VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=108404

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 11 led 2011 16:19
od fausto17
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-01-11 16:16:30
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 4 GB (5%) free of 76 GB
Total RAM: 2046 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:17:13, on 11. 1. 2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18542)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\6010RMT.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\6010RMT.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "E:\SH5\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] E:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: TV Expert Schedule Agent.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6009 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe -silent []
"TV Card Remote Control Device Monitor"=C:\Windows\6010RMT.exe [2009-09-15 520192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Steam"=E:\SH5\Steam.exe -silent []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"RGSC"=E:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
TV Expert Schedule Agent.lnk - C:\Program Files\TV Expert\ADTVScheduleAgent.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-01-09 18:57:23 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-01-09 18:57:23 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-01-09 18:57:23 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-01-09 18:57:22 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-01-09 18:57:21 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-01-09 18:57:21 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-01-09 18:57:20 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-01-09 18:57:19 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-01-09 18:57:18 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-01-09 18:57:18 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-01-09 18:57:16 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-01-09 18:57:15 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-01-09 18:57:15 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-01-09 18:57:13 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-01-09 18:57:13 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-01-09 18:57:12 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-01-09 18:57:12 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-01-09 18:57:10 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-01-09 18:57:09 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-01-09 18:57:09 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-12-27 19:26:28 ----D---- C:\Program Files\trend micro
2010-12-27 19:26:27 ----D---- C:\rsit
2010-12-22 12:51:43 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-12-22 12:50:33 ----D---- C:\Program Files\PC Connectivity Solution
2010-12-21 20:44:29 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-12-21 20:44:29 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-12-21 20:44:27 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-12-21 20:44:24 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-12-21 20:44:23 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-12-16 22:22:42 ----D---- C:\Windows\Minidump
2010-12-15 15:11:34 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 15:11:27 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 15:11:26 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 15:11:26 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 15:11:24 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 15:11:24 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 15:11:16 ----A---- C:\Windows\system32\consent.exe
2010-12-15 15:11:08 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 15:11:06 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 15:11:05 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 15:10:50 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 15:10:47 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 15:10:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 15:10:44 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 15:10:41 ----A---- C:\Windows\system32\ieapfltr.dll
2010-12-15 15:10:38 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 15:10:37 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 15:10:34 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 15:10:32 ----A---- C:\Windows\system32\ieaksie.dll
2010-12-15 15:10:31 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 15:10:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 15:10:30 ----A---- C:\Windows\system32\occache.dll
2010-12-15 15:10:30 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 15:10:30 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 15:10:30 ----A---- C:\Windows\system32\ieencode.dll
2010-12-15 15:09:52 ----A---- C:\Windows\system32\tzres.dll
2010-12-12 18:48:45 ----A---- C:\Windows\system32\infocardapi.dll
2010-12-12 18:48:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-12-12 18:48:40 ----A---- C:\Windows\system32\icardres.dll
2010-12-12 18:48:40 ----A---- C:\Windows\system32\icardagt.exe
2010-12-12 18:48:34 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-12-12 18:26:13 ----A---- C:\Windows\system32\mscorier.dll
2010-12-12 18:25:58 ----A---- C:\Windows\system32\mscories.dll
2010-12-12 18:20:25 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-12-12 18:20:23 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-12-12 18:20:21 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-12-12 18:20:21 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-12-12 18:20:17 ----A---- C:\Windows\system32\D3DX9_37.dll

======List of files/folders modified in the last 1 months======

2011-01-11 16:16:49 ----D---- C:\Windows\Temp
2011-01-11 16:16:42 ----D---- C:\Windows\Prefetch
2011-01-11 15:56:37 ----SHD---- C:\System Volume Information
2011-01-11 15:56:15 ----D---- C:\Windows\System32
2011-01-11 15:56:15 ----D---- C:\Windows\inf
2011-01-11 15:56:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-09 19:45:13 ----HD---- C:\ProgramData
2011-01-09 19:44:48 ----SHD---- C:\Windows\Installer
2011-01-09 19:44:25 ----RSD---- C:\Windows\assembly
2011-01-09 19:19:36 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-09 19:08:42 ----D---- C:\Windows\system32\catroot2
2011-01-09 15:44:54 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2011-01-09 13:25:49 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2011-01-09 13:21:18 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2011-01-03 15:59:36 ----D---- C:\Windows\system32\Msdtc
2011-01-03 15:59:32 ----D---- C:\Windows\system32\wbem
2011-01-03 15:59:32 ----D---- C:\Windows
2011-01-03 15:58:38 ----D---- C:\Windows\system32\config
2011-01-03 15:58:25 ----D---- C:\Windows\Tasks
2011-01-03 15:58:25 ----D---- C:\Windows\system32\spool
2011-01-03 15:58:25 ----D---- C:\Windows\system32\CodeIntegrity
2011-01-03 15:58:22 ----D---- C:\Windows\registration
2010-12-28 18:36:31 ----D---- C:\Program Files\RelevantKnowledge
2010-12-27 21:08:13 ----D---- C:\Users\Admin\AppData\Roaming\dvdcss
2010-12-27 19:26:28 ----RD---- C:\Program Files
2010-12-22 21:27:47 ----D---- C:\Windows\system32\catroot
2010-12-22 16:19:06 ----D---- C:\Users\Admin\AppData\Roaming\Any Video Converter
2010-12-22 12:52:09 ----D---- C:\ProgramData\Installations
2010-12-22 12:51:44 ----D---- C:\Windows\system32\drivers
2010-12-22 12:51:43 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-22 12:48:53 ----D---- C:\Program Files\Common Files\Nokia
2010-12-22 12:48:52 ----D---- C:\Program Files\Nokia
2010-12-21 16:41:34 ----D---- C:\ProgramData\Media Center Programs
2010-12-16 17:00:16 ----D---- C:\Windows\rescache
2010-12-16 16:49:49 ----D---- C:\Windows\winsxs
2010-12-16 16:29:49 ----D---- C:\Program Files\Windows Mail
2010-12-16 16:29:39 ----D---- C:\Program Files\Internet Explorer
2010-12-16 16:23:08 ----D---- C:\Windows\system32\sk-SK
2010-12-16 16:18:52 ----A---- C:\Windows\system32\mrt.exe
2010-12-12 21:03:40 ----D---- C:\Users\Admin\AppData\Roaming\BitTorrent
2010-12-12 19:29:56 ----D---- C:\Windows\system32\XPSViewer
2010-12-12 19:29:56 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-25 717296]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-24 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-28 919552]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-09 3483648]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-04-17 168448]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-05-12 36992]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2009-04-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-05-20 43392]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 apk81w5a;apk81w5a; C:\Windows\system32\drivers\apk81w5a.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-05-14 54400]
S3 UDXTTM6010;DTV-DVB UDXTTM6010 - USB 2.0 Receiver; C:\Windows\System32\Drivers\UDXTTM6010.sys [2008-09-26 757376]
S3 UDXTTM6010HID;Ai-Stick - HID Driver; C:\Windows\system32\drivers\UDXTTM6010HID.sys [2007-02-23 17408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-09 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MSR Service;Virtual Disk Service Manager; C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-06-19 144752]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-04 395048]

-----------------EOF-----------------

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 19:12
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 20:06
od fausto17
ComboFix 11-01-10.08 - Admin . 01. 2011 19:32:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.2046.1064 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlvknlg.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 18:29 . 2011-01-11 18:29 -------- d-----w- C:\32788R22FWJFW
2011-01-11 17:41 . 2011-01-11 17:41 -------- d-----w- c:\program files\CCleaner
2011-01-11 14:55 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9DAB920-9996-4B79-B395-15CC46F0F796}\mpengine.dll
2010-12-27 18:26 . 2011-01-11 15:16 -------- d-----w- c:\program files\trend micro
2010-12-27 18:26 . 2010-12-27 18:27 -------- d-----w- C:\rsit
2010-12-22 11:51 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-22 11:50 . 2010-12-22 11:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-21 19:44 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-21 19:44 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-21 19:44 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-21 19:44 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-21 19:44 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-15 14:09 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 14:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 20:09 . 2010-11-21 20:09 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 09:41 . 2010-04-15 10:25 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-6-19 2528608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-306867900-4196537025-351494371-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R3 UDXTTM6010;DTV-DVB UDXTTM6010 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6010.sys [2008-09-26 757376]
R3 UDXTTM6010HID;Ai-Stick - HID Driver;c:\windows\system32\drivers\UDXTTM6010HID.sys [2007-02-23 17408]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RGSC - e:\gta4\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 20:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*-*A*R*R*O*W*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,3c,9b,a9,20,c7,da,36,db,95,2d,c7,b3,e7,5e,02,48,44,74,26,40,76,75,
00,5f,03,c1,45,b3,e0,ec,a8,78,d7,7e,4c,5d,09,28,89,01,28,a3,3b,17,27,45,5d,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\SecuROM\License information*]
"datasecu"=hex:85,47,b9,60,b3,e8,46,99,77,c5,8d,d9,2a,7e,cd,43,a6,a7,8d,58,c9,
37,58,5d,9a,92,72,fb,84,cf,bd,1b,ee,9c,cf,41,cc,ab,c8,44,2a,8e,7e,2b,ef,3b,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-11 20:04:52
ComboFix-quarantined-files.txt 2011-01-11 19:04

Pre-Run: 14 925 754 368 bytes free
Post-Run: 14 870 044 672 bytes free

- - End Of File - - DAEAFB631FE6514142CEA9C3FE3E943D

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 20:41
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com
c:\program files\RelevantKnowledge

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 21:25
od fausto17
ComboFix 11-01-10.08 - Admin . 01. 2011 20:56:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.2046.1040 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 20:11 . 2011-01-11 20:12 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-01-11 20:11 . 2011-01-11 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 17:41 . 2011-01-11 17:41 -------- d-----w- c:\program files\CCleaner
2011-01-11 14:55 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9DAB920-9996-4B79-B395-15CC46F0F796}\mpengine.dll
2010-12-27 18:26 . 2011-01-11 15:16 -------- d-----w- c:\program files\trend micro
2010-12-27 18:26 . 2010-12-27 18:27 -------- d-----w- C:\rsit
2010-12-22 11:51 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-22 11:50 . 2010-12-22 11:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-21 19:44 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-21 19:44 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-21 19:44 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-21 19:44 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-21 19:44 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-15 14:09 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 14:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 20:09 . 2010-11-21 20:09 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 09:41 . 2010-04-15 10:25 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-6-19 2528608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-306867900-4196537025-351494371-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R3 UDXTTM6010;DTV-DVB UDXTTM6010 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6010.sys [2008-09-26 757376]
R3 UDXTTM6010HID;Ai-Stick - HID Driver;c:\windows\system32\drivers\UDXTTM6010HID.sys [2007-02-23 17408]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 21:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*-*A*R*R*O*W*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,3c,9b,a9,20,c7,da,36,db,95,2d,c7,b3,e7,5e,02,48,44,74,26,40,76,75,
00,5f,03,c1,45,b3,e0,ec,a8,78,d7,7e,4c,5d,09,28,89,01,28,a3,3b,17,27,45,5d,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-306867900-4196537025-351494371-1000\Software\SecuROM\License information*]
"datasecu"=hex:85,47,b9,60,b3,e8,46,99,77,c5,8d,d9,2a,7e,cd,43,a6,a7,8d,58,c9,
37,58,5d,9a,92,72,fb,84,cf,bd,1b,ee,9c,cf,41,cc,ab,c8,44,2a,8e,7e,2b,ef,3b,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-11 21:24:22
ComboFix-quarantined-files.txt 2011-01-11 20:24
ComboFix2.txt 2011-01-11 19:04

Pre-Run: 14 786 416 640 bytes free
Post-Run: 14 760 366 080 bytes free

- - End Of File - - C3DB78CA07756C295A214B543175A6A5

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 21:30
od Rudy
Log již vypadá čistý.

Re: Prosím o kontrolu logu

Napsal: 11 led 2011 21:45
od fausto17
Pomohlo to, počítač šlape jak hodinky.
Velmi pekne ďakujem a príjemný večer.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz