VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

svchost.exe prestal pracovat

https://forum.viry.cz:443/viewtopic.php?t=107987

Stránka 2 z 3

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 19:53
od TokytoCZ
Ešte ze mám ten mobil


ComboFix 10-12-29.04 - Tokyto 30.12.2010 19:10:28.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.988 [GMT 1:00]
Spu�t�n� z: c:\users\Tokyto\Desktop\ComboFix.exe
Pou�it� ovl�dac� p�ep�na�e :: c:\users\Tokyto\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatn� v�mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovlada�e/Slu�by )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_ehdrv
-------\Service_epfwwfpr


((((((((((((((((((((((((( Soubory vytvo�en� od 2010-11-28 do 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 16:29 . 2010-12-30 16:29 -------- d-----w- c:\users\Tokyto\AppData\Roaming\.minecraft
2010-12-30 15:00 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-30 15:00 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\programdata\Alwil Software
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\program files\Alwil Software
2010-12-30 11:30 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{949FBF4A-EED2-4D6E-BA29-0B6B59C3A423}\mpengine.dll
2010-12-29 18:19 . 2010-12-29 18:19 -------- d-----w- c:\program files (x86)\Realtek
2010-12-29 18:10 . 2010-12-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 19:28 . 2010-12-28 19:28 388096 ----a-r- c:\users\Tokyto\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-28 19:28 . 2010-12-28 19:28 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-18 22:02 . 2010-12-30 12:12 -------- d-----w- c:\program files (x86)\A1 WMA Tools
2010-12-18 21:38 . 2003-03-26 05:59 573440 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2010-12-18 21:38 . 2003-03-25 14:08 286720 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2010-12-18 21:38 . 2002-12-03 02:11 143872 ----a-w- c:\windows\SysWow64\NCTWMAFile.dll
2010-12-18 21:38 . 2002-12-03 02:07 168448 ----a-w- c:\windows\SysWow64\NCTAudioPlayer.dll
2010-12-18 21:38 . 2002-12-03 02:02 491520 ----a-w- c:\windows\SysWow64\NCTAudioFile.dll
2010-12-18 21:38 . 2002-01-05 06:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2010-12-18 13:09 . 2010-12-18 13:09 -------- d-----w- c:\program files (x86)\NAVIGON
2010-12-14 18:43 . 2010-12-14 18:44 -------- d-----w- c:\users\Tokyto\AppData\Roaming\zaloha minecraft�
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\IsolatedStorage
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\Futuremark_Corporation
2010-12-07 18:35 . 2010-12-07 18:35 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M v�pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 20:11 . 2010-01-26 18:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-12-16 20:11 . 2010-01-26 18:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-13 11:48 . 2010-01-26 18:54 234392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-05 13:05 . 2010-11-05 13:05 2427248 ----a-w- c:\windows\SysWow64\pbsvc_heroes.exe
2010-10-16 18:55 . 2010-10-29 13:54 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-16 18:55 . 2010-10-29 13:54 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-29 13:54 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-16 18:55 . 2010-10-29 13:54 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-29 13:54 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-16 18:55 . 2010-10-29 13:54 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-29 13:54 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-16 18:55 . 2010-10-29 13:54 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-16 18:55 . 2010-10-29 13:54 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-16 18:55 . 2010-03-20 12:01 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-09-12 13:57 . 2010-09-12 13:36 814143398 ----a-w- c:\program files (x86)\loleusetup.exe
2010-04-22 12:32 . 2010-03-28 15:12 704282 ----a-w- c:\program files (x86)\unins000.exe
2010-04-02 12:45 . 2010-04-02 12:10 473 ----a-w- c:\program files (x86)\layout.bin
2010-04-02 12:45 . 2010-04-02 12:10 576000 ----a-w- c:\program files (x86)\ISSetup.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-30_17.02.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-30 18:23 . 2010-12-30 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-30 12:02 . 2010-12-30 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-30 12:02 . 2010-12-30 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-30 18:23 . 2010-12-30 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2010-12-30 18:21 435156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-30 12:00 435156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-28 16:00 . 2010-12-30 18:21 8307088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049775063-532791586-3059231688-1001-8192.dat
- 2010-04-28 16:00 . 2010-12-29 21:01 8307088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049775063-532791586-3059231688-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spou�t�c� body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn�mka* pr�zdn� z�znamy a legitimn� v�choz� �daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2010-09-06 5896656]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]

c:\users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Slu�ba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-26 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-17 1394504]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7458.cfxxe" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Dopl�kov� sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {76408C75-C11F-4AFC-9C77-C4289F0CC8DE} = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUT� KL��E V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,11,cd,be,b2,6a,22,42,ea,70,7f,e6,62,fe,61,5a,d6,99,02,4c,7b,5b,10,
92,2d,74,16,a4,0d,c2,76,4c,8b,1f,b5,f3,2c,05,ae,6d,5c,10,4f,18,8d,f5,71,cd,\
"??"=hex:c3,26,06,7f,34,67,ca,e0,4f,9e,cb,24,ea,da,30,eb

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,df,3c,eb,4c,90,48,8d,54,d6,7d,50,fc,ff,cb,ae,74,af,b5,54,22,
eb,03,0b,28,23,58,ea,d6,7d,b1,16,0e,79,19,a8,f1,a6,b3,8d,22,7c,f9,b5,db,b4,\
"rkeysecu"=hex:a7,fd,be,5f,3a,22,f5,0a,8e,68,9a,f8,72,f3,90,8d

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jin� spu�ten� procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkov� �as: 2010-12-30 19:30:05 - po��ta� byl restartov�n
ComboFix-quarantined-files.txt 2010-12-30 18:30
ComboFix2.txt 2010-12-30 17:19

P�ed spu�t�n�m: Voln�ch bajt�: 18�125�516�800
Po spu�t�n�: Voln�ch bajt�: 17�792�950�272

- - End Of File - - CEF58C0C090F62BB19248BAF91F05BD6
ComboFix 10-12-29.04 - Tokyto 30.12.2010 19:10:28.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.988 [GMT 1:00]
Spu�t�n� z: c:\users\Tokyto\Desktop\ComboFix.exe
Pou�it� ovl�dac� p�ep�na�e :: c:\users\Tokyto\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatn� v�mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovlada�e/Slu�by )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_ehdrv
-------\Service_epfwwfpr


((((((((((((((((((((((((( Soubory vytvo�en� od 2010-11-28 do 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 16:29 . 2010-12-30 16:29 -------- d-----w- c:\users\Tokyto\AppData\Roaming\.minecraft
2010-12-30 15:00 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-30 15:00 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\programdata\Alwil Software
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\program files\Alwil Software
2010-12-30 11:30 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{949FBF4A-EED2-4D6E-BA29-0B6B59C3A423}\mpengine.dll
2010-12-29 18:19 . 2010-12-29 18:19 -------- d-----w- c:\program files (x86)\Realtek
2010-12-29 18:10 . 2010-12-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 19:28 . 2010-12-28 19:28 388096 ----a-r- c:\users\Tokyto\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-28 19:28 . 2010-12-28 19:28 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-18 22:02 . 2010-12-30 12:12 -------- d-----w- c:\program files (x86)\A1 WMA Tools
2010-12-18 21:38 . 2003-03-26 05:59 573440 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2010-12-18 21:38 . 2003-03-25 14:08 286720 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2010-12-18 21:38 . 2002-12-03 02:11 143872 ----a-w- c:\windows\SysWow64\NCTWMAFile.dll
2010-12-18 21:38 . 2002-12-03 02:07 168448 ----a-w- c:\windows\SysWow64\NCTAudioPlayer.dll
2010-12-18 21:38 . 2002-12-03 02:02 491520 ----a-w- c:\windows\SysWow64\NCTAudioFile.dll
2010-12-18 21:38 . 2002-01-05 06:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2010-12-18 13:09 . 2010-12-18 13:09 -------- d-----w- c:\program files (x86)\NAVIGON
2010-12-14 18:43 . 2010-12-14 18:44 -------- d-----w- c:\users\Tokyto\AppData\Roaming\zaloha minecraft�
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\IsolatedStorage
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\Futuremark_Corporation
2010-12-07 18:35 . 2010-12-07 18:35 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M v�pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 20:11 . 2010-01-26 18:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-12-16 20:11 . 2010-01-26 18:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-13 11:48 . 2010-01-26 18:54 234392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-05 13:05 . 2010-11-05 13:05 2427248 ----a-w- c:\windows\SysWow64\pbsvc_heroes.exe
2010-10-16 18:55 . 2010-10-29 13:54 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-16 18:55 . 2010-10-29 13:54 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-29 13:54 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-16 18:55 . 2010-10-29 13:54 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-29 13:54 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-16 18:55 . 2010-10-29 13:54 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-29 13:54 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-16 18:55 . 2010-10-29 13:54 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-16 18:55 . 2010-10-29 13:54 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-16 18:55 . 2010-03-20 12:01 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-09-12 13:57 . 2010-09-12 13:36 814143398 ----a-w- c:\program files (x86)\loleusetup.exe
2010-04-22 12:32 . 2010-03-28 15:12 704282 ----a-w- c:\program files (x86)\unins000.exe
2010-04-02 12:45 . 2010-04-02 12:10 473 ----a-w- c:\program files (x86)\layout.bin
2010-04-02 12:45 . 2010-04-02 12:10 576000 ----a-w- c:\program files (x86)\ISSetup.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-30_17.02.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-30 18:23 . 2010-12-30 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-30 12:02 . 2010-12-30 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-30 12:02 . 2010-12-30 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-30 18:23 . 2010-12-30 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2010-12-30 18:21 435156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-30 12:00 435156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-28 16:00 . 2010-12-30 18:21 8307088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049775063-532791586-3059231688-1001-8192.dat
- 2010-04-28 16:00 . 2010-12-29 21:01 8307088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049775063-532791586-3059231688-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spou�t�c� body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn�mka* pr�zdn� z�znamy a legitimn� v�choz� �daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2010-09-06 5896656]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]

c:\users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Slu�ba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-26 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-17 1394504]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7458.cfxxe" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Dopl�kov� sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {76408C75-C11F-4AFC-9C77-C4289F0CC8DE} = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUT� KL��E V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,11,cd,be,b2,6a,22,42,ea,70,7f,e6,62,fe,61,5a,d6,99,02,4c,7b,5b,10,
92,2d,74,16,a4,0d,c2,76,4c,8b,1f,b5,f3,2c,05,ae,6d,5c,10,4f,18,8d,f5,71,cd,\
"??"=hex:c3,26,06,7f,34,67,ca,e0,4f,9e,cb,24,ea,da,30,eb

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,df,3c,eb,4c,90,48,8d,54,d6,7d,50,fc,ff,cb,ae,74,af,b5,54,22,
eb,03,0b,28,23,58,ea,d6,7d,b1,16,0e,79,19,a8,f1,a6,b3,8d,22,7c,f9,b5,db,b4,\
"rkeysecu"=hex:a7,fd,be,5f,3a,22,f5,0a,8e,68,9a,f8,72,f3,90,8d

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jin� spu�ten� procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkov� �as: 2010-12-30 19:30:05 - po��ta� byl restartov�n
ComboFix-quarantined-files.txt 2010-12-30 18:30
ComboFix2.txt 2010-12-30 17:19

P�ed spu�t�n�m: Voln�ch bajt�: 18�125�516�800
Po spu�t�n�: Voln�ch bajt�: 17�792�950�272

- - End Of File - - CEF58C0C090F62BB19248BAF91F05BD6

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 22:11
od vyosek
Proc myslite ze je tam ta poznamka, ze pokud bude problem tak restart PC, mackat F8, zvolit Posledni znama funkcni konfigurace...

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 22:36
od TokytoCZ
Sem myslel ze to je v případě ze se systém nespustí...

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 22:38
od vyosek
Takze provedte tu obnovu pres Posledni znamou konfiguraci a napiste ci se net rozjel a budeme mazat jinak...

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 22:44
od TokytoCZ
Dobře, zítra odpoledne kolem 12:30 to udělám :) :)

Re: svchost.exe prestal pracovat

Napsal: 30 pro 2010 22:54
od vyosek
OK, budu ocekavat vysledek...

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 08:51
od TokytoCZ
Po zapnuti pocitace s posledni znamou fnkcni konfiguraci internet porad nefungoval, skusil jsem tedy jit do Centra síťových připojení a sdílení-odstranit potize-sitovy adapter- windows nasel, ze neni povolen naky protokol...moc sem tomu neveril, ale woala, internet opet funguje :), svchost.exe pracuje zatim jak ma :)

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 09:23
od vyosek
:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Dejte novy log z RSIT

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 09:57
od TokytoCZ
na poprve se ersit zasekl, ukoncil sem ho pres procesy a zapl znovu



Logfile of random's system information tool 1.08 (written by random/random)
Run by Tokyto at 2010-12-31 09:56:44
Microsoft Windows 7 Ultimate
System drive C: has 18 GB (6%) free of 305 GB
Total RAM: 2046 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:45, on 31.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tokyto.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8997 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\GameTracker\GSInGameService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
"C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Xfire\Xfire.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:2076
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2300
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-bdca5411-b863-41a1-9134-99250662a2bf -SystemEventPortName:HostProcess-b9d040e1-8799-4512-bb23-34f8895d3cfe -IoCancelEventPortName:HostProcess-fe7add41-35a9-4e23-9a8a-c0c9848444bd -NonStateChangingEventPortName:HostProcess-48dc33ad-0cb4-4036-af48-01d2697c525c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:19fe059f-8635-4609-902b-fdce2b5510fe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Xfire\Xfire.exe" C:\Program Files (x86)\Xfire\Xfire.exe/uac 2348
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 4252
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3312.07754C00.521340222 /prefetch:3
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Tokyto\AppData\Local\Google\Chrome\User Data\Default" --channel=3312.07A1AA4C.917669870 /prefetch:4
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Tokyto\Downloads\RSITx64 (1).exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Infium"=C:\Program Files (x86)\QIP Infium\infium.exe [2010-09-06 5896656]
"DriverMax"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"DriverMax_RESTART"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 908160]

C:\Users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-31 09:53:21 ----D---- C:\rsit
2010-12-30 19:35:32 ----A---- C:\Windows\system32\RTNUninst64.dll
2010-12-30 19:35:32 ----A---- C:\Windows\system32\RtNicProp64.dll
2010-12-30 19:23:35 ----D---- C:\$RECYCLE.BIN
2010-12-30 17:49:33 ----D---- C:\Windows\ERDNT
2010-12-30 17:29:01 ----D---- C:\Users\Tokyto\AppData\Roaming\.minecraft
2010-12-30 16:01:22 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-30 16:01:22 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-30 16:01:21 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-30 16:01:19 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-30 16:01:14 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-30 16:00:40 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-12-30 15:59:23 ----D---- C:\ProgramData\Alwil Software
2010-12-30 15:59:23 ----D---- C:\Program Files\Alwil Software
2010-12-29 19:19:45 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2010-12-29 19:19:42 ----D---- C:\Program Files (x86)\Realtek
2010-12-29 19:10:58 ----D---- C:\ProgramData\Sun
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\java.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-12-28 20:28:49 ----D---- C:\Program Files (x86)\Trend Micro
2010-12-18 23:02:34 ----D---- C:\Program Files (x86)\A1 WMA Tools
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudPlayer.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioVisu.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioRecord.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioInfos.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6STKIT.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6FR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\TABCTFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\MSCMCFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\Mscc2fr.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\inetfr.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\CMDLGFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudFile.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDisplay.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDesign.dll
2010-12-18 22:57:02 ----D---- C:\Users\Tokyto\AppData\Roaming\FreeAudioPack
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioPlayer.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioInformation2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2010-12-18 14:09:09 ----D---- C:\Program Files (x86)\NAVIGON
2010-12-16 16:00:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-16 16:00:59 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:00:46 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 16:00:40 ----A---- C:\Windows\system32\win32k.sys
2010-12-16 16:00:35 ----A---- C:\Windows\system32\webio.dll
2010-12-16 16:00:34 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-16 16:00:32 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:00:31 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 16:00:31 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 16:00:28 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-16 16:00:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-16 16:00:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-16 16:00:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 19:43:50 ----D---- C:\Users\Tokyto\AppData\Roaming\zaloha minecraftů

======List of files/folders modified in the last 1 months======

2010-12-31 09:56:45 ----D---- C:\Windows\Temp
2010-12-31 09:56:44 ----D---- C:\Program Files\trend micro
2010-12-31 09:50:55 ----D---- C:\Windows
2010-12-31 09:50:15 ----D---- C:\Windows\system32\config
2010-12-31 09:46:57 ----D---- C:\ProgramData\NVIDIA
2010-12-31 09:45:30 ----D---- C:\Windows\SysWOW64
2010-12-31 09:45:30 ----D---- C:\Windows\System32
2010-12-31 09:42:17 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-12-31 09:40:45 ----D---- C:\Users\Tokyto\AppData\Roaming\Skype
2010-12-31 09:38:32 ----SHD---- C:\System Volume Information
2010-12-31 08:56:28 ----SHD---- C:\Windows\Installer
2010-12-31 08:56:18 ----D---- C:\Users\Tokyto\AppData\Roaming\skypePM
2010-12-31 08:52:45 ----D---- C:\Program Files (x86)\League of Legends
2010-12-31 08:47:47 ----D---- C:\Windows\inf
2010-12-31 08:47:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-31 08:47:37 ----D---- C:\Windows\system32\NDF
2010-12-30 19:30:08 ----D---- C:\Windows\system32\drivers
2010-12-30 19:23:38 ----A---- C:\Windows\system.ini
2010-12-30 19:22:51 ----D---- C:\Program Files (x86)\Pando Networks
2010-12-30 19:20:13 ----D---- C:\Windows\Tasks
2010-12-30 19:16:47 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-30 19:16:47 ----D---- C:\Windows\AppPatch
2010-12-30 19:16:45 ----D---- C:\Program Files\Common Files
2010-12-30 19:16:45 ----D---- C:\Program Files (x86)\Common Files
2010-12-30 18:01:48 ----RD---- C:\Program Files (x86)
2010-12-30 17:31:59 ----D---- C:\Users\Tokyto\AppData\Roaming\Xfire
2010-12-30 16:01:01 ----D---- C:\Windows\winsxs
2010-12-30 15:59:23 ----RD---- C:\Program Files
2010-12-30 15:59:23 ----D---- C:\Windows\system32\catroot2
2010-12-30 15:59:23 ----D---- C:\ProgramData
2010-12-30 14:15:18 ----D---- C:\Windows\Minidump
2010-12-30 14:15:18 ----D---- C:\Windows\debug
2010-12-30 13:21:21 ----D---- C:\Windows\WindowsMobile
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\VstPlugins
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\Image-Line
2010-12-30 13:18:57 ----D---- C:\Program Files (x86)\VideoLAN
2010-12-30 13:18:21 ----D---- C:\Program Files (x86)\Quick Memory Editor
2010-12-30 13:11:44 ----D---- C:\Program Files (x86)\Foxit Software
2010-12-30 13:11:30 ----D---- C:\Program Files (x86)\Handbrake
2010-12-30 13:09:48 ----D---- C:\Program Files (x86)\URUSoft
2010-12-30 13:09:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-30 13:09:07 ----D---- C:\Users\Tokyto\AppData\Roaming\Mozilla
2010-12-30 13:06:39 ----D---- C:\Windows\system32\Tasks
2010-12-30 13:04:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-30 13:02:46 ----D---- C:\Program Files (x86)\Steam
2010-12-30 13:00:11 ----D---- C:\Program Files (x86)\Zombie Driver
2010-12-29 19:20:15 ----D---- C:\Windows\system32\catroot
2010-12-29 19:20:15 ----D---- C:\Windows\Prefetch
2010-12-29 19:20:13 ----D---- C:\Windows\system32\DriverStore
2010-12-29 19:10:44 ----D---- C:\Program Files (x86)\Java
2010-12-27 19:50:59 ----D---- C:\temp
2010-12-27 16:31:00 ----D---- C:\Program Files (x86)\JDownloader
2010-12-25 21:20:23 ----D---- C:\ProgramData\Xfire
2010-12-18 23:15:55 ----D---- C:\Users\Tokyto\AppData\Roaming\uTorrent
2010-12-18 23:00:49 ----D---- C:\Program Files (x86)\ImTOO
2010-12-18 16:01:17 ----D---- C:\Windows\rescache
2010-12-17 13:17:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-17 13:17:40 ----D---- C:\Windows\system32\cs-CZ
2010-12-17 13:17:37 ----D---- C:\Windows\SYSWOW64\migration
2010-12-17 13:17:37 ----D---- C:\Program Files\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files\Internet Explorer
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-17 13:17:36 ----D---- C:\Windows\system32\migration
2010-12-16 23:19:42 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 23:14:27 ----A---- C:\Windows\system32\MRT.exe
2010-12-16 21:11:23 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-12-16 21:11:14 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-12-16 20:53:13 ----D---- C:\Program Files (x86)\EA GAMES
2010-12-15 18:52:27 ----D---- C:\ProgramData\Tunngle
2010-12-15 18:52:26 ----D---- C:\Users\Tokyto\AppData\Roaming\Tunngle
2010-12-13 21:13:27 ----D---- C:\Program Files (x86)\Tunngle

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-26 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 a7qjttvs;a7qjttvs; C:\Windows\system32\drivers\a7qjttvs.sys []
S3 aeacmi4b;aeacmi4b; C:\Windows\system32\drivers\aeacmi4b.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 989800]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-12-16 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-12-16 189248]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-18 1394504]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-30 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]

-----------------EOF-----------------

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 10:04
od vyosek
:arrow: Otevrete si poznamkovy blok
  • Start->spustit->notepad
  • Vlozte text nize

  • Kód: Vybrat vše

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
  • Soubor ulozte jako oprava.reg
  • Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
  • Obrázek
  • Zavrit notepad a spustit dvojklikem oprava.reg
  • Pripadny dotaz na zmenu registru potvrdte
  • Okno jen problikne a opravi regsitry - soubor muzete smazat
:arrow: Jinak log vypada v poradku :wink:

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 10:55
od TokytoCZ
takze uz mam pc v pohode? dik moc za pomoc :) a hezkej novej rok

Re: svchost.exe prestal pracovat

Napsal: 31 pro 2010 12:13
od vyosek
Ano, PC by melo byt v poradku :wink:

Nemate zac, rad jsem pomohl :) Zase nekdy Obrázek

Re: svchost.exe prestal pracovat

Napsal: 01 led 2011 13:13
od TokytoCZ
Nerad opet rusim.....ale svchost.exe opet prestal pracovat :cry:

Re: svchost.exe prestal pracovat

Napsal: 01 led 2011 13:34
od vyosek
Zdravim :)

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Re: svchost.exe prestal pracovat

Napsal: 02 led 2011 16:05
od TokytoCZ
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5438

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

2.1.2011 15:55:54
mbam-log-2011-01-02 (15-54-54).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 570145
Uplynulý čas: 1 hodin, 36 minut, 22 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dll (Backdoor.IrcBot) -> Value: dll -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Tokyto\AppData\Roaming\dll\svchost.exe (Backdoor.IrcBot) -> No action taken.
c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe (Trojan.FakeMS) -> No action taken.
c:\Users\Tokyto\AppData\Roaming\iexplorerx.exe (Backdoor.IrcBot) -> No action taken.
c:\Users\Tokyto\Desktop\fff-ea121.exe (Trojan.Orsam) -> No action taken.
c:\Users\Tokyto\Desktop\Ostatní\moje!\games\COD\COD4\cod4 keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Tokyto\downloads\t-cleaner.exe (Backdoor.Bot) -> No action taken.
c:\Users\Tokyto\AppData\Roaming\microsoft\n (Malware.Traces) -> No action taken.
c:\Users\Tokyto\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz