Esetem hlaseny Agent.SDG.Gen Trojsky kun
Napsal: 08 led 2012 10:16
Dobry den,
dnes rano me privitala hlaska od esetu (legalne zakoupen stejne jako os) ze MBR sektor1. fyzickeho disku je infiltrovan Win32/Agent.SDG.Gen trojsky kun. Tlacitko lecit nepomaha. Po spusteni kontroly stejnou hlasku hazi i pro disky 3 a 4.
Rad bych vas pozadal o radu jak postupovat.
Predem dekuji.
Log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jakub at 2012-01-08 10:09:40
Microsoft Windows 7 Professional
System drive C: has 30 GB (15%) free of 200 GB
Total RAM: 4095 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:44, on 8.1.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\SC2RARu10\SC2RAR\SC2RAR.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\trend micro\Jakub.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SC2RAR - Shortcut.lnk = C:\SC2RARu10\SC2RAR\SC2RAR.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} (VMware Remote Console Plug-in 2.5.0.00000) -
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -
O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleOraDb11g_home2ClrAgent - Oracle Corporation - K:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home2TNSListener - Oracle Corporation - K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: OracleServiceORCL11 - Oracle Corporation - k:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: Oracle ORCL VSS Writer Service (OracleVssWriterORCL) - Unknown owner - c:\app\jakub\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: Oracle ORCL11 VSS Writer Service (OracleVssWriterORCL11) - Unknown owner - k:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10588 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
Ati2evxx.exe -Client
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -k runservice
C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe
C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe "OracleMTSRecoveryService"
\??\C:\Windows\system32\conhost.exe "-80325381-11333306271417005892989559031339049103-9331638921102959403-108127563
K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -d "C:/Program Files (x86)/Marvell/raid/Apache2"
c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
cmd /c ""C:\app\Jakub\product\11.2.0\dbhome_1\bin\emctl.bat" istart dbconsole"
C:\app\Jakub\product\11.2.0\dbhome_1\\perl\bin\perl.exe C:\app\Jakub\product\11.2.0\dbhome_1\bin\emwd.pl dbconsole
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess
\??\C:\Windows\system32\conhost.exe "8598574491427828188-1063851766-2128205691320828558-410138486-963244062426114300
cmd /c "C:\app\Jakub\product\11.2.0\dbhome_1/bin/execjavatemp.bat"
C:\app\Jakub\product\11.2.0\dbhome_1\jdk/bin/java -server -Xmx192M -XX:MaxPermSize=200M -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -DORACLE_HOME=C:\app\Jakub\product\11.2.0\dbhome_1 -Doracle.home=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j -Doracle.oc4j.localhome=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl/sysman -DEMSTATE=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl -Doracle.j2ee.dont.use.memory.archive=true -Djava.protocol.handler.pkgs=HTTPClient -Doracle.security.jazn.config=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/jazn.xml -Djava.security.policy=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/java2.policy -Djavax.net.ssl.KeyStore=C:\app\Jakub\product\11.2.0\dbhome_1/sysman/config/OCMTrustedCerts.txt-Djava.security.properties=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/home/config/jazn.security.props -DEMDROOT=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl -Dsysman.md5password=true -Drepapi.oracle.home=C:\app\Jakub\product\11.2.0\dbhome_1 -Ddisable.checkForUpdate=true -Doracle.sysman.ccr.ocmSDK.websvc.keystore=C:\app\Jakub\product\11.2.0\dbhome_1/jlib/emocmclnt.ks -Dice.pilots.html4.ignoreNonGenericFonts=true -Djava.awt.headless=true -jar C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/home/oc4j.jar -config C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/server.xml
"C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe"
"C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe"
C:\app\Jakub\product\11.2.0\dbhome_1/bin/emagent
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\SC2RARu10\SC2RAR\SC2RAR.exe"
"C:\Windows\System32\DeltaIITray.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=4588.06174000.2036729946 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Jakub\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jakub\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll" --lang=cs --channel=4588.0A7F9000.895826943 --flash-broker=4152 /prefetch:4
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=4588.05C7A480.224716698 /prefetch:3
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\totalcmd\TOTALCMD.EXE"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jakub\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2794234989-373363643-3910967931-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2794234989-373363643-3910967931-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\1uba89x8.default
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1, {0493D792-5C92-440b-81A8-AD6CDFC75212}:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609]
"Description"=12.0.1.609
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPJinit13122.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-19 43520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-12-20 382720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2716216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\real\realplayer\Update\realsched.exe [2010-12-20 274608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Download Centre.lnk]
C:\PROGRA~2\YAMAHA~1\DIGITA~1\Common\DOWNLO~1\DOWNLO~1.EXE [2009-11-10 419160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\PROGRA~2\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2010-07-30 41051]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk]
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2011-02-28 5120]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\DeltaIITray.exe []
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"MRUTray"=C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [2010-04-12 731176]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SC2RAR - Shortcut.lnk - C:\SC2RARu10\SC2RAR\SC2RAR.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-08 10:00:48 ----D---- C:\Program Files\trend micro
2012-01-08 10:00:47 ----D---- C:\rsit
2012-01-02 11:37:38 ----D---- C:\Program Files\Microsoft Games
2011-12-26 23:04:24 ----D---- C:\Users\Jakub\AppData\Roaming\Mumble
2011-12-26 23:03:51 ----D---- C:\Program Files (x86)\Mumble
2011-12-26 11:25:48 ----D---- C:\Users\Jakub\AppData\Roaming\calibre
2011-12-26 11:25:07 ----D---- C:\Program Files (x86)\Calibre2
2011-12-18 14:06:58 ----D---- C:\Users\Jakub\AppData\Roaming\Apple Computer
2011-12-18 13:37:40 ----D---- C:\Program Files (x86)\QuickTime
2011-12-18 13:37:38 ----D---- C:\ProgramData\Apple Computer
2011-12-18 13:34:54 ----D---- C:\Program Files (x86)\Apple Software Update
2011-12-18 11:31:10 ----D---- C:\ProgramData\Apple
2011-12-14 12:11:14 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 12:11:12 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 12:11:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-14 12:11:09 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 12:11:04 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 12:11:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-14 12:11:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-14 12:11:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-14 12:11:00 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 12:10:59 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\mstime.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\iedkcs32.dll
2011-12-14 12:10:57 ----A---- C:\Windows\system32\iepeers.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\licmgr10.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 12:10:55 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-14 12:10:55 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-12-14 12:10:55 ----A---- C:\Windows\system32\url.dll
2011-12-14 12:10:55 ----A---- C:\Windows\system32\msfeedssync.exe
2011-12-14 12:10:36 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 12:10:34 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 12:10:34 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 12:10:24 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 12:10:24 ----A---- C:\Windows\system32\tzres.dll
2011-12-12 21:27:16 ----D---- C:\Program Files (x86)\Edgard
======List of files/folders modified in the last 1 month======
2012-01-08 10:09:42 ----D---- C:\Windows\Temp
2012-01-08 10:09:38 ----D---- C:\TEMP
2012-01-08 10:00:58 ----D---- C:\Windows\Prefetch
2012-01-08 10:00:48 ----RD---- C:\Program Files
2012-01-08 09:52:31 ----D---- C:\Windows\system32\config
2012-01-08 09:51:52 ----D---- C:\Users\Jakub\AppData\Roaming\Skype
2012-01-08 09:51:47 ----D---- C:\Users\Jakub\AppData\Roaming\skypePM
2012-01-08 09:49:21 ----D---- C:\ProgramData\VMware
2012-01-08 00:51:06 ----D---- C:\Users\Jakub\AppData\Roaming\uTorrent
2012-01-08 00:02:08 ----D---- C:\Users\Jakub\AppData\Roaming\vlc
2012-01-06 19:09:15 ----SHD---- C:\System Volume Information
2012-01-03 13:16:56 ----D---- C:\Windows\rescache
2012-01-03 09:13:45 ----D---- C:\Windows\system32\catroot2
2012-01-02 11:37:49 ----D---- C:\Windows\winsxs
2012-01-02 11:37:39 ----D---- C:\Windows\system32\en-US
2012-01-02 11:37:39 ----D---- C:\Windows\System32
2011-12-31 21:25:42 ----D---- C:\Windows\inf
2011-12-31 21:25:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-26 23:03:57 ----SHD---- C:\Windows\Installer
2011-12-26 23:03:51 ----RD---- C:\Program Files (x86)
2011-12-26 23:03:51 ----D---- C:\Windows\SysWOW64
2011-12-21 16:38:38 ----D---- C:\Users\Jakub\AppData\Roaming\dvdcss
2011-12-19 12:41:37 ----D---- C:\Users\Jakub\AppData\Roaming\Clone2Go Video Converter Professional
2011-12-19 12:32:48 ----AD---- C:\ProgramData\TEMP
2011-12-18 13:37:38 ----HD---- C:\ProgramData
2011-12-18 13:35:25 ----D---- C:\Program Files (x86)\Common Files
2011-12-18 11:33:17 ----D---- C:\Windows\system32\Tasks
2011-12-16 10:53:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-12-14 18:28:12 ----D---- C:\Program Files\Internet Explorer
2011-12-14 18:28:12 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-14 18:28:11 ----D---- C:\Windows\SYSWOW64\migration
2011-12-14 18:28:11 ----D---- C:\Windows\system32\migration
2011-12-14 17:21:45 ----RSD---- C:\Windows\assembly
2011-12-14 17:21:44 ----D---- C:\ProgramData\Microsoft Help
2011-12-14 17:21:31 ----D---- C:\Windows\system32\catroot
2011-12-14 17:20:12 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 17:18:10 ----D---- C:\Windows\SYSWOW64\en-US
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2009-10-27 22568]
R0 mv91xx;mv91xx; C:\Windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-28 230864]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-20 38448]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2009-10-20 65072]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-20 38960]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-20 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2009-10-20 76336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2010-03-23 304784]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\Windows\system32\DRIVERS\MAudioDelta.sys [2009-07-27 392712]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-20 20016]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-05-08 20520]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-04-12 235560]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
R2 OracleDBConsoleorcl;OracleDBConsoleorcl; C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe [2010-03-02 35328]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe [2010-03-12 81408]
R2 OracleOraDb11g_home2TNSListener;OracleOraDb11g_home2TNSListener; K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR []
R2 OracleServiceORCL;OracleServiceORCL; c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE [2010-03-30 134018048]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe [2009-10-20 121392]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2009-10-20 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2009-10-20 399920]
R2 VMwareHostd;VMware Host Agent; C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access; C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener; C:\app\Jakub\product\11.2.0\dbhome_1\BIN\TNSLSNR []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 MsDtsServer100;SQL Server Integration Services 10.0; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S3 MSOLAP$SQL08;SQL Server Analysis Services (SQL08); C:\Program Files\Microsoft SQL Server\MSAS10.SQL08\OLAP\bin\msmdsrv.exe [2009-03-30 43735400]
S3 MSSQL$SQL08;SQL Server (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\sqlservr.exe [2011-02-05 57917288]
S3 MSSQLFDLauncher$SQL08;SQL Full-text Filter Daemon Launcher (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent; C:\app\Jakub\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-03-12 83968]
S3 OracleOraDb11g_home2ClrAgent;OracleOraDb11g_home2ClrAgent; K:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-03-12 83968]
S3 OracleServiceORCL11;OracleServiceORCL11; k:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE [2010-03-30 134018048]
S3 OracleVssWriterORCL;Oracle ORCL VSS Writer Service; c:\app\jakub\product\11.2.0\dbhome_1\bin\OraVSSW.exe [2010-03-30 192000]
S3 OracleVssWriterORCL11;Oracle ORCL11 VSS Writer Service; k:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe [2010-03-30 192000]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ReportServer$SQL08;SQL Server Reporting Services (SQL08); C:\Program Files\Microsoft SQL Server\MSRS10.SQL08\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S3 SQLAgent$SQL08;SQL Server Agent (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S3 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1255736]
S4 Apache2.2;Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL; c:\app\jakub\product\11.2.0\dbhome_1\Bin\extjob.exe [2010-03-30 45568]
S4 OracleJobSchedulerORCL11;OracleJobSchedulerORCL11; k:\oracle\product\11.2.0\dbhome_1\Bin\extjob.exe [2010-03-30 45568]
-----------------EOF-----------------
dnes rano me privitala hlaska od esetu (legalne zakoupen stejne jako os) ze MBR sektor1. fyzickeho disku je infiltrovan Win32/Agent.SDG.Gen trojsky kun. Tlacitko lecit nepomaha. Po spusteni kontroly stejnou hlasku hazi i pro disky 3 a 4.
Rad bych vas pozadal o radu jak postupovat.
Predem dekuji.
Log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jakub at 2012-01-08 10:09:40
Microsoft Windows 7 Professional
System drive C: has 30 GB (15%) free of 200 GB
Total RAM: 4095 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:44, on 8.1.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\SC2RARu10\SC2RAR\SC2RAR.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\trend micro\Jakub.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SC2RAR - Shortcut.lnk = C:\SC2RARu10\SC2RAR\SC2RAR.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} (VMware Remote Console Plug-in 2.5.0.00000) -
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -
O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - C:\app\Jakub\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleOraDb11g_home2ClrAgent - Oracle Corporation - K:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home2TNSListener - Oracle Corporation - K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: OracleServiceORCL11 - Oracle Corporation - k:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: Oracle ORCL VSS Writer Service (OracleVssWriterORCL) - Unknown owner - c:\app\jakub\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: Oracle ORCL11 VSS Writer Service (OracleVssWriterORCL11) - Unknown owner - k:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10588 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
Ati2evxx.exe -Client
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -k runservice
C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe
C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe "OracleMTSRecoveryService"
\??\C:\Windows\system32\conhost.exe "-80325381-11333306271417005892989559031339049103-9331638921102959403-108127563
K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -d "C:/Program Files (x86)/Marvell/raid/Apache2"
c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
cmd /c ""C:\app\Jakub\product\11.2.0\dbhome_1\bin\emctl.bat" istart dbconsole"
C:\app\Jakub\product\11.2.0\dbhome_1\\perl\bin\perl.exe C:\app\Jakub\product\11.2.0\dbhome_1\bin\emwd.pl dbconsole
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess
\??\C:\Windows\system32\conhost.exe "8598574491427828188-1063851766-2128205691320828558-410138486-963244062426114300
cmd /c "C:\app\Jakub\product\11.2.0\dbhome_1/bin/execjavatemp.bat"
C:\app\Jakub\product\11.2.0\dbhome_1\jdk/bin/java -server -Xmx192M -XX:MaxPermSize=200M -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -DORACLE_HOME=C:\app\Jakub\product\11.2.0\dbhome_1 -Doracle.home=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j -Doracle.oc4j.localhome=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl/sysman -DEMSTATE=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl -Doracle.j2ee.dont.use.memory.archive=true -Djava.protocol.handler.pkgs=HTTPClient -Doracle.security.jazn.config=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/jazn.xml -Djava.security.policy=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/java2.policy -Djavax.net.ssl.KeyStore=C:\app\Jakub\product\11.2.0\dbhome_1/sysman/config/OCMTrustedCerts.txt-Djava.security.properties=C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/home/config/jazn.security.props -DEMDROOT=C:\app\Jakub\product\11.2.0\dbhome_1\localhost_orcl -Dsysman.md5password=true -Drepapi.oracle.home=C:\app\Jakub\product\11.2.0\dbhome_1 -Ddisable.checkForUpdate=true -Doracle.sysman.ccr.ocmSDK.websvc.keystore=C:\app\Jakub\product\11.2.0\dbhome_1/jlib/emocmclnt.ks -Dice.pilots.html4.ignoreNonGenericFonts=true -Djava.awt.headless=true -jar C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/home/oc4j.jar -config C:\app\Jakub\product\11.2.0\dbhome_1/oc4j/j2ee/OC4J_DBConsole_localhost_orcl/config/server.xml
"C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe"
"C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe"
C:\app\Jakub\product\11.2.0\dbhome_1/bin/emagent
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\SC2RARu10\SC2RAR\SC2RAR.exe"
"C:\Windows\System32\DeltaIITray.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=4588.06174000.2036729946 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Jakub\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jakub\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll" --lang=cs --channel=4588.0A7F9000.895826943 --flash-broker=4152 /prefetch:4
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=4588.05C7A480.224716698 /prefetch:3
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\totalcmd\TOTALCMD.EXE"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jakub\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2794234989-373363643-3910967931-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2794234989-373363643-3910967931-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\1uba89x8.default
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1, {0493D792-5C92-440b-81A8-AD6CDFC75212}:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609]
"Description"=12.0.1.609
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPJinit13122.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-19 43520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-12-20 382720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2716216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\real\realplayer\Update\realsched.exe [2010-12-20 274608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Download Centre.lnk]
C:\PROGRA~2\YAMAHA~1\DIGITA~1\Common\DOWNLO~1\DOWNLO~1.EXE [2009-11-10 419160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\PROGRA~2\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2010-07-30 41051]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk]
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2011-02-28 5120]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\DeltaIITray.exe []
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"MRUTray"=C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [2010-04-12 731176]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SC2RAR - Shortcut.lnk - C:\SC2RARu10\SC2RAR\SC2RAR.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-08 10:00:48 ----D---- C:\Program Files\trend micro
2012-01-08 10:00:47 ----D---- C:\rsit
2012-01-02 11:37:38 ----D---- C:\Program Files\Microsoft Games
2011-12-26 23:04:24 ----D---- C:\Users\Jakub\AppData\Roaming\Mumble
2011-12-26 23:03:51 ----D---- C:\Program Files (x86)\Mumble
2011-12-26 11:25:48 ----D---- C:\Users\Jakub\AppData\Roaming\calibre
2011-12-26 11:25:07 ----D---- C:\Program Files (x86)\Calibre2
2011-12-18 14:06:58 ----D---- C:\Users\Jakub\AppData\Roaming\Apple Computer
2011-12-18 13:37:40 ----D---- C:\Program Files (x86)\QuickTime
2011-12-18 13:37:38 ----D---- C:\ProgramData\Apple Computer
2011-12-18 13:34:54 ----D---- C:\Program Files (x86)\Apple Software Update
2011-12-18 11:31:10 ----D---- C:\ProgramData\Apple
2011-12-14 12:11:14 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 12:11:12 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 12:11:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-14 12:11:09 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 12:11:04 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 12:11:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-14 12:11:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-14 12:11:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-14 12:11:00 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 12:10:59 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-14 12:10:58 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\mstime.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 12:10:58 ----A---- C:\Windows\system32\iedkcs32.dll
2011-12-14 12:10:57 ----A---- C:\Windows\system32\iepeers.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-14 12:10:56 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\licmgr10.dll
2011-12-14 12:10:56 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 12:10:55 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-14 12:10:55 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-12-14 12:10:55 ----A---- C:\Windows\system32\url.dll
2011-12-14 12:10:55 ----A---- C:\Windows\system32\msfeedssync.exe
2011-12-14 12:10:36 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 12:10:34 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 12:10:34 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 12:10:24 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 12:10:24 ----A---- C:\Windows\system32\tzres.dll
2011-12-12 21:27:16 ----D---- C:\Program Files (x86)\Edgard
======List of files/folders modified in the last 1 month======
2012-01-08 10:09:42 ----D---- C:\Windows\Temp
2012-01-08 10:09:38 ----D---- C:\TEMP
2012-01-08 10:00:58 ----D---- C:\Windows\Prefetch
2012-01-08 10:00:48 ----RD---- C:\Program Files
2012-01-08 09:52:31 ----D---- C:\Windows\system32\config
2012-01-08 09:51:52 ----D---- C:\Users\Jakub\AppData\Roaming\Skype
2012-01-08 09:51:47 ----D---- C:\Users\Jakub\AppData\Roaming\skypePM
2012-01-08 09:49:21 ----D---- C:\ProgramData\VMware
2012-01-08 00:51:06 ----D---- C:\Users\Jakub\AppData\Roaming\uTorrent
2012-01-08 00:02:08 ----D---- C:\Users\Jakub\AppData\Roaming\vlc
2012-01-06 19:09:15 ----SHD---- C:\System Volume Information
2012-01-03 13:16:56 ----D---- C:\Windows\rescache
2012-01-03 09:13:45 ----D---- C:\Windows\system32\catroot2
2012-01-02 11:37:49 ----D---- C:\Windows\winsxs
2012-01-02 11:37:39 ----D---- C:\Windows\system32\en-US
2012-01-02 11:37:39 ----D---- C:\Windows\System32
2011-12-31 21:25:42 ----D---- C:\Windows\inf
2011-12-31 21:25:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-26 23:03:57 ----SHD---- C:\Windows\Installer
2011-12-26 23:03:51 ----RD---- C:\Program Files (x86)
2011-12-26 23:03:51 ----D---- C:\Windows\SysWOW64
2011-12-21 16:38:38 ----D---- C:\Users\Jakub\AppData\Roaming\dvdcss
2011-12-19 12:41:37 ----D---- C:\Users\Jakub\AppData\Roaming\Clone2Go Video Converter Professional
2011-12-19 12:32:48 ----AD---- C:\ProgramData\TEMP
2011-12-18 13:37:38 ----HD---- C:\ProgramData
2011-12-18 13:35:25 ----D---- C:\Program Files (x86)\Common Files
2011-12-18 11:33:17 ----D---- C:\Windows\system32\Tasks
2011-12-16 10:53:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-12-14 18:28:12 ----D---- C:\Program Files\Internet Explorer
2011-12-14 18:28:12 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-14 18:28:11 ----D---- C:\Windows\SYSWOW64\migration
2011-12-14 18:28:11 ----D---- C:\Windows\system32\migration
2011-12-14 17:21:45 ----RSD---- C:\Windows\assembly
2011-12-14 17:21:44 ----D---- C:\ProgramData\Microsoft Help
2011-12-14 17:21:31 ----D---- C:\Windows\system32\catroot
2011-12-14 17:20:12 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 17:18:10 ----D---- C:\Windows\SYSWOW64\en-US
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2009-10-27 22568]
R0 mv91xx;mv91xx; C:\Windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-28 230864]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-20 38448]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2009-10-20 65072]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-20 38960]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-20 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2009-10-20 76336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2010-03-23 304784]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\Windows\system32\DRIVERS\MAudioDelta.sys [2009-07-27 392712]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-20 20016]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-05-08 20520]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-04-12 235560]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
R2 OracleDBConsoleorcl;OracleDBConsoleorcl; C:\app\Jakub\product\11.2.0\dbhome_1\bin\nmesrvc.exe [2010-03-02 35328]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\app\Jakub\product\11.2.0\dbhome_1\bin\omtsreco.exe [2010-03-12 81408]
R2 OracleOraDb11g_home2TNSListener;OracleOraDb11g_home2TNSListener; K:\oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR []
R2 OracleServiceORCL;OracleServiceORCL; c:\app\jakub\product\11.2.0\dbhome_1\bin\ORACLE.EXE [2010-03-30 134018048]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe [2009-10-20 121392]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2009-10-20 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2009-10-20 399920]
R2 VMwareHostd;VMware Host Agent; C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access; C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener; C:\app\Jakub\product\11.2.0\dbhome_1\BIN\TNSLSNR []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 MsDtsServer100;SQL Server Integration Services 10.0; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S3 MSOLAP$SQL08;SQL Server Analysis Services (SQL08); C:\Program Files\Microsoft SQL Server\MSAS10.SQL08\OLAP\bin\msmdsrv.exe [2009-03-30 43735400]
S3 MSSQL$SQL08;SQL Server (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\sqlservr.exe [2011-02-05 57917288]
S3 MSSQLFDLauncher$SQL08;SQL Full-text Filter Daemon Launcher (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent; C:\app\Jakub\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-03-12 83968]
S3 OracleOraDb11g_home2ClrAgent;OracleOraDb11g_home2ClrAgent; K:\oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-03-12 83968]
S3 OracleServiceORCL11;OracleServiceORCL11; k:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE [2010-03-30 134018048]
S3 OracleVssWriterORCL;Oracle ORCL VSS Writer Service; c:\app\jakub\product\11.2.0\dbhome_1\bin\OraVSSW.exe [2010-03-30 192000]
S3 OracleVssWriterORCL11;Oracle ORCL11 VSS Writer Service; k:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe [2010-03-30 192000]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ReportServer$SQL08;SQL Server Reporting Services (SQL08); C:\Program Files\Microsoft SQL Server\MSRS10.SQL08\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S3 SQLAgent$SQL08;SQL Server Agent (SQL08); C:\Program Files\Microsoft SQL Server\MSSQL10.SQL08\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S3 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1255736]
S4 Apache2.2;Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL; c:\app\jakub\product\11.2.0\dbhome_1\Bin\extjob.exe [2010-03-30 45568]
S4 OracleJobSchedulerORCL11;OracleJobSchedulerORCL11; k:\oracle\product\11.2.0\dbhome_1\Bin\extjob.exe [2010-03-30 45568]
-----------------EOF-----------------
Stahnete si TDSSKiller 