VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu z RSIT

https://forum.viry.cz:443/viewtopic.php?t=109620

Stránka 1 z 1

Kontrola logu z RSIT

Napsal: 18 úno 2011 18:10
od Gaudino
Ahoj, prosim o kontrolu logu a predem dekuji:-)

Logfile of random's system information tool 1.08 (written by random/random)
Run by gaudino at 2011-02-18 18:03:29
Microsoft Windows 7 Ultimate
System drive C: has 6 GB (21%) free of 30 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:52, on 18.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Total Comander\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Download\RSIT.exe
C:\Program Files\trend micro\gaudino.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 7582 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-705028249-1284108186-3128561551-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-705028249-1284108186-3128561551-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-05-04 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-01-27 1312848]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-29 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-29 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-29 96800]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
""= []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-12-17 395640]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Chit Chat for Facebook"=C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe [2010-11-16 3083264]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\gaudino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-01-29 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-02-18 18:03:30 ----D---- C:\Program Files\trend micro
2011-02-18 18:03:29 ----D---- C:\rsit
2011-02-18 11:10:03 ----D---- C:\Users\gaudino\AppData\Roaming\HPAppData
2011-02-13 13:14:33 ----A---- C:\Users\gaudino\AppData\Roaming\burnaware.ini
2011-02-13 13:13:34 ----D---- C:\Program Files\BurnAware Free
2011-02-09 10:11:32 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 10:11:31 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 10:11:28 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 10:11:28 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 10:11:25 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 10:11:20 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 10:11:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 10:11:19 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 10:11:14 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 10:11:14 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 10:11:13 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 10:11:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 10:11:12 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 10:11:07 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 10:11:07 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 10:11:06 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 10:11:06 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 10:11:06 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 10:11:06 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 10:11:05 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 10:11:03 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-03 15:08:31 ----A---- C:\Windows\wininit.ini
2011-02-03 10:38:13 ----D---- C:\ProgramData\SlySoft
2011-02-03 10:33:53 ----D---- C:\Program Files\SlySoft
2011-02-01 20:58:41 ----D---- C:\Users\gaudino\AppData\Roaming\EurekaLog
2011-02-01 18:52:09 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-01 18:49:23 ----A---- C:\Windows\system32\UIRibbon.dll
2011-02-01 18:49:22 ----A---- C:\Windows\system32\UIRibbonRes.dll
2011-02-01 18:47:53 ----D---- C:\Program Files\Common Files\Windows Live
2011-02-01 18:44:18 ----D---- C:\Program Files\RelevantKnowledge
2011-02-01 18:44:07 ----D---- C:\ProgramData\Chit Chat For Facebook
2011-02-01 18:44:07 ----D---- C:\Program Files\Chit Chat For Facebook
2011-02-01 18:43:52 ----D---- C:\Program Files\AutocompletePro
2011-02-01 18:23:42 ----D---- C:\Program Files\ICQ6Toolbar
2011-01-25 21:05:46 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-01-25 21:05:46 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2011-02-18 18:03:50 ----D---- C:\Windows\Temp
2011-02-18 18:03:30 ----RD---- C:\Program Files
2011-02-18 18:02:12 ----D---- C:\Windows\system32\config
2011-02-18 18:02:05 ----SHD---- C:\Windows\Installer
2011-02-18 18:02:05 ----HD---- C:\Config.Msi
2011-02-18 18:01:17 ----SHD---- C:\System Volume Information
2011-02-18 17:58:40 ----D---- C:\Users\gaudino\AppData\Roaming\uTorrent
2011-02-18 10:19:36 ----D---- C:\Windows\System32
2011-02-18 10:19:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-18 10:16:07 ----D---- C:\Windows\Prefetch
2011-02-18 10:15:11 ----HD---- C:\ProgramData
2011-02-17 21:26:25 ----D---- C:\Windows\system32\catroot2
2011-02-17 19:03:39 ----D---- C:\Program Files\Internet Explorer
2011-02-15 18:57:04 ----D---- C:\Windows\inf
2011-02-10 16:22:20 ----D---- C:\Windows\winsxs
2011-02-10 16:20:38 ----D---- C:\Windows\system32\drivers
2011-02-10 16:20:33 ----D---- C:\ProgramData\Microsoft Help
2011-02-10 16:18:43 ----A---- C:\Windows\system32\MRT.exe
2011-02-09 10:11:00 ----D---- C:\Windows\system32\catroot
2011-02-06 14:52:23 ----D---- C:\Users\gaudino\AppData\Roaming\Skype
2011-02-06 13:15:26 ----D---- C:\Users\gaudino\AppData\Roaming\skypePM
2011-02-03 15:08:31 ----AD---- C:\Windows
2011-02-03 12:33:55 ----D---- C:\Users\gaudino\AppData\Roaming\AIMP
2011-02-02 00:03:39 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-01 20:17:50 ----SD---- C:\ProgramData\Microsoft
2011-02-01 18:57:49 ----SD---- C:\Users\gaudino\AppData\Roaming\Microsoft
2011-02-01 18:47:53 ----D---- C:\Program Files\Common Files
2011-02-01 18:37:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-02-01 18:33:33 ----D---- C:\Windows\system32\DriverStore
2011-02-01 18:23:38 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-01 18:23:38 ----D---- C:\ProgramData\ICQ
2011-01-26 19:33:42 ----D---- C:\Windows\Minidump
2011-01-25 20:38:25 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-15 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-07 2506232]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2009-07-13 46080]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-11-10 35984]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-11-10 37392]
R3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver; C:\Windows\system32\DRIVERS\QuarticsWPMirror.sys [2010-10-27 22841]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 an7t0j6l;an7t0j6l; C:\Windows\system32\drivers\an7t0j6l.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 QuarticsWP;QuarticsWP_Display_Driver; C:\Windows\system32\DRIVERS\QuarticsWP.sys [2010-10-27 17497]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-29 203296]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2010-11-08 107136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-01-29 292944]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]

-----------------EOF-----------------

Re: Kontrola logu z RSIT

Napsal: 18 úno 2011 19:24
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Kontrola logu z RSIT

Napsal: 19 úno 2011 00:34
od Gaudino
Prikladam log z ComboFixu a diky

ComboFix 11-02-17.02 - gaudino 19.02.2011 0:14.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.888 [GMT 1:00]
Spuštěný z: f:\download\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\programdata\Desktop
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\gaudino\AppData\Roaming\EurekaLog

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-18 do 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 23:21 . 2011-02-18 23:23 -------- d-----w- c:\users\gaudino\AppData\Local\temp
2011-02-18 23:21 . 2011-02-18 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-18 17:03 . 2011-02-18 17:03 -------- d-----w- c:\program files\trend micro
2011-02-18 17:03 . 2011-02-18 17:03 -------- d-----w- C:\rsit
2011-02-18 10:10 . 2011-02-18 10:10 -------- d-----w- c:\users\gaudino\AppData\Roaming\HPAppData
2011-02-18 09:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5683B002-F746-4089-914F-EFA6932AEF94}\mpengine.dll
2011-02-13 12:13 . 2011-02-13 12:13 -------- d-----w- c:\program files\BurnAware Free
2011-02-11 13:01 . 2011-02-11 13:01 -------- d-----w- c:\users\gaudino\AppData\Local\TechSmith
2011-02-03 09:38 . 2011-02-03 09:38 -------- d-----w- c:\programdata\SlySoft
2011-02-03 09:33 . 2011-02-03 09:33 -------- d-----w- c:\program files\SlySoft
2011-02-01 19:45 . 2011-02-01 19:45 -------- d-----w- c:\users\gaudino\AppData\Local\Screamer Radio
2011-02-01 18:01 . 2011-02-01 18:01 -------- d-----w- c:\users\gaudino\AppData\Local\{6B615A21-736A-4677-8135-EF5DE3166502}
2011-02-01 18:01 . 2011-02-01 19:13 -------- d-----w- c:\users\gaudino\Tracing
2011-02-01 17:52 . 2011-02-18 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-01 17:49 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-01 17:49 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-01 17:47 . 2011-02-01 18:08 -------- d-----w- c:\users\gaudino\AppData\Local\Windows Live
2011-02-01 17:47 . 2011-02-01 17:47 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-01 17:44 . 2011-02-15 22:53 -------- d-----w- c:\programdata\Chit Chat For Facebook
2011-02-01 17:44 . 2011-02-12 17:59 -------- d-----w- c:\program files\Chit Chat For Facebook
2011-02-01 17:23 . 2011-02-01 17:23 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-25 20:05 . 2011-01-25 20:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-25 20:05 . 2011-01-25 20:07 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-06-29 18:46 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-05-28 14:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-05-28 14:08 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-05-28 14:08 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-05-28 14:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-05-28 14:08 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-05-28 14:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-14 13:43 . 2010-11-09 13:45 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:39 . 2010-11-09 13:45 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-12-14 13:39 . 2010-11-09 13:45 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-17 395640]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Chit Chat for Facebook"="c:\program files\Chit Chat For Facebook\CCFFacebook.exe" [2010-11-16 3083264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-29 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-29 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-29 96800]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

c:\users\gaudino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\gaudino\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Steam"="c:\program files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 QuarticsWP;QuarticsWP_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWP.sys [2010-10-27 17497]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-15 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWPMirror.sys [2010-10-27 22841]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705028249-1284108186-3128561551-1001Core.job
- c:\users\gaudino\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 13:02]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705028249-1284108186-3128561551-1001UA.job
- c:\users\gaudino\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 13:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\gaudino\AppData\Roaming\Mozilla\Firefox\Profiles\ypybeta3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Toggle Web Developer Toolbar: {c75a27d8-4529-449f-b67b-aba65d7a1c0a} - %profile%\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Dust-Me Selectors: {3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37} - %profile%\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-02-19 00:26:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-18 23:26

Před spuštěním: 6 442 176 512
Po spuštění: 6 290 067 456

- - End Of File - - D96A9879C42EC7D2B2EFDC4AE779491F

Re: Kontrola logu z RSIT

Napsal: 19 úno 2011 11:34
od Rudy
Několik položek bylo smazáno, zbytek logu vypadá čistý.

Re: Kontrola logu z RSIT

Napsal: 19 úno 2011 12:00
od Gaudino
Jeste jednou pekne dekuji za rychlost kontrol:-)

Snad uz ted notas pojede fajn!

Re: Kontrola logu z RSIT

Napsal: 19 úno 2011 12:40
od Rudy
Rádo se stalo!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz