Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu logu,děkuji

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tripp
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 03 úno 2007 21:41

prosím o kontrolu logu,děkuji

#1 Příspěvek od tripp »

Zdravím!
Dnes po kontrole PC programem Superantispyware objeveno možné riziko Rogue.Pallidium,tak se chci zeptat jestli je to nebezpečné nebo jen planý poplach?
Log Superantispyware:
http://www.superantispyware.com

Generated 01/08/2011 at 11:39 AM

Application Version : 4.35.1000

Core Rules Database Version : 6161
Trace Rules Database Version: 3973

Scan type : Complete Scan
Total Scan Time : 00:48:25

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 4505
Registry threats detected : 1
File items scanned : 14271
File threats detected : 37

Rogue.Pallidium
HKU\S-1-5-21-1085031214-1677128483-842925246-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS#WARNONPOSTREDIRECT

Adware.Tracking Cookie
C:\Documents and Settings\Zkušební\Cookies\zkušební@content.yieldmanager[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@content.yieldmanager[3].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@revsci[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@www.googleadservices[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@invitemedia[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@insightexpressai[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@tacoda.at.atwola[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@elkjop.112.2o7[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@user.lucidmedia[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@lfstmedia[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@xiti[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ad.wz[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@toplist[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads.kulturistika[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@adecn[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@account.samsungdive[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@smartadserver[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@tribalfusion[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@adbrite[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads.czc[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@serving-sys[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads.joj[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ad2.billboard[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@adform[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads.ookla[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@track.adform[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@collective-media[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads2.czc[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@tradedoubler[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@doubleclick[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@ads.oxyonline[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@2o7[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@interclick[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@advertising[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@statcounter[2].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@bs.serving-sys[1].txt
C:\Documents and Settings\Zkušební\Cookies\zkušební@adtech[1].txt

-poté proveden i test Malwarebytes-AntiMalware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5481

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8.1.2011 12:32:21
mbam-log-2011-01-08 (12-32-21).txt

Typ kontroly: Úplný test (C:\|D:\|I:\|)
Testované objekty: 198869
Uplynulý čas: 33 minut, 47 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

-poté i RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-01-08 12:35:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (16%) free of 21 GB
Total RAM: 1151 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:01, on 8.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Admin\Dokumenty\RSIT.exe
c:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8776553973
O16 - DPF: {ABF6E460-2F42-4F7E-91A2-549CBCB5D2D2} (NurisamDownloader Control) - http://www.nurisam.com:8081/include/Nur ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAMY\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\PROGRAMY\WiselinkPro.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - C:\Program Files\Zentimo\ZentimoService.exe

--
End of file - 7006 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-12-06 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-12-06 2069344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\PROGRAMY\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-12-05 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-09-06 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\PROGRAMY\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\viphone communicator\viphone communicator.exe"="C:\Program Files\viphone communicator\viphone communicator.exe:*:Enabled:viphone communicator"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Documents and Settings\Admin\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Admin\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"D:\VOIP Programy\Nonoh\Nonoh.exe"="D:\VOIP Programy\Nonoh\Nonoh.exe:*:Enabled:Nonoh"
"D:\VOIP Programy\JustVoip\JustVoip.exe"="D:\VOIP Programy\JustVoip\JustVoip.exe:*:Enabled:JustVoip"
"D:\VOIP Programy\VoipDiscount\VoipDiscount.exe"="D:\VOIP Programy\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"D:\VOIP Programy\VoipBuster\VoipBuster.exe"="D:\VOIP Programy\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-12-25 21:31:06 ----D---- C:\Program Files\Passware
2010-12-17 23:49:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-12-17 23:49:39 ----D---- C:\Program Files\DVD Shrink
2010-12-14 23:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-14 23:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-14 23:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-14 23:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-14 23:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-14 23:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-14 23:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-14 19:01:16 ----A---- C:\WINDOWS\system32\drivers\meiudf.sys
2010-12-14 19:01:15 ----D---- C:\Program Files\DVD-RAM
2010-12-14 19:01:15 ----A---- C:\WINDOWS\system32\RAMASST.exe
2010-12-14 19:01:15 ----A---- C:\WINDOWS\system32\DVDRAMSV.exe
2010-12-14 19:01:15 ----A---- C:\WINDOWS\system32\DVDMenu.dll
2010-12-12 10:25:55 ----D---- C:\Program Files\DVDFab 8
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\Pncrt.dll
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-12-12 09:52:23 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-12-12 09:52:22 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-12-12 09:52:22 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-12-12 09:52:17 ----D---- C:\Program Files\VSO
2010-12-12 09:42:51 ----D---- C:\totalcmd
2010-12-11 23:51:18 ----D---- C:\Documents and Settings\Admin\Data aplikací\Help
2010-12-11 22:58:52 ----A---- C:\WINDOWS\tcburner.ini
2010-12-10 09:41:38 ----D---- C:\Documents and Settings\Admin\Data aplikací\ImgBurn
2010-12-10 09:40:07 ----D---- C:\Program Files\ImgBurn
2010-12-10 09:32:17 ----D---- C:\Documents and Settings\Admin\Data aplikací\vlc

======List of files/folders modified in the last 1 months======

2011-01-08 12:35:57 ----D---- C:\Program Files\trend micro
2011-01-08 12:10:58 ----D---- C:\WINDOWS\Prefetch
2011-01-08 11:56:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-08 11:56:32 ----D---- C:\WINDOWS\system32\drivers
2011-01-08 11:53:43 ----AD---- C:\WINDOWS
2011-01-08 11:53:13 ----D---- C:\WINDOWS\temp
2011-01-08 11:51:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-08 10:51:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-08 10:46:16 ----A---- C:\WINDOWS\wincmd.ini
2011-01-08 10:42:16 ----RD---- C:\Program Files
2011-01-08 10:22:50 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-01-07 08:49:27 ----D---- C:\WINDOWS\system32
2011-01-07 08:47:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-07 08:47:27 ----HD---- C:\WINDOWS\inf
2011-01-07 08:47:26 ----D---- C:\WINDOWS\system32\cs-cz
2011-01-07 08:47:26 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-06 15:00:29 ----SHD---- C:\WINDOWS\Installer
2011-01-01 13:24:36 ----D---- C:\WINDOWS\WinSxS
2011-01-01 12:49:29 ----D---- C:\Program Files\Common Files
2010-12-21 23:32:36 ----D---- C:\WINDOWS\pss
2010-12-16 12:13:01 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-15 00:13:26 ----D---- C:\WINDOWS\Debug
2010-12-15 00:08:16 ----D---- C:\Program Files\Mozilla Firefox
2010-12-14 23:58:14 ----D---- C:\Program Files\Internet Explorer
2010-12-14 23:46:47 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-14 23:45:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-14 23:44:25 ----D---- C:\Program Files\Outlook Express
2010-12-12 10:24:45 ----D---- C:\Documents and Settings\Admin\Data aplikací\Vso
2010-12-10 21:02:33 ----A---- C:\Documents and Settings\Admin\Data aplikací\inst.exe
2010-12-10 19:59:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-10 19:56:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Teleca
2010-12-10 19:56:22 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-12-10 19:54:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-10 09:35:42 ----D---- C:\Program Files\EASEUS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-04-21 40560]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 697328]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-12-05 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-12-05 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-12-05 243024]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-12-02 105872]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R1 SASDIFSV;SASDIFSV; \??\C:\PROGRAMY\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\PROGRAMY\SASKUTIL.SYS []
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2010-04-21 385544]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2010-04-21 34392]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-10-03 281760]
R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2004-03-09 8568]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-10-03 25888]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SASENUM;SASENUM; \??\C:\PROGRAMY\SASENUM.SYS []
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 cpuz132;cpuz132; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz32.sys []
S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2005-04-23 11114]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuDisk;EASEUS Disk Enumerator; C:\WINDOWS\system32\DRIVERS\EuDisk.sys [2009-12-02 122504]
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-04-04 47360]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-06-19 64512]
S3 rtl8029;rtl8029; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2004-03-31 15360]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\WNt500x86\Sandra.sys []
S3 Ser2pl;SIEMENS Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-05-07 41472]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-18 131000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-09-06 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-09-06 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2008-09-29 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-12-05 308136]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-02-25 1352960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
R2 ZentimoService;Zentimo Assistant; C:\Program Files\Zentimo\ZentimoService.exe [2010-10-28 240976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\PROGRAMY\WiselinkPro.exe [2009-12-08 3008000]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate1c9f65eb7b38480;gupdate1c9f65eb7b38480; C:\Program Files\Google\Update\GoogleUpdate.exe /svc []

-----------------EOF-----------------
Díky moc :worship:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: prosím o kontrolu logu,děkuji

#2 Příspěvek od Rudy »

Také zdravím! Log vypadá OK. Pokud SaS vše nalzené smazal, PC by měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“