Prosim o kontrolu logu, podozrenie

Zpráva

Knee · #1 Příspěvek od **Knee** » 15 zář 2010 22:36

Dnes som nechtiac natiahol priatelke nejaku haved do notasu, tak som pustil kontrolu cez nod + Spyware terminatora. Nod nasiel Kryptic.GTN 2x a Terminator nasiel Variant.Renos.24. Vsetko (vraj) zmazane ale poprosil by som vas este o kontrolu logu :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Maruška at 2010-09-15 23:09:06
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 1791 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:09:14, on 15. 9. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eInstruction\Device Manager\Launch.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
D:\Desktop\RSIT.exe
C:\Program Files\trend micro\Maruška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Kalendár.lnk = C:\Windows\MENINY.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eInstruction Device Manager.lnk = C:\Program Files\eInstruction\Device Manager\Launch.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6901 bytes

======Scheduled tasks folder======

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-29 7744032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-06 13797920]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-07-20 83240]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-08-22 133432]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-09-15 3037696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
eInstruction Device Manager.lnk - C:\Program Files\eInstruction\Device Manager\Launch.exe

C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Kalendár.lnk - C:\Windows\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-08-01 01:17:57 ----D---- C:\Program Files\Alcohol Soft
2011-08-01 01:14:15 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-09-15 23:09:06 ----D---- C:\rsit
2010-09-15 23:04:47 ----D---- C:\Program Files\trend micro
2010-09-15 21:00:45 ----D---- C:\Users\Maruška\AppData\Roaming\skypePM
2010-09-15 20:58:25 ----D---- C:\Users\Maruška\AppData\Roaming\Skype
2010-09-15 20:57:52 ----D---- C:\Program Files\Common Files\Skype
2010-09-15 20:57:45 ----RD---- C:\Program Files\Skype
2010-09-15 20:57:38 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2010-09-15 20:57:37 ----D---- C:\Users\Maruška\AppData\Roaming\Spyware Terminator
2010-09-15 20:57:33 ----D---- C:\ProgramData\Spyware Terminator
2010-09-15 20:57:30 ----D---- C:\ProgramData\Skype
2010-09-15 20:57:27 ----D---- C:\Program Files\Spyware Terminator
2010-09-15 14:50:49 ----A---- C:\Windows\Codec Pack - All In 1 Setup Log.txt
2010-09-15 14:26:57 ----D---- C:\Users\Maruška\AppData\Roaming\mIRC
2010-09-15 14:26:56 ----D---- C:\Program Files\mIRC
2010-09-14 21:30:52 ----D---- C:\Program Files\Windows SideShow
2010-09-14 21:26:31 ----D---- C:\Program Files\SideShow Gadgets
2010-09-08 21:06:58 ----D---- C:\Users\Maruška\AppData\Roaming\VitySoft
2010-09-08 21:06:17 ----D---- C:\ProgramData\Sun
2010-09-08 21:06:15 ----D---- C:\Program Files\Common Files\Java
2010-09-08 21:05:57 ----A---- C:\Windows\system32\deployJava1.dll
2010-09-08 21:05:56 ----A---- C:\Windows\system32\javaws.exe
2010-09-08 21:05:56 ----A---- C:\Windows\system32\javaw.exe
2010-09-08 21:05:56 ----A---- C:\Windows\system32\java.exe
2010-09-08 21:05:38 ----D---- C:\Program Files\Java
2010-09-08 11:34:24 ----A---- C:\Windows\unvise32.exe
2010-09-08 11:33:31 ----D---- C:\ExamView
2010-09-08 11:29:37 ----A---- C:\Windows\system32\tsccvid.dll
2010-09-08 11:29:21 ----A---- C:\Program Files\Common Files\eInstruction.ini
2010-09-08 11:12:09 ----D---- C:\Program Files\eInstruction
2010-09-08 11:01:59 ----D---- C:\Program Files\Interwrite Learning
2010-09-07 21:54:08 ----A---- C:\Windows\system32\unrar.dll
2010-09-07 21:54:06 ----A---- C:\Windows\avisplitter.ini
2010-09-07 21:53:58 ----A---- C:\Windows\system32\yv12vfw.dll
2010-09-07 21:53:58 ----A---- C:\Windows\system32\xvidvfw.dll
2010-09-07 21:53:58 ----A---- C:\Windows\system32\xvidcore.dll
2010-09-07 21:53:57 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-09-07 21:53:57 ----A---- C:\Windows\system32\ff_vfw.dll
2010-09-07 21:53:41 ----D---- C:\Program Files\K-Lite Codec Pack
2010-09-06 18:18:09 ----D---- C:\Program Files\WindowsUpdate
2010-09-06 18:18:09 ----D---- C:\Program Files\Western Digital Technologies
2010-09-06 18:18:09 ----D---- C:\Program Files\USB
2010-09-06 18:18:06 ----D---- C:\Program Files\SimpleOCR
2010-09-06 18:15:52 ----D---- C:\Program Files\Photoshop CS2
2010-09-06 18:15:50 ----D---- C:\Program Files\PDF Password Remover v3.0
2010-09-06 18:15:48 ----D---- C:\Program Files\PC Connectivity Solution
2010-09-06 18:15:48 ----D---- C:\Program Files\Outlook Express
2010-09-06 18:15:48 ----D---- C:\Program Files\Online Services
2010-09-06 18:15:47 ----D---- C:\Program Files\NetMeeting
2010-09-06 18:15:47 ----D---- C:\Program Files\MSXML 6.0
2010-09-06 18:15:47 ----D---- C:\Program Files\MSN Gaming Zone
2010-09-06 18:15:46 ----D---- C:\Program Files\Movie Maker
2010-09-06 18:15:46 ----D---- C:\Program Files\microsoft frontpage
2010-09-06 18:15:44 ----D---- C:\Program Files\Luidia
2010-09-06 18:15:40 ----D---- C:\Program Files\Intel
2010-09-06 18:15:38 ----D---- C:\Program Files\eBeam Interact
2010-09-06 18:15:27 ----D---- C:\Program Files\DVD X Studios
2010-09-06 18:15:27 ----D---- C:\Program Files\directx
2010-09-06 18:15:27 ----D---- C:\Program Files\CONEXANT
2010-09-06 18:15:22 ----D---- C:\Program Files\Alwil Software
2010-08-28 14:38:22 ----A---- C:\protokol o instalaci cestiny do hry starcraft.txt
2010-08-27 04:15:22 ----A---- C:\Windows\system32\MSVCP50.DLL
2010-08-27 04:14:17 ----A---- C:\Windows\IsUninst.exe
2010-08-25 01:04:54 ----A---- C:\Windows\system32\drivers\DB3G.sys
2010-08-25 01:00:43 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-24 20:53:13 ----A---- C:\Windows\iun6002.exe

======List of files/folders modified in the last 1 months======

2011-08-01 01:15:02 ----D---- C:\Windows\AppPatch
2010-09-15 23:09:10 ----D---- C:\Windows\Temp
2010-09-15 23:04:47 ----RD---- C:\Program Files
2010-09-15 21:40:23 ----D---- C:\Windows\system32\config
2010-09-15 21:30:49 ----D---- C:\Windows\System32
2010-09-15 21:30:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-15 21:30:47 ----D---- C:\Windows\inf
2010-09-15 21:25:43 ----D---- C:\Users\Maruška\AppData\Roaming\ICQ
2010-09-15 21:25:41 ----A---- C:\Windows\win.ini
2010-09-15 21:22:31 ----SHD---- C:\System Volume Information
2010-09-15 20:58:17 ----D---- C:\Windows\system32\Tasks
2010-09-15 20:58:16 ----SHD---- C:\Windows\Installer
2010-09-15 20:57:55 ----D---- C:\Windows\Prefetch
2010-09-15 20:57:52 ----D---- C:\Program Files\Common Files
2010-09-15 20:57:42 ----D---- C:\Windows\system32\drivers
2010-09-15 20:57:33 ----HD---- C:\ProgramData
2010-09-15 20:32:02 ----D---- C:\Windows\system32\catroot
2010-09-15 20:30:52 ----D---- C:\Windows
2010-09-15 20:29:09 ----D---- C:\Windows\Tasks
2010-09-14 21:29:43 ----RSD---- C:\Windows\assembly
2010-09-14 21:26:31 ----SD---- C:\Users\Maruška\AppData\Roaming\Microsoft
2010-09-14 21:23:09 ----D---- C:\Windows\Resources
2010-09-11 21:14:27 ----D---- C:\Windows\system32\drivers\UMDF
2010-09-11 15:03:04 ----D---- C:\Windows\system32\LogFiles
2010-09-09 07:33:28 ----SHD---- C:\$Recycle.Bin
2010-09-08 11:33:40 ----RSD---- C:\Windows\Fonts
2010-09-08 11:01:11 ----D---- C:\Program Files\Common Files\InstallShield
2010-09-03 23:59:53 ----D---- C:\Windows\system32\catroot2
2010-09-02 15:51:14 ----D---- C:\ProgramData\Microsoft Help
2010-09-01 10:00:25 ----D---- C:\Windows\system32\NDF
2010-09-01 09:52:09 ----SD---- C:\ProgramData\Microsoft
2010-08-26 23:09:05 ----D---- C:\Program Files\Mozilla Firefox
2010-08-25 01:05:40 ----D---- C:\Windows\system32\DriverStore
2010-08-25 01:04:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-24 20:27:20 ----D---- C:\Program Files\ICQ7.2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-01 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-09-15 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-29 2776672]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-12 66592]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 17920]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ayecxfk4;ayecxfk4; C:\Windows\system32\drivers\ayecxfk4.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\MARUKA~1\AppData\Local\Temp\GSWD338.tmp [2010-08-02 25616]
S3 Razerlow;Diamondback 3G USB Filter Driver; C:\Windows\System32\Drivers\DB3G.sys [2005-04-24 13225]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-02 582944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-06 211488]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-09-15 488960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-08-03 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 16 zář 2010 08:52

Zdravim a pekny den preji

Poprosim i o druhy log info.txt je ulozen zde c:\rsit

Doufam ze si jste vedom ze jste na bezpecnostnim forum, nelegalni sw - zvlaste antiry - zde nepodporujem. Takze predpokladam ze ten balicek ESS je legalni = zakoupena licence...

Knee · #3 Příspěvek od **Knee** » 16 zář 2010 15:44

Ahoj, tu je ten info.txt:

info.txt logfile of random's system information tool 1.08 2010-09-15 23:09:21

======Uninstall list======

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.3.4 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A93000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Astronomy Picture of the Day Gadget-->MsiExec.exe /I{A13DB50B-E9EB-4524-A1A1-875614DCC0D0}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x001b -removeonly
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~1\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~1\BS_PLA~1\INSTALL.LOG
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Convert Doc-->"C:\Program Files\Softinterface, Inc\Convert Doc\unins000.exe"
Cool Edit 2000-->C:\Program Files\Cool2000\ce2Kunin.exe
ExamView Assessment Suite-->C:\Windows\unvise32.exe C:\ExamView\uninst5.log
HotPotatoes v 6.3.0.3-->"C:\Program Files\HotPotatoes6\unins000.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Interwrite Content-->C:\Program Files\Interwrite Learning\Interwrite Content\_uninst\uninstaller.exe
Interwrite Workspace-->MsiExec.exe /I{1A09B5DE-A200-483A-BF76-4EF82520A5B9}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lingea Lexicon 2002-->C:\Windows\LgUninst.exe C:\Program Files\Lingea\Lex2002\Setup.exe
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
NET Installation Assistance for VB6 App (Runtime Only)-->MsiExec.exe /I{66333C41-085E-4DA1-8273-E2BCA382D766}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
Píšeme všetkými desiatimi-->C:\Program Files\Píšeme všetkými desiatimi\Uninstal.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SideShow GMail-->MsiExec.exe /I{C0B71676-17F8-444B-8A54-314EB4EC1E72}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x86-brcm.inf_x86_neutral_491ff2cd3fdb6fb0\bcbtums-win7x86-brcm.inf
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums32.inf_x86_neutral_b8810cb80e0c55de\bcbtums32.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid32.inf_x86_neutral_6c4f31312ffe9ed6\bcbthid32.inf
Windows SideShow Managed Runtime 1.0-->MsiExec.exe /X{3516C69A-024D-42A8-B948-FFAA7B9CC49A}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
yBook-->"C:\Program Files\yBook\unins000.exe"

======System event log======

Computer Name: Maruška-laptop
Event Code: 1014
Message: Name resolution for the name time.windows.com timed out after none of the configured DNS servers responded.
Record Number: 770
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100626145013.260400-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Maruška-laptop
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 763
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100626144959.407600-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Maruška-laptop
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 762
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100626144957.894400-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Maruška-laptop
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 664
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100626142507.464800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 7026
Message: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
cdrom
Record Number: 112
Source Name: Service Control Manager
Time Written: 20100626133859.255200-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Maruška-laptop
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 216
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100626141441.228000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Maruška-laptop
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 194
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100626141037.730000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Maruška-laptop
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 192
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100626141037.449200-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Maruška-laptop
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 182
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100626135545.028400-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 92
Source Name: Microsoft-Windows-Search
Time Written: 20100626134311.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100626133825.013200-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100626133825.013200-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x23902
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100626133824.623200-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100626133822.220800-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100626133822.111600-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC90.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC90.MFC;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 16 zář 2010 15:46

vyosek píše: Doufam ze si jste vedom ze jste na bezpecnostnim forum, nelegalni sw - zvlaste antiry - zde nepodporujem. Takze predpokladam ze ten balicek ESS je legalni = zakoupena licence...

K tomuto bych mohl dostat vyjadreni

Knee · #5 Příspěvek od **Knee** » 16 zář 2010 16:14

trial verzia

#6 Příspěvek od **vyosek** » 16 zář 2010 17:05

Dobra tedy, doufam ze pak bude licence zakoupena a ne crackuta - cracky antivir je spise vir nez anti - pripadne si vybrat nejaky free AV (doporucuji Avast ci Aviru)

Vypnete u Spyware Terminatora rezidentni stit - je v kolizi s ESS - navod na ST http://www.viry.cz/forum/viewtopic.php?f=29&t=44730

Kde byla havet hlasena

Pripadne dejte screeny karanten (navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114)

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
"AlcoholAutomount"=-
"SpywareTerminatorUpdate"=-

:services:
ICQ Service

:files
C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
C:\Program Files\ICQ6Toolbar
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

Knee · #7 Příspěvek od **Knee** » 16 zář 2010 18:42

Nod hlasil :
C:\Users\Maruška\AppData\Local\Temp\Kwf.exe - variant infiltrácie Win32/Kryptik.GTN trójsky kôň - vyliečený zmazaním - uložený do karantény [1]
C:\Users\Maruška\AppData\Local\Temp\Kwg.exe - variant infiltrácie Win32/Kryptik.GTN trójsky kôň - vyliečený zmazaním - uložený do karantény [1]

ST hlasil :

Log OTM:
All processes killed
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"www.google.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdate deleted successfully.
Error: Unable to interpret <:services:> in the current context!
Error: Unable to interpret <ICQ Service> in the current context!
========== FILES ==========
C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC6A8.tmp folder moved successfully.
C:\Windows\Temp\DMI3C34.tmp moved successfully.
C:\Windows\Temp\DMI6EE8.tmp moved successfully.
C:\Windows\Temp\exp27DC.tmp moved successfully.
C:\Windows\Temp\HTT6C25.tmp moved successfully.
C:\Windows\Temp\TS_30B0.tmp moved successfully.
C:\Windows\Temp\TS_46FF.tmp moved successfully.
C:\Windows\Temp\TS_4D95.tmp moved successfully.
C:\Windows\Temp\TS_515D.tmp moved successfully.
C:\Windows\Temp\TS_5B2D.tmp moved successfully.
C:\Windows\Temp\TS_6462.tmp moved successfully.
C:\Windows\Temp\TS_77F3.tmp moved successfully.
C:\Windows\Temp\TS_79F6.tmp moved successfully.
C:\Windows\Temp\TS_93ED.tmp moved successfully.
C:\Windows\Temp\TS_9DCD.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Maruška
->Temp folder emptied: 46503005 bytes
->Temporary Internet Files folder emptied: 76855295 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78011615 bytes
->Opera cache emptied: 39762918 bytes
->Flash cache emptied: 23986 bytes

User: Maru�ka
->Temp folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1167242 bytes
RecycleBin emptied: 1095763705 bytes

Total Files Cleaned = 1 276,00 mb

OTM by OldTimer - Version 3.1.16.1 log created on 09162010_192703

#8 Příspěvek od **vyosek** » 16 zář 2010 18:43

Oboji bylo smazano, v logu nic takoveho nebylo jiz

Jak se chova PC

Knee · #9 Příspěvek od **Knee** » 16 zář 2010 19:02

Tazko povedat ako sa chova teraz, pretoze podla mna bol pomaly uz ked ho priatelka kupila (Asus Eee seria

). Takze ani subjektivne to neviem porovnat. Nod uz cely den nic nehlasil. Snad uz je to v poriadku, dakujem za pomoc.

#10 Příspěvek od **vyosek** » 16 zář 2010 19:07

Jeste neutikejte, zkusime jeste neco udelat pro zrychleni

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Vlozte novy log ze RSITu

Knee · #11 Příspěvek od **Knee** » 18 zář 2010 16:47

Ahoj, vcera som nemohol prist takze log z RSIT:
BTW tou pomalostou som myslel skor hardware

Logfile of random's system information tool 1.08 (written by random/random)
Run by Maruška at 2010-09-18 17:39:45
Microsoft Windows 7 Ultimate
System drive C: has 16 GB (52%) free of 30 GB
Total RAM: 1791 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:39:55, on 18. 9. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eInstruction\Device Manager\Launch.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Desktop\RSIT.exe
C:\Program Files\trend micro\Maruška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Kalendár.lnk = C:\Windows\MENINY.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eInstruction Device Manager.lnk = C:\Program Files\eInstruction\Device Manager\Launch.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6EDBF779-6993-48AC-AEBF-64DE46B947CD}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 4880 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-29 7744032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-06 13797920]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-07-20 83240]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
eInstruction Device Manager.lnk - C:\Program Files\eInstruction\Device Manager\Launch.exe

C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kalendár.lnk - C:\Windows\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-08-01 01:17:57 ----D---- C:\Program Files\Alcohol Soft
2011-08-01 01:14:15 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-09-18 17:39:45 ----D---- C:\rsit
2010-09-18 17:23:00 ----D---- C:\Program Files\CCleaner
2010-09-18 15:48:51 ----D---- C:\Program Files\Defraggler
2010-09-17 22:42:19 ----D---- C:\Program Files\Moyea
2010-09-17 19:59:06 ----D---- C:\Users\Maruška\AppData\Roaming\Moyea
2010-09-17 17:02:16 ----D---- C:\Program Files\mIRCcz
2010-09-16 19:07:30 ----D---- C:\Windows\system32\appmgmt
2010-09-16 03:00:46 ----A---- C:\Windows\system32\iertutil.dll
2010-09-15 23:04:47 ----D---- C:\Program Files\trend micro
2010-09-15 21:00:45 ----D---- C:\Users\Maruška\AppData\Roaming\skypePM
2010-09-15 20:58:25 ----D---- C:\Users\Maruška\AppData\Roaming\Skype
2010-09-15 20:57:52 ----D---- C:\Program Files\Common Files\Skype
2010-09-15 20:57:45 ----RD---- C:\Program Files\Skype
2010-09-15 20:57:30 ----D---- C:\ProgramData\Skype
2010-09-15 20:32:59 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-15 14:26:57 ----D---- C:\Users\Maruška\AppData\Roaming\mIRC
2010-09-15 14:26:56 ----D---- C:\Program Files\mIRC
2010-09-14 21:30:52 ----D---- C:\Program Files\Windows SideShow
2010-09-14 21:26:31 ----D---- C:\Program Files\SideShow Gadgets
2010-09-08 21:06:58 ----D---- C:\Users\Maruška\AppData\Roaming\VitySoft
2010-09-08 21:06:17 ----D---- C:\ProgramData\Sun
2010-09-08 21:06:15 ----D---- C:\Program Files\Common Files\Java
2010-09-08 21:05:57 ----A---- C:\Windows\system32\deployJava1.dll
2010-09-08 21:05:56 ----A---- C:\Windows\system32\javaws.exe
2010-09-08 21:05:56 ----A---- C:\Windows\system32\javaw.exe
2010-09-08 21:05:56 ----A---- C:\Windows\system32\java.exe
2010-09-08 21:05:38 ----D---- C:\Program Files\Java
2010-09-08 11:34:24 ----A---- C:\Windows\unvise32.exe
2010-09-08 11:33:31 ----D---- C:\ExamView
2010-09-08 11:29:37 ----A---- C:\Windows\system32\tsccvid.dll
2010-09-08 11:29:21 ----A---- C:\Program Files\Common Files\eInstruction.ini
2010-09-08 11:12:09 ----D---- C:\Program Files\eInstruction
2010-09-08 11:01:59 ----D---- C:\Program Files\Interwrite Learning
2010-09-07 21:54:08 ----A---- C:\Windows\system32\unrar.dll
2010-09-07 21:54:06 ----A---- C:\Windows\avisplitter.ini
2010-09-07 21:53:58 ----A---- C:\Windows\system32\yv12vfw.dll
2010-09-07 21:53:58 ----A---- C:\Windows\system32\xvidvfw.dll
2010-09-07 21:53:58 ----A---- C:\Windows\system32\xvidcore.dll
2010-09-07 21:53:57 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-09-07 21:53:57 ----A---- C:\Windows\system32\ff_vfw.dll
2010-09-07 21:53:41 ----D---- C:\Program Files\K-Lite Codec Pack
2010-09-06 18:18:09 ----D---- C:\Program Files\WindowsUpdate
2010-09-06 18:18:09 ----D---- C:\Program Files\Western Digital Technologies
2010-09-06 18:18:09 ----D---- C:\Program Files\USB
2010-09-06 18:18:06 ----D---- C:\Program Files\SimpleOCR
2010-09-06 18:15:52 ----D---- C:\Program Files\Photoshop CS2
2010-09-06 18:15:50 ----D---- C:\Program Files\PDF Password Remover v3.0
2010-09-06 18:15:48 ----D---- C:\Program Files\PC Connectivity Solution
2010-09-06 18:15:48 ----D---- C:\Program Files\Outlook Express
2010-09-06 18:15:48 ----D---- C:\Program Files\Online Services
2010-09-06 18:15:47 ----D---- C:\Program Files\NetMeeting
2010-09-06 18:15:47 ----D---- C:\Program Files\MSXML 6.0
2010-09-06 18:15:47 ----D---- C:\Program Files\MSN Gaming Zone
2010-09-06 18:15:46 ----D---- C:\Program Files\Movie Maker
2010-09-06 18:15:46 ----D---- C:\Program Files\microsoft frontpage
2010-09-06 18:15:44 ----D---- C:\Program Files\Luidia
2010-09-06 18:15:40 ----D---- C:\Program Files\Intel
2010-09-06 18:15:38 ----D---- C:\Program Files\eBeam Interact
2010-09-06 18:15:27 ----D---- C:\Program Files\DVD X Studios
2010-09-06 18:15:27 ----D---- C:\Program Files\directx
2010-09-06 18:15:27 ----D---- C:\Program Files\CONEXANT
2010-09-06 18:15:22 ----D---- C:\Program Files\Alwil Software
2010-08-28 14:38:22 ----A---- C:\protokol o instalaci cestiny do hry starcraft.txt
2010-08-27 04:15:22 ----A---- C:\Windows\system32\MSVCP50.DLL
2010-08-27 04:14:17 ----A---- C:\Windows\IsUninst.exe
2010-08-25 01:04:54 ----A---- C:\Windows\system32\drivers\DB3G.sys
2010-08-25 01:00:43 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-24 20:53:13 ----A---- C:\Windows\iun6002.exe

======List of files/folders modified in the last 1 months======

2011-08-01 01:15:02 ----D---- C:\Windows\AppPatch
2010-09-18 17:39:49 ----D---- C:\Windows\Temp
2010-09-18 17:35:42 ----D---- C:\Windows\System32
2010-09-18 17:35:41 ----D---- C:\Windows\inf
2010-09-18 17:35:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-18 17:31:35 ----D---- C:\Windows\system32\config
2010-09-18 17:28:29 ----A---- C:\Windows\win.ini
2010-09-18 17:28:17 ----D---- C:\Windows
2010-09-18 17:28:11 ----RD---- C:\Program Files
2010-09-18 17:27:24 ----D---- C:\Windows\system32\drivers
2010-09-18 17:25:40 ----D---- C:\Users\Maruška\AppData\Roaming\Media Player Classic
2010-09-18 17:25:36 ----D---- C:\Windows\debug
2010-09-18 17:21:02 ----D---- C:\Windows\Prefetch
2010-09-18 15:57:21 ----SHD---- C:\System Volume Information
2010-09-17 21:48:49 ----D---- C:\Program Files\Mozilla Firefox
2010-09-17 11:19:17 ----SD---- C:\Users\Maruška\AppData\Roaming\Microsoft
2010-09-16 19:34:18 ----D---- C:\Windows\system32\wdi
2010-09-16 19:28:09 ----D---- C:\Windows\system32\drivers\etc
2010-09-16 19:27:17 ----D---- C:\Windows\system32\Tasks
2010-09-16 19:27:10 ----D---- C:\Windows\Tasks
2010-09-16 19:07:29 ----SHD---- C:\Windows\Installer
2010-09-16 16:35:15 ----SD---- C:\ProgramData\Microsoft
2010-09-16 07:52:16 ----D---- C:\Users\Maruška\AppData\Roaming\ICQ
2010-09-16 03:22:00 ----D---- C:\Windows\winsxs
2010-09-16 03:01:01 ----A---- C:\Windows\system32\MRT.exe
2010-09-16 03:00:53 ----D---- C:\Windows\system32\catroot2
2010-09-16 03:00:53 ----D---- C:\Windows\system32\catroot
2010-09-15 20:57:52 ----D---- C:\Program Files\Common Files
2010-09-15 20:57:33 ----HD---- C:\ProgramData
2010-09-14 21:29:43 ----RSD---- C:\Windows\assembly
2010-09-14 21:23:09 ----D---- C:\Windows\Resources
2010-09-11 21:14:27 ----D---- C:\Windows\system32\drivers\UMDF
2010-09-11 15:03:04 ----D---- C:\Windows\system32\LogFiles
2010-09-09 07:33:28 ----SHD---- C:\$Recycle.Bin
2010-09-08 11:33:40 ----RSD---- C:\Windows\Fonts
2010-09-08 11:01:11 ----D---- C:\Program Files\Common Files\InstallShield
2010-09-02 15:51:14 ----D---- C:\ProgramData\Microsoft Help
2010-09-01 10:00:25 ----D---- C:\Windows\system32\NDF
2010-08-25 01:05:40 ----D---- C:\Windows\system32\DriverStore
2010-08-25 01:04:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-24 20:27:20 ----D---- C:\Program Files\ICQ7.2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-01 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-29 2776672]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-12 66592]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 17920]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 agnqiv9v;agnqiv9v; C:\Windows\system32\drivers\agnqiv9v.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\MARUKA~1\AppData\Local\Temp\GSWD338.tmp []
S3 Razerlow;Diamondback 3G USB Filter Driver; C:\Windows\System32\Drivers\DB3G.sys [2005-04-24 13225]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-02 582944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-06 211488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-08-03 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]

-----------------EOF-----------------

#12 Příspěvek od **vyosek** » 19 zář 2010 00:02

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Jinak log vypada OK

Knee · #13 Příspěvek od **Knee** » 19 zář 2010 17:06

Hotovo, dakujem.

#14 Příspěvek od **vyosek** » 19 zář 2010 17:09

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Prosim o kontrolu logu, podozrenie

Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie

Re: Prosim o kontrolu logu, podozrenie