unins000.exe"
TomTom HOME 2.8.1.2218-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Torq Torq 1.5.2 (Build 009) - 8 July 2009-->"C:\Program Files (x86)\M-Audio\Torq\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TrackMania Nations Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/11020
UltraMixer 3.0.1-->"C:\Program Files (x86)\UltraMixer\unins000.exe"
Unity Web Player (All users)-->C:\Program Files (x86)\Unity\WebPlayer\Uninstall.exe /AllUsers
Unreal Tournament G.O.T.Y. Edition-->C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Uplink-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1510
Virtual DJ Home - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows 7 USB/DVD Download Tool-->MsiExec.exe /X{CCF298AF-9CE1-4B26-B251-486E98A34789}
WinOLS 1.906-->"C:\Program Files (x86)\EVC\WinOLS_Demo\unins000.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zimbra Desktop-->MsiExec.exe /X{B0C8207D-A362-41D1-8F5A-C25070CF7047}

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: ACPI\ATK0110
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIC86C.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_7b90e53f6497da36d01d2c8167badd7549330a6_cab_05b1c8ba

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 0335c6b2-bd9c-11df-9c4b-8f9b26357b3a
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100911115922.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100911115824.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100911115819.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100911115815.640169-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100911115815.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911115756.374103-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911115756.374103-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x3102b
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911115755.906101-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911115753.425692-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911115753.394492-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303

-----------------EOF-----------------

zarofka · #4 Příspěvek od **zarofka** » 15 kvě 2011 14:49

Logfile of random's system information tool 1.08 (written by random/random)
Run by zarofka at 2011-05-15 04:17:44
Microsoft Windows 7 Ultimate
System drive C: has 108 GB (71%) free of 153 GB
Total RAM: 1791 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:49, on 15.5.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\trend micro\zarofka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.mze.cz/CACHE/stc/3/binaries/vpnweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D67DB088-70B4-4006-B052-57F614FD3AA8} (ChtIEx Control) - http://www.vguard.net/myasp/chtIEx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5995F79E-E50D-449C-B675-E54BF4CD78C7}: NameServer = 93.153.117.1,62.141.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5995F79E-E50D-449C-B675-E54BF4CD78C7}: NameServer = 93.153.117.1,62.141.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5995F79E-E50D-449C-B675-E54BF4CD78C7}: NameServer = 93.153.117.1,62.141.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9643 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {354BD652-28E5-496A-B2D9-2D66E7C0B92C}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\NOISE8.dll",WQMMEX
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\NOISE8.dll",WQMMEX
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Secunia\PSI\psi_tray.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Users\zarofka\Desktop\SysInspector.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files (x86)\PSPad editor\PSPad.exe" "C:\Program Files (x86)\Ultimate Process Manager\upm_logfile.txt"
"C:\totalcmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Users\zarofka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\rahyn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-04 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-05-23 7833120]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-05-23 1833504]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 1436224]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2010-03-15 798728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"HTC Sync Loader"=C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-09-08 249856]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Users\zarofka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit -
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-05-15 04:17:45 ----D---- C:\Program Files\trend micro
2011-05-15 04:17:44 ----D---- C:\rsit
2011-05-14 19:37:35 ----D---- C:\ProgramData\LightScribe
2011-05-14 19:37:28 ----D---- C:\Users\zarofka\AppData\Roaming\Nero
2011-05-14 19:36:35 ----D---- C:\ProgramData\Nero
2011-05-14 19:36:02 ----D---- C:\Program Files (x86)\Nero
2011-05-14 19:33:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-05-14 19:33:48 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-05-14 19:33:47 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-05-14 19:33:46 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-05-14 19:33:44 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-05-12 00:58:50 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-05-12 00:58:50 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-05-12 00:58:50 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2011-05-12 00:58:50 ----A---- C:\Windows\SYSWOW64\msls31.dll
2011-05-12 00:58:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-05-12 00:58:49 ----A---- C:\Windows\SYSWOW64\msrating.dll
2011-05-12 00:58:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-05-12 00:58:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2011-05-12 00:58:48 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2011-05-12 00:58:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2011-05-12 00:58:47 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\url.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\inseng.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-05-12 00:58:46 ----A---- C:\Windows\SYSWOW64\icardie.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\wextract.exe
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-05-12 00:58:45 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\mshta.exe
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-05-12 00:58:44 ----A---- C:\Windows\SYSWOW64\admparse.dll
2011-05-12 00:58:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-05-12 00:58:43 ----A---- C:\Windows\system32\wininet.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\urlmon.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\pngfilt.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\occache.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\msrating.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\msls31.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\mshtml.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\mshta.exe
2011-05-12 00:58:43 ----A---- C:\Windows\system32\msfeedssync.exe
2011-05-12 00:58:43 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\jsproxy.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\jscript9.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\jscript.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\imgutil.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\ieUnatt.exe
2011-05-12 00:58:43 ----A---- C:\Windows\system32\iertutil.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\iepeers.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\ieakui.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\ieaksie.dll
2011-05-12 00:58:43 ----A---- C:\Windows\system32\admparse.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\wextract.exe
2011-05-12 00:58:42 ----A---- C:\Windows\system32\webcheck.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\vbscript.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\url.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-05-12 00:58:42 ----A---- C:\Windows\system32\mshtmler.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\mshtmled.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\msfeeds.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\licmgr10.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\inseng.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\iexpress.exe
2011-05-12 00:58:42 ----A---- C:\Windows\system32\ieui.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\iesysprep.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\iesetup.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\iernonce.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\ieframe.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\iedkcs32.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\ieapfltr.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\ieakeng.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\ie4uinit.exe
2011-05-12 00:58:42 ----A---- C:\Windows\system32\icardie.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\dxtrans.dll
2011-05-12 00:58:42 ----A---- C:\Windows\system32\dxtmsft.dll
2011-05-12 00:54:13 ----A---- C:\Windows\system32\esent.dll
2011-05-12 00:54:13 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-05-12 00:54:12 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-05-12 00:54:12 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-05-12 00:54:12 ----A---- C:\Windows\system32\fsutil.exe
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\storport.sys
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-05-12 00:54:12 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-05-12 00:53:50 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-05-12 00:53:50 ----A---- C:\Windows\system32\poqexec.exe
2011-05-12 00:53:49 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-05-12 00:53:49 ----A---- C:\Windows\system32\XpsPrint.dll
2011-05-12 00:53:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-12 00:53:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-05-12 00:53:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-05-12 00:53:44 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-05-12 00:53:44 ----A---- C:\Windows\explorer.exe
2011-05-12 00:53:41 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-05-12 00:53:41 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-12 00:53:40 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-12 00:53:39 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-05-12 00:53:39 ----A---- C:\Windows\system32\prevhost.exe
2011-05-12 00:47:18 ----D---- C:\Program Files (x86)\Leo's RC Simulator
2011-05-10 23:42:28 ----D---- C:\Program Files (x86)\ESET
2011-05-10 23:34:52 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2011-05-09 01:54:24 ----RASH---- C:\Windows\SYSWOW64\NOISE8.dll
2011-05-07 18:26:39 ----D---- C:\Program Files (x86)\Artisteer 3
2011-05-07 18:18:59 ----D---- C:\Users\zarofka\AppData\Roaming\Apple Computer
2011-04-24 18:59:39 ----D---- C:\Program Files (x86)\CD'n'Go! Suite
2011-04-22 20:49:27 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-04-22 20:49:27 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-04-22 20:49:27 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-22 20:49:27 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-22 20:49:27 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-22 20:49:26 ----A---- C:\Windows\system32\atmfd.dll
2011-04-22 20:49:25 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-04-22 20:49:25 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-04-22 20:49:25 ----A---- C:\Windows\system32\atmlib.dll
2011-04-22 20:49:24 ----A---- C:\Windows\system32\win32k.sys
2011-04-22 20:49:22 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-22 20:49:22 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-22 20:49:22 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-22 20:49:21 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-22 20:49:20 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-04-22 20:49:20 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-04-22 20:49:20 ----A---- C:\Windows\system32\mfc42.dll
2011-04-22 20:49:17 ----A---- C:\Windows\system32\winresume.exe
2011-04-22 20:49:17 ----A---- C:\Windows\system32\winload.exe
2011-04-22 20:49:17 ----A---- C:\Windows\system32\kdusb.dll
2011-04-22 20:49:17 ----A---- C:\Windows\system32\kdcom.dll
2011-04-22 20:49:17 ----A---- C:\Windows\system32\kd1394.dll
2011-04-22 20:48:41 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-04-22 20:48:41 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-22 20:48:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-22 20:48:40 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-22 20:48:40 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-22 20:48:40 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-22 20:47:53 ----A---- C:\Windows\system32\FXSCOVER.exe

======List of files/folders modified in the last 1 months======

2011-05-15 04:17:49 ----D---- C:\Windows\Prefetch
2011-05-15 04:17:45 ----RD---- C:\Program Files
2011-05-15 04:13:42 ----D---- C:\Windows\Temp
2011-05-15 04:03:42 ----D---- C:\Windows\system32\config
2011-05-14 19:37:35 ----HD---- C:\ProgramData
2011-05-14 19:37:11 ----SHD---- C:\Windows\Installer
2011-05-14 19:36:35 ----D---- C:\Windows\SysWOW64
2011-05-14 19:36:08 ----D---- C:\Program Files (x86)\Common Files
2011-05-14 19:36:02 ----RD---- C:\Program Files (x86)
2011-05-14 19:33:56 ----RSD---- C:\Windows\assembly
2011-05-14 19:33:53 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-05-14 19:33:39 ----D---- C:\Windows\winsxs
2011-05-12 19:33:36 ----D---- C:\Windows\rescache
2011-05-12 01:09:19 ----D---- C:\Windows\System32
2011-05-12 01:06:36 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-05-12 01:06:36 ----D---- C:\Windows\system32\cs-CZ
2011-05-12 01:06:36 ----D---- C:\Windows
2011-05-12 01:06:36 ----D---- C:\Program Files\Internet Explorer
2011-05-12 01:06:36 ----D---- C:\Program Files (x86)\Internet Explorer
2011-05-12 01:06:35 ----D---- C:\Windows\SYSWOW64\migration
2011-05-12 01:06:35 ----D---- C:\Windows\SYSWOW64\en-US
2011-05-12 01:06:35 ----D---- C:\Windows\system32\migration
2011-05-12 01:06:35 ----D---- C:\Windows\system32\en-US
2011-05-12 01:06:35 ----D---- C:\Windows\PolicyDefinitions
2011-05-12 01:06:34 ----D---- C:\Windows\system32\DriverStore
2011-05-12 01:06:34 ----D---- C:\Windows\system32\drivers
2011-05-12 01:06:34 ----D---- C:\Windows\AppPatch
2011-05-12 00:59:46 ----D---- C:\Windows\Logs
2011-05-12 00:59:32 ----D---- C:\Windows\system32\catroot2
2011-05-12 00:59:32 ----D---- C:\Windows\system32\catroot
2011-05-12 00:08:17 ----D---- C:\Program Files (x86)\Steam
2011-05-11 00:10:43 ----D---- C:\Windows\Tasks
2011-05-11 00:10:43 ----D---- C:\Windows\system32\Tasks
2011-05-09 23:20:12 ----SHD---- C:\System Volume Information
2011-05-09 19:53:38 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-08 23:23:25 ----D---- C:\Windows\inf
2011-05-08 23:23:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-07 18:19:01 ----D---- C:\Users\zarofka\AppData\Roaming\Artisteer
2011-05-04 19:21:48 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-04-30 04:37:25 ----D---- C:\Users\zarofka\AppData\Roaming\HLSW
2011-04-29 16:01:43 ----D---- C:\Users\zarofka\AppData\Roaming\Adobe
2011-04-29 11:54:46 ----A---- C:\Windows\system32\MRT.exe
2011-04-22 22:11:36 ----D---- C:\Windows\Microsoft.NET
2011-04-22 21:00:30 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-04-06 13368]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-12 254528]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 esihdrv;esihdrv; \??\C:\Users\zarofka\AppData\Local\Temp\esihdrv.sys [2011-05-15 134024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-05-23 1762080]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-21 413800]
S1 NetworkX;NetworkX; C:\Windows\syswow64\ckldrv.sys [2006-01-10 31846]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 MADFUXPONENT;Service for M-Audio Xponent DFU; C:\Windows\system32\DRIVERS\MAudioXponent_DFU.sys [2010-03-15 46088]
S3 MAUSBXPONENT;Service for M-Audio Xponent; C:\Windows\system32\DRIVERS\MAudioXponent.sys [2010-03-15 187912]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdcx64.sys [2007-06-28 12288]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcdx64.sys [2007-06-28 173056]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64.sys [2009-02-03 19456]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-09-12 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Crypkey License;Crypkey License; crypserv.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-04-26 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1255736]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 12784]

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 15 kvě 2011 15:03

Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci - ja jsem Vam to s dovolenim odstranil

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

zarofka · #6 Příspěvek od **zarofka** » 15 kvě 2011 15:56

vyosek píše:Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci - ja jsem Vam to s dovolenim odstranil

Děkuji

Test jsem spustil, tak uvidíme...

#7 Příspěvek od **vyosek** » 15 kvě 2011 15:57

Ok, pockam tedy na log z MBAM

zarofka · #8 Příspěvek od **zarofka** » 15 kvě 2011 22:29

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6584

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

15.5.2011 23:27:09
mbam-log

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 377461
Uplynulý čas: 48 minut, 17 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 13

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\aircrack-ng gui.exe (PUP.Aircrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\aircrack-ng.exe (PUP.Aircrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe (PUP.Aircrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\aireplay-ng.exe (PUP.AirCrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\airodump-ng-airpcap.exe (PUP.AirCrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\airodump-ng.exe (PUP.AirCrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\ivstools.exe (PUP.Aircrack) -> No action taken.
d:\SW\Programy\Sit\wifi crack\aircrack-ng-0.9.3-win\bin\packetforge-ng.exe (PUP.Aircrack) -> No action taken.
d:\SW\Programy\Video\DVD\Player\new\pdvd keygen, serial, skin\KEYGEN\keygen..exe (Trojan.Dropper.PGen) -> No action taken.
d:\SW\Programy\vypalovani\Nero9\nero.9.4.26.0\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\system volume information\_restore{2f753daf-2f5e-4b65-b144-e7b55788f4b1}\RP64\A0009859.exe (Trojan.Downloader) -> No action taken.
d:\system volume information\_restore{51c99453-d66e-4138-b2fc-77b5bcb35543}\RP65\A0034190.EXE (Malware.Packer.Gen) -> No action taken.
d:\system volume information\_restore{51c99453-d66e-4138-b2fc-77b5bcb35543}\RP65\A0034225.exe (Trojan.Agent) -> No action taken.

Počítám, že největší problém bude asi toto:
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

#9 Příspěvek od **vyosek** » 16 kvě 2011 07:48

Problem budou i ty cracky

Pak se nedivte ze mate zavirovane PC - takze VSE smazat - po mazani se objevi log - ten bych rad videl

zarofka · #10 Příspěvek od **zarofka** » 16 kvě 2011 08:07

Njn cracky

, dal jsem vše smazat a pořád počítač zlobil, jediná změna byla, že jsem se dostal do výpisu služeb, kde jsem zkusil nahodit MS SE, ale službu to hned vypnulo a opět zakázalo její spouštění. Nakonec jsem stáhnul combofix, ten zlikvidoval nějaké sys soubory v system32 a komp běží zas jako dřív. Jen mě trošku překvapilo, že Nod nebyl schopný všechny viry najít. Možná teď trošku odbočím, ale na disku D: mám volume system... adresář asi z předchozí verze operačního systému a nemůžu se ho za boha zbavit. Vím že ho používá systém při vytváření bodů obnovy, ale tohle vše mám po předchzích zkušenostech s viry vypnuté.

Děkuji za pomoc při řešení

#11 Příspěvek od **vyosek** » 16 kvě 2011 08:55

Ten ComboFix Vam mohl sundat system

To neni hracka pro neznale

Dejte mi sem prosim jeho log - mel by byt v c:\combofix.txt - neumi smazat vse, nekdy je treba jeho log docistit pomoci skriptu

zarofka · #12 Příspěvek od **zarofka** » 16 kvě 2011 09:30

Nepoužil jsem ho poprvé, jen mě překvapilo, že je i pro Win7. Log dám večer až se vrátím z práce

#13 Příspěvek od **vyosek** » 16 kvě 2011 11:38

Ono tak nejde ani o pouziti spis o to, ze jsou neustale vydavany nove a nove aktualizace (trema i tri za den) a obcas miva bug - pokud nevite co kam uklada, jak napsat skript na opravu atd, tezko opravite PC

zarofka · #14 Příspěvek od **zarofka** » 16 kvě 2011 21:29

Posílám slíbený obsah Combofix log souboru:

ComboFix 11-05-15.03 - zarofka 16.05.2011 0:44.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1791.911 [GMT 2:00]
Spuštěný z: c:\users\zarofka\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\pumivjh.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-15 do 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 22:52 . 2011-05-15 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 14:37 . 2011-05-15 14:37 -------- d-----w- C:\VIS
2011-05-15 14:27 . 2011-05-15 14:27 -------- d-----w- c:\users\zarofka\AppData\Roaming\Malwarebytes
2011-05-15 14:27 . 2011-05-15 14:27 -------- d-----w- c:\programdata\Malwarebytes
2011-05-15 14:27 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-15 14:27 . 2011-05-15 14:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-15 14:27 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 02:17 . 2011-05-15 02:25 -------- d-----w- C:\rsit
2011-05-14 17:37 . 2011-05-15 15:00 -------- d-----w- c:\programdata\LightScribe
2011-05-14 17:37 . 2011-05-14 17:37 -------- d-----w- c:\users\zarofka\AppData\Roaming\Nero
2011-05-14 17:36 . 2011-05-14 17:36 -------- d-----w- c:\programdata\Nero
2011-05-14 17:36 . 2011-05-14 17:36 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-05-14 17:36 . 2011-05-14 17:36 -------- d-----w- c:\program files (x86)\Nero
2011-05-14 17:34 . 2011-05-14 17:34 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-05-14 17:33 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-05-14 17:33 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-05-14 17:33 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-05-14 17:33 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2011-05-11 22:54 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-11 22:54 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-05-11 22:54 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-11 22:54 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-11 22:54 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-11 22:54 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-11 22:54 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-11 22:54 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-11 22:54 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-05-11 22:54 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-05-11 22:54 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-05-10 21:42 . 2011-05-10 21:42 -------- d-----w- c:\program files (x86)\ESET
2011-05-10 21:34 . 2011-05-10 21:35 -------- d-----w- c:\program files (x86)\Ultimate Process Manager
2011-05-08 23:54 . 2011-05-08 23:54 135168 --sha-r- c:\windows\SysWow64\NOISE8.dll
2011-05-08 01:26 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDCB194E-B25A-4763-9438-2DC1A7610EAC}\mpengine.dll
2011-05-07 16:26 . 2011-05-07 16:26 -------- d-----w- c:\program files (x86)\Artisteer 3
2011-05-07 16:19 . 2011-05-07 16:19 -------- d-----w- c:\users\zarofka\AppData\Local\Apple Computer
2011-05-07 16:18 . 2011-05-07 16:19 -------- d-----w- c:\users\zarofka\AppData\Roaming\Apple Computer
2011-04-24 16:59 . 2011-04-24 17:00 -------- d-----w- c:\program files (x86)\CD'n'Go! Suite
2011-04-22 18:48 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-22 18:48 . 2011-03-08 05:38 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-22 18:48 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 18:48 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-22 18:48 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-22 18:48 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-22 18:47 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-09-14 19:46 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-04 06:17 . 2011-05-11 22:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-05-11 22:53 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-04 00:08 . 2011-03-04 00:05 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 06:37 . 2011-03-27 16:22 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-27 16:22 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-27 16:22 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-27 16:22 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-27 16:22 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-09-08 249856]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 vsslhwb;vsslhwb;c:\windows\system32\drivers\pumivjh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 esihdrv;esihdrv;c:\users\zarofka\AppData\Local\Temp\esihdrv.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MADFUXPONENT;Service for M-Audio Xponent DFU;c:\windows\system32\DRIVERS\MAudioXponent_DFU.sys [x]
R3 MAUSBXPONENT;Service for M-Audio Xponent;c:\windows\system32\DRIVERS\MAudioXponent.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - cpuz134
*Deregistered* - speedfan
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: {5995F79E-E50D-449C-B675-E54BF4CD78C7} = 93.153.117.1,62.141.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.mze.cz/CACHE/stc/3/binaries/vpnweb.cab
DPF: {D67DB088-70B4-4006-B052-57F614FD3AA8} - hxxp://www.vguard.net/myasp/chtIEx.cab
FF - ProfilePath - c:\users\zarofka\AppData\Roaming\Mozilla\Firefox\Profiles\3mpm1ogv.default\
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pb install.exe
AddRemove-Mixxx (1.9.0beta1) - c:\users\zarofka\AppData\Local\Mixxx2\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-16 00:55:06
ComboFix-quarantined-files.txt 2011-05-15 22:55
.
Před spuštěním: Volných bajtů: 113 672 245 248
Po spuštění: Volných bajtů: 116 058 738 688
.
- - End Of File - - 35163EA46A4424842412A48022253ECA

#15 Příspěvek od **vyosek** » 16 kvě 2011 21:35

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillALll::

Driver::
vsslhwb
esihdrv

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"AdobeCS5ServiceManager"=-
"SwitchBoard"=-

File::
c:\users\zarofka\AppData\Local\Temp\esihdrv.sys

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu