prosím o kontrolu logu

Zpráva

Jarus007 · #1 Příspěvek od **Jarus007** » 08 kvě 2012 17:29

Logfile of random's system information tool 1.09 (written by random/random)
Run by Spravca at 2012-05-08 17:44:01
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 11 GB (21%) free of 52 GB
Total RAM: 1013 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:44:46, on 8. 5. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files\Opera\opera.exe
C:\Users\Spravca\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Spravca\Downloads\Desktop\RSIT.exe
C:\Program Files\trend micro\Spravca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... share.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... w.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Služba Google Update (gupdate1ca0bc81ed42cfc) (gupdate1ca0bc81ed42cfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7102 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2019659501-2237543186-2324136240-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2019659501-2237543186-2324136240-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{F9FAD487-6FAB-4A82-B13B-B072FB01A2DA}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Spravca\AppData\Roaming\Mozilla\Firefox\Profiles\sg32byuy.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://us.yahoo.com"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, ffxtlbr@babylon.com:1.1.2, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313, {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2, bkmrksync@nokia.com:1.0.0.736, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, engine@conduit.com:3.3.3.2, personas@christopher.beard:1.6.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
Cetrumcz_igeared.xml
google.xml
McSiteAdvisor.xml
SearchResults.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Spravca\AppData\Roaming\Mozilla\Firefox\Profiles\sg32byuy.default\extensions\
personas@christopher.beard
staged
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-02 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-02 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-12 151552]
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-01-31 151552]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-01-31 126976]
"USB Storage Toolbox"=C:\Windows\UMStor\Res.EXE [2005-09-14 65536]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-01-31 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17148552]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2006-11-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-05-09 1286144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-12 457728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Spravca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\Spravca\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iNetFormFiller]
C:\Program Files\iNetFormFiller Trial\iNetFormFiller.exe [2008-01-28 1577472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-04-10 678672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2012-04-04 981680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-04-13 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
C:\Program Files\Uniblue\RegistryBooster\launcher.exe delay 20000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="eNetHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-01-31 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-08 17:35:23 ----D---- C:\rsit
2012-05-08 17:14:34 ----D---- C:\Program Files\Trend Micro
2012-05-01 18:32:16 ----D---- C:\Windows\Temp96A20901-ED34-C8A4-2BDE-23352CAE344D-Signatures
2012-04-29 11:08:43 ----D---- C:\Windows\pss
2012-04-28 19:00:34 ----A---- C:\Windows\system32\drivers\revoflt.sys
2012-04-28 19:00:24 ----D---- C:\Program Files\VS Revo Group
2012-04-28 18:51:55 ----A---- C:\TDSSKiller.2.7.11.0_28.04.2012_18.51.55_log.txt
2012-04-28 18:24:52 ----D---- C:\Users\Spravca\AppData\Roaming\SUPERAntiSpyware.com
2012-04-28 18:24:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-04-11 21:53:37 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 21:53:37 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 21:53:37 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 21:53:36 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 21:50:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-11 21:50:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-11 18:51:38 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 18:51:37 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 18:51:36 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 18:51:28 ----A---- C:\Windows\system32\url.dll
2012-04-11 18:51:27 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 18:51:26 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 18:51:18 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 18:51:15 ----A---- C:\Windows\system32\msfeeds.dll
2012-04-11 18:51:14 ----A---- C:\Windows\system32\mstime.dll
2012-04-11 18:51:13 ----A---- C:\Windows\system32\iedkcs32.dll
2012-04-11 18:51:12 ----A---- C:\Windows\system32\occache.dll
2012-04-11 18:51:12 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 18:51:12 ----A---- C:\Windows\system32\iepeers.dll
2012-04-11 18:51:11 ----A---- C:\Windows\system32\iesysprep.dll
2012-04-11 18:51:10 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 18:51:10 ----A---- C:\Windows\system32\ieUnatt.exe
2012-04-11 18:51:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-04-11 18:51:09 ----A---- C:\Windows\system32\iesetup.dll
2012-04-11 18:51:09 ----A---- C:\Windows\system32\iernonce.dll
2012-04-11 18:51:08 ----A---- C:\Windows\system32\licmgr10.dll
2012-04-11 18:51:07 ----A---- C:\Windows\system32\ie4uinit.exe
2012-04-11 18:51:06 ----A---- C:\Windows\system32\msfeedssync.exe

======List of files/folders modified in the last 1 month======

2012-05-08 17:43:52 ----D---- C:\Windows\Temp
2012-05-08 17:43:46 ----D---- C:\Windows\Prefetch
2012-05-08 17:27:56 ----D---- C:\Users\Spravca\AppData\Roaming\Skype
2012-05-08 17:20:01 ----SHD---- C:\System Volume Information
2012-05-08 17:14:59 ----SHD---- C:\Windows\Installer
2012-05-08 17:14:54 ----SD---- C:\Users\Spravca\AppData\Roaming\Microsoft
2012-05-08 17:14:34 ----RD---- C:\Program Files
2012-05-08 17:04:28 ----D---- C:\Program Files\Ashampoo
2012-05-08 16:45:19 ----D---- C:\Windows\system32\catroot2
2012-05-08 16:32:23 ----D---- C:\Windows\System32
2012-05-08 16:32:23 ----D---- C:\Windows\inf
2012-05-08 16:32:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-06 21:58:06 ----D---- C:\Windows\system32\catroot
2012-05-06 19:00:25 ----D---- C:\Windows
2012-05-06 19:00:22 ----D---- C:\Windows\system32\drivers
2012-05-06 19:00:19 ----D---- C:\Program Files\Microsoft Security Client
2012-05-06 11:09:47 ----D---- C:\Users\Spravca\AppData\Roaming\Mozilla
2012-05-05 20:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-04-29 11:31:58 ----D---- C:\Windows\Panther
2012-04-29 11:31:58 ----D---- C:\Windows\Debug
2012-04-29 11:24:46 ----D---- C:\Program Files\CCleaner
2012-04-28 19:40:39 ----D---- C:\Users\Spravca\AppData\Roaming\uTorrent
2012-04-28 19:38:34 ----D---- C:\ProgramData\Kaspersky Lab
2012-04-28 18:41:43 ----D---- C:\Program Files\CentrumczToolbar
2012-04-28 18:40:55 ----D---- C:\ProgramData\Yahoo!
2012-04-28 18:40:55 ----D---- C:\Program Files\Yahoo!
2012-04-28 18:39:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-04-28 18:39:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-04-28 18:25:01 ----D---- C:\Program Files\SUPERAntiSpyware
2012-04-28 18:24:52 ----HD---- C:\ProgramData
2012-04-21 17:23:01 ----D---- C:\MyWorks
2012-04-17 19:55:28 ----D---- C:\Users\Spravca\AppData\Roaming\dvdcss
2012-04-14 17:55:45 ----D---- C:\Windows\Microsoft.NET
2012-04-14 17:55:44 ----RSD---- C:\Windows\assembly
2012-04-13 19:34:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-12 20:02:00 ----D---- C:\Program Files\Internet Explorer
2012-04-12 20:01:59 ----D---- C:\Windows\system32\migration
2012-04-11 21:53:55 ----D---- C:\Windows\winsxs
2012-04-11 21:53:11 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 21:38:21 ----A---- C:\Windows\system32\mrt.exe
2012-04-11 21:37:45 ----D---- C:\Program Files\Windows Mail

#2 Příspěvek od **Mc_Murphy** » 08 kvě 2012 17:36

Hele, Tvůj nick je berousek, že ano?!

Přestaň zakládat duplicitní témata, ničeho tím nedocíliš, jedině problémů. Mimochodem mít tu dva nicky je proti pravidlům, takže si jeden smaž sám, nebo Ti to provedeme my!

Jarus007 · #3 Příspěvek od **Jarus007** » 08 kvě 2012 17:46

nerobim dupleticity začo sa ospravedlnujem ale opravujem tchyni pc tak jsem ji otevrel u vas učet

#4 Příspěvek od **Rudy** » 08 kvě 2012 17:48

Jarus007 píše:nerobim dupleticity začo sa ospravedlnujem ale opravujem tchyni pc tak jsem ji otevrel u vas učet

Proti tomu nic. Jen jste dal naprosto stejný log jako user berousek.

Jarus007 · #5 Příspěvek od **Jarus007** » 08 kvě 2012 17:50

tiež ma to napadlo až teraz,takže sa mi nato pozriete,lebo ma strašne pomaly internet.dakujem

#6 Příspěvek od **Rudy** » 08 kvě 2012 17:53

Rudy píše:
Jarus007 píše:nerobim dupleticity začo sa ospravedlnujem ale opravujem tchyni pc tak jsem ji otevrel u vas učet
Proti tomu nic. Jen jste dal naprosto stejný log jako user berousek.

Rád bych znal odpověď.

Jarus007 · #7 Příspěvek od **Jarus007** » 08 kvě 2012 18:14

ja som zabudol že to nie je moje pc tak som dal svoj nick a poslal logo ale medzi tym som sa so svojou tchyni rozhodol že im zrobím vlastny nick keby niečo aby som sa nemusel prihlasovat na svoj tak sa ešte raz ospravedlnujem.

#8 Příspěvek od **Rudy** » 08 kvě 2012 18:18

OK. Tým si toto hlídá, v minulosti se nám stalo, že měl jeden uživatel více nicků a dělal si z nás víceméně legraci.

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu