Prosim o kontrolu logu

[amon1]

Prosim preventivne o kontrolu loggu.Avast zachytil Win 32 KillAV-AHY rootkit a presunul do virusovej truhly.
Logfile of random's system information tool 1.08 (written by random/random)
Run by notebook at 2011-05-20 09:58:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 130 GB (87%) free of 150 GB
Total RAM: 1976 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:56, on 20. 5. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\notebook\Downloads\RSIT.exe
C:\Program Files\trend micro\notebook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 2912 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-20 09:58:50 ----D---- C:\Program Files\trend micro
2011-05-20 09:58:49 ----D---- C:\rsit
2011-05-11 10:42:12 ----A---- C:\Windows\system32\poqexec.exe
2011-05-11 09:51:56 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-11 09:51:55 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-11 09:51:55 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-11 09:51:55 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-11 09:51:55 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-11 09:51:55 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-11 09:51:53 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-11 09:51:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-04-27 09:59:40 ----A---- C:\Windows\system32\prevhost.exe
2011-04-27 09:59:30 ----A---- C:\Windows\system32\fsutil.exe
2011-04-27 09:59:30 ----A---- C:\Windows\system32\esent.dll
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\storport.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-04-27 09:59:30 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-04-27 09:59:26 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-27 09:59:25 ----A---- C:\Windows\explorer.exe
2011-04-24 15:16:40 ----D---- C:\Users\notebook\AppData\Roaming\.minecraft
2011-04-24 14:32:16 ----D---- C:\Windows\Internet Logs
2011-04-22 13:21:47 ----D---- C:\Program Files\Defraggler

======List of files/folders modified in the last 1 months======

2011-05-20 09:58:56 ----D---- C:\Windows\Prefetch
2011-05-20 09:58:53 ----D---- C:\Windows\Temp
2011-05-20 09:58:50 ----RD---- C:\Program Files
2011-05-20 09:54:55 ----D---- C:\Users\notebook\AppData\Roaming\Skype
2011-05-20 09:08:03 ----D---- C:\Windows\system32\config
2011-05-20 08:59:55 ----D---- C:\Users\notebook\AppData\Roaming\skypePM
2011-05-20 08:14:43 ----D---- C:\Windows\system32\wdi
2011-05-20 00:31:50 ----D---- C:\ProgramData\Spyware Terminator
2011-05-20 00:31:47 ----SHD---- C:\System Volume Information
2011-05-20 00:31:27 ----D---- C:\Program Files\Spyware Terminator
2011-05-20 00:25:52 ----D---- C:\Users\notebook\AppData\Roaming\Spyware Terminator
2011-05-19 23:24:01 ----D---- C:\Windows\system32\catroot2
2011-05-17 16:41:12 ----D---- C:\Users\notebook\AppData\Roaming\uTorrent
2011-05-17 13:49:42 ----D---- C:\Windows
2011-05-16 14:43:11 ----D---- C:\Windows\debug
2011-05-16 14:41:55 ----D---- C:\Program Files\CCleaner
2011-05-15 23:52:35 ----D---- C:\Windows\System32
2011-05-15 20:21:03 ----D---- C:\Windows\system32\NDF
2011-05-12 07:25:04 ----D---- C:\Windows\inf
2011-05-12 07:25:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-11 11:18:08 ----D---- C:\Windows\winsxs
2011-05-11 10:46:37 ----D---- C:\Windows\system32\drivers
2011-05-11 10:45:04 ----D---- C:\Windows\system32\DriverStore
2011-05-11 10:43:17 ----A---- C:\Windows\system32\MRT.exe
2011-05-11 10:41:44 ----D---- C:\Windows\system32\catroot
2011-05-10 14:10:55 ----A---- C:\Windows\system32\aswBoot.exe
2011-05-03 17:51:55 ----SHD---- C:\Windows\Installer
2011-04-29 14:23:04 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 08:48:33 ----D---- C:\Windows\rescache
2011-04-28 08:15:10 ----D---- C:\Windows\system32\en-US
2011-04-28 08:15:10 ----D---- C:\Windows\system32\cs-CZ
2011-04-28 08:15:10 ----D---- C:\Windows\AppPatch
2011-04-24 15:54:57 ----D---- C:\Windows\system32\drivers\UMDF
2011-04-24 14:32:16 ----HD---- C:\ProgramData
2011-04-22 09:00:59 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-03-07 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-14 530944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-03-07 496128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1343400]

-----------------EOF-----------------

[amon1]

V prilohe posielam snimok

[amon1]

Pri PC budem až v nedelu,tak prosim o strpenie.Tu je druhy snimok

[amon1]

Počitač sa inak sprava normalne,sken malwarebytes aj Superantispyware aj SP Terminator nič nenašli.TDSSKiller od kasperskeho tiež nič.

[Márty84]

Zdravim

Tim, ze jste napsal vice prispevku, bude trvat dele, nez vas radci objevi. Protoze ti si do temat nezasahuji a jelikoz uz tu mate vice odpovedi, domnivaji se, ze uz to nekdo resi
Takze bud vydrzte, nakonec si vas urcite nekdo najde, nebo zkuste nekteremu napsat soukromou zpravu s odkazem na vase tema a zadosti o pomoc

Preji hezky den a uspesne vyreseni

[chodnik74]

Dobrý den
Mrknu na to navečer..kolem 6-7h..mějte strpení..

[chodnik74]

Stáhneme a spustíme SystemLook

http://jpshortstuff.247fixes.com/SystemLook.exe

Do okna vložíme následující script a stiskneme tlačítko Look

Kód: Vybrat vše

:dir
C:\windows\system32\wdi\  /t10

Po dokončení se nám otevře log,který mi zkopírujte sem
smazal avast nalezené nákazy

[amon1]

Zda sa že sa jednalo o falošny poplach avast už subor neoznačuje ako nakazu,otestovane aj na virustotal a všetko je čiste.Ale aj tak Vdaka za mrknutie

[chodnik74]

Dobře pokud chcete,tak udělejte co jsem napsal,to vypíše soubory všechny soubory v složce,v které avast našel havěť(soubory vytvořené za posledních 10 dní)

[amon1]

V poriadku v stredu budem na svojom PC tak potom spravim co ste napisal.

[chodnik74]

jasný dobrou noc přeji

[amon1]

tu je log
SystemLook 04.09.10 by jpshortstuff
Log created at 23:26 on 24/05/2011 by notebook
Administrator - Elevation successful

========== dir ==========

C:\windows\system32\wdi - Parameters: "/t10"

---Files---
BootPerformanceDiagnostics_SystemData.bin --a---- 49060 bytes [04:55 14/07/2009] [21:21 24/05/2011]
ShutdownPerformanceDiagnostics_SystemData.bin --a---- 35966 bytes [06:14 20/05/2011] [14:09 24/05/2011]
SuspendPerformanceDiagnostics_SystemData_S3.bin --a---- 291694 bytes [11:28 19/12/2010] [19:01 24/05/2011]

---Folders---
LogFiles d------ [02:37 14/07/2009]
perftrack d------ [02:37 14/07/2009]
{533a67eb-9fb5-473d-b884-958cf4b9c4a3} d------ [11:28 19/12/2010]
{67144949-5132-4859-8036-a737b43825d8} d------ [10:08 19/12/2010]
{86432a0b-3c7d-4ddf-a89c-172faa90485d} d------ [04:55 14/07/2009]
{ffc42108-4920-4acf-a4fc-8abdcc68ada4} d------ [11:28 19/12/2010]

-= EOF =-

[chodnik74]

Zdravím dřív jsem si toho nevšiml,omlouvám se
ShutdownPerformanceDiagnostics_SystemData.bin tento soubor ověřte na http://www.virtustotal.com a vložte sem výsledek

Dále Znovu spustíme SystemLook

Do okna vložíme následující script a stiskneme tlačítko Look

Kód: Vybrat vše

:dir
C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}

Po dokončení se nám otevře log,který mi zkopírujte sem

[amon1]

Subor sa nenasiel pise virustotal.Zrejme ho Avast zmazal.
Tu je druhy log
SystemLook 04.09.10 by jpshortstuff
Log created at 22:00 on 25/05/2011 by notebook
Administrator - Elevation successful

========== dir ==========

C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d} - Parameters: "(none)"

---Files---
S-1-5-21-790346966-1301536953-1311782660-1001_UserData.bin --a---- 3174 bytes [21:25 19/05/2011] [05:55 25/05/2011]

---Folders---
{04630122-78f0-439c-b906-00d5b4c34fdb} d------ [07:34 23/05/2011]
{0edce07d-61c6-4b58-bd62-0b0e8862aa3a} d------ [15:07 13/05/2011]
{124f63ad-e36f-4bc1-8360-fc0287c6bb32} d------ [13:08 22/05/2011]
{2b31347e-383e-43d2-b7c9-d6a45e249c2d} d------ [14:09 24/05/2011]
{46756bdb-f563-4231-b439-c60ef64d2bb6} d------ [18:05 15/05/2011]
{59abf133-ea91-40a5-9d31-3b429777b66e} d------ [18:24 15/05/2011]
{6747d05a-a292-448f-b312-72728fd16207} d------ [05:55 25/05/2011]
{6790824c-88a9-48cc-aa2c-e7dc186837de} d------ [08:15 17/05/2011]
{6dc6db45-f8c5-48e9-8afe-9dcb0f701794} d------ [18:14 15/05/2011]
{73db276c-42e0-4cff-89e1-9ed77507abff} d------ [05:41 15/05/2011]
{7ed8a046-c78e-4ef8-9f96-22775bbaddd9} d------ [15:18 22/05/2011]
{8025388c-12c2-43b6-a3d9-33daf449f37f} d------ [07:58 16/05/2011]
{8219c8ef-a6eb-42e0-89db-a813a2408baa} d------ [03:42 13/05/2011]
{8c57fd80-8434-4eb2-af5d-a4155555f6ad} d------ [05:33 17/05/2011]
{9102420d-b72b-475f-9c6f-b02fb22d948f} d------ [13:43 14/05/2011]
{995d18e8-1f90-4357-8cc8-f3dbcc7bf623} d------ [16:45 17/05/2011]
{b8b488ee-2ede-472e-aedd-ca01ba1ef828} d------ [16:57 22/05/2011]
{bdd0180b-4309-47f4-a4f3-f5aeada4beee} d------ [10:12 18/05/2011]
{d0774843-f616-4d62-a0ef-e91b3d7f9c37} d------ [11:54 17/05/2011]
{d0ec5dd1-0374-4131-8530-9f244168a8a2} d------ [21:21 24/05/2011]
{d2d0aef8-0bc8-4d80-b39f-cb094bc786c9} d------ [21:53 15/05/2011]
{d60e0ec4-0531-42dd-8afc-fdfbbe88184e} d------ [06:14 20/05/2011]
{de4dcc0d-8e87-4d10-afb0-ba93e3eeb69f} d------ [18:18 15/05/2011]
{dfe8cfa7-83c7-4238-91ec-08c2d5766954} d------ [21:25 19/05/2011]
{e2e728b4-b20c-4ad5-8bf6-c404809378e9} d------ [18:09 15/05/2011]
{eee5cc4c-5485-4c46-9684-ed24edfa7503} d------ [06:01 24/05/2011]
{f7418861-4849-4034-8153-c867ab68e8f9} d------ [18:12 19/05/2011]
{fd30105b-4d5d-4ea1-aca5-e75730e27a27} d------ [03:35 23/05/2011]

-= EOF =-

[chodnik74]

soubor by se měl nacházet v C:\windows\system32\wdi\ a ten musíte vybrat na http://www.virustotal.com/index.html
zkuste ověřit soubor C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-790346966-1301536953-1311782660-1001_UserData.bin