prosim radcov o kontrolu logu

Zpráva

amon1 · #1 Příspěvek od **amon1** » 27 bře 2011 18:00

Prosim o preventivnu kontrolu,pripadne ktore zbytočnosti mam fixnut-Logfile of random's system information tool 1.08 (written by random/random)
Run by notebook at 2011-03-27 18:51:55
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 134 GB (89%) free of 150 GB
Total RAM: 1976 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:01, on 27. 3. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\notebook\Downloads\RSIT.exe
C:\Program Files\trend micro\notebook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3730 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe [2011-02-27 234656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-27 18:51:55 ----D---- C:\rsit
2011-03-25 18:22:23 ----AD---- C:\Windows\VDLL.DLL
2011-03-25 18:22:23 ----AD---- C:\Windows\system32\runouce.exe
2011-03-25 18:22:23 ----AD---- C:\Windows\RUNDL132.EXE
2011-03-25 18:22:23 ----AD---- C:\Windows\logo_1.exe
2011-03-25 15:21:52 ----A---- C:\Windows\system32\msvcr80.dll
2011-03-25 15:21:51 ----A---- C:\Windows\system32\msvcp80.dll
2011-03-25 15:21:50 ----A---- C:\Windows\system32\eEmpty.exe
2011-03-25 15:21:45 ----D---- C:\Program Files\Common Files\MicroWorld
2011-03-25 15:21:40 ----D---- C:\ProgramData\MicroWorld
2011-03-25 15:11:25 ----D---- C:\Users\notebook\AppData\Roaming\Download Manager
2011-03-25 12:47:39 ----D---- C:\Program Files\Mozilla Firefox
2011-03-25 00:57:39 ----D---- C:\Program Files\Mozilla Thunderbird
2011-03-21 15:26:57 ----D---- C:\Program Files\Defraggler
2011-03-21 11:14:06 ----A---- C:\Windows\system32\javaws.exe
2011-03-21 11:14:06 ----A---- C:\Windows\system32\javaw.exe
2011-03-21 11:14:06 ----A---- C:\Windows\system32\java.exe
2011-03-16 00:56:37 ----A---- C:\Windows\system32\FntCache.dll
2011-03-16 00:56:37 ----A---- C:\Windows\system32\DWrite.dll
2011-03-16 00:56:36 ----A---- C:\Windows\system32\d2d1.dll
2011-03-11 14:32:48 ----D---- C:\Program Files\Common Files\Skype
2011-03-09 08:32:17 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 08:32:17 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 08:32:16 ----A---- C:\Windows\system32\sbe.dll
2011-03-07 11:41:18 ----D---- C:\Program Files\trend micro
2011-03-07 01:53:01 ----D---- C:\Users\notebook\AppData\Roaming\Spyware Terminator
2011-03-07 01:53:01 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-03-07 01:53:00 ----D---- C:\ProgramData\Spyware Terminator
2011-03-07 01:52:59 ----D---- C:\Program Files\Spyware Terminator
2011-03-02 14:19:03 ----D---- C:\Users\notebook\AppData\Roaming\ESET
2011-03-02 14:17:41 ----D---- C:\ProgramData\ESET
2011-03-02 14:17:41 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2011-03-27 18:52:01 ----D---- C:\Windows\Prefetch
2011-03-27 18:51:34 ----D---- C:\Windows\Temp
2011-03-27 11:53:58 ----D---- C:\Windows\system32\config
2011-03-27 11:26:32 ----D---- C:\Windows
2011-03-27 11:17:51 ----SHD---- C:\System Volume Information
2011-03-27 09:15:31 ----D---- C:\Windows\inf
2011-03-27 09:15:31 ----AD---- C:\Windows\System32
2011-03-27 09:15:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-26 13:11:04 ----SHD---- C:\Windows\Installer
2011-03-26 13:10:21 ----RD---- C:\Program Files
2011-03-25 21:33:01 ----D---- C:\Users\notebook\AppData\Roaming\Skype
2011-03-25 19:51:30 ----A---- C:\Windows\win.ini
2011-03-25 15:21:45 ----D---- C:\Program Files\Common Files
2011-03-25 15:21:40 ----HD---- C:\ProgramData
2011-03-25 12:46:14 ----D---- C:\Program Files\Mozilla Firefox 4.0
2011-03-25 09:48:13 ----RD---- C:\Program Files\Skype
2011-03-25 09:30:30 ----D---- C:\Windows\system32\catroot2
2011-03-23 21:36:32 ----D---- C:\Windows\system32\catroot
2011-03-21 16:41:23 ----D---- C:\Users\notebook\AppData\Roaming\uTorrent
2011-03-21 15:07:22 ----D---- C:\Windows\system32\Tasks
2011-03-21 15:02:32 ----D---- C:\Windows\system32\drivers
2011-03-21 15:02:32 ----D---- C:\Windows\IME
2011-03-21 11:14:02 ----D---- C:\Program Files\Java
2011-03-16 01:40:01 ----D---- C:\Windows\winsxs
2011-03-12 10:24:47 ----D---- C:\ProgramData\Kaspersky Lab
2011-03-11 01:34:58 ----D---- C:\Windows\debug
2011-03-10 20:27:17 ----D---- C:\Users\notebook\AppData\Roaming\skypePM
2011-03-09 17:40:06 ----A---- C:\Windows\system32\MRT.exe
2011-03-08 13:30:25 ----D---- C:\Program Files\CCleaner
2011-03-08 13:12:00 ----D---- C:\Windows\DigitalLocker
2011-03-07 01:46:40 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-03-03 16:52:00 ----D---- C:\ProgramData\TamoSoft
2011-03-03 16:46:08 ----D---- C:\Windows\system32\DriverStore
2011-03-02 13:54:03 ----D---- C:\ProgramData\Avira
2011-03-02 13:39:55 ----D---- C:\ProgramData\Comodo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-03-07 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-14 530944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-03-07 496128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1343400]

-----------------EOF-------

amon1 · #2 Příspěvek od **amon1** » 27 bře 2011 18:01

info.txt logfile of random's system information tool 1.08 2011-03-27 18:52:03

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin
Adobe Reader 9.4.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Ashampoo Burning Studio 2010 Advanced-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 2010 Advanced\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
LSI HDA Modem-->C:\Windows\agrsmdel
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Pandora's Box-->"C:\Program Files\Microsoft Games\Pandora's Box\setup" /runtemp /uninstall
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 4.0 (x86 sk)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Revo Uninstaller 1.91-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: notebook-PC
Event Code: 7
Message: Vyskytla sa hardvérová chyba. Udalosť obsahuje kód chyby špecifický pre dodávateľa.
Record Number: 2425
Source Name: BTHUSB
Time Written: 20101219100713.153220-000
Event Type: Warning
User:

Computer Name: notebook-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 2400
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20101218171031.261247-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: notebook-PC
Event Code: 7
Message: Vyskytla sa hardvérová chyba. Udalosť obsahuje kód chyby špecifický pre dodávateľa.
Record Number: 2361
Source Name: BTHUSB
Time Written: 20101218170540.519537-000
Event Type: Warning
User:

Computer Name: notebook-PC
Event Code: 1014
Message: Name resolution for the name download.windowsupdate.com timed out after none of the configured DNS servers responded.
Record Number: 2360
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101218170525.434310-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: notebook-PC
Event Code: 7
Message: Vyskytla sa hardvérová chyba. Udalosť obsahuje kód chyby špecifický pre dodávateľa.
Record Number: 2291
Source Name: BTHUSB
Time Written: 20101218170052.636821-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: notebook-PC
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets
Record Number: 259
Source Name: .NET Runtime Optimization Service
Time Written: 20101213103907.000000-000
Event Type: Warning
User:

Computer Name: notebook-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-790346966-1301536953-1311782660-1001:
Process 476 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-790346966-1301536953-1311782660-1001

Record Number: 228
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101213102124.091882-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: notebook-PC
Event Code: 9020
Message: Správca okien na pracovnej ploche zistil kritickú chybu (0x0)
Record Number: 160
Source Name: Desktop Window Manager
Time Written: 20101213093358.000000-000
Event Type: Error
User:

Computer Name: notebook-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 992) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application.
Record Number: 148
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20101213093220.970485-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: notebook-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Obnovení celého indexu}.

Record Number: 91
Source Name: Microsoft-Windows-Search
Time Written: 20101213093000.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: notebook-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x247907

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 346077
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110110111416.238891-000
Event Type: Audit Success
User:

Computer Name: notebook-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NOTEBOOK-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 9

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x247907
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x368
Process Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 346076
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110110111416.238891-000
Event Type: Audit Success
User:

Computer Name: notebook-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x2478d8

Logon Type: 9

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 346075
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110110111416.238891-000
Event Type: Audit Success
User:

Computer Name: notebook-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x2478d8

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 346074
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110110111416.238891-000
Event Type: Audit Success
User:

Computer Name: notebook-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NOTEBOOK-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 9

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x2478d8
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x368
Process Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 346073
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110110111416.238891-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

#3 Příspěvek od **Roli** » 27 bře 2011 18:50

Zdravím, tyhle zbytečnosti fixni v HJT :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

HJT najdeš zde :

C:\Program Files\trend micro\notebook.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Jinak nic špatného nevidím.

amon1 · #4 Příspěvek od **amon1** » 28 bře 2011 04:52

dakujem

#5 Příspěvek od **Roli** » 28 bře 2011 07:25

Není zač.

amon1 · #6 Příspěvek od **amon1** » 29 bře 2011 23:24

pridavam aj log po fixnuti a zastaveni služby google update pozri mi to prosim či je to takto OK a či som to urobil spravne.DakujemLogfile of random's system information tool 1.08 (written by random/random)
Run by notebook at 2011-03-30 00:18:04
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 133 GB (89%) free of 150 GB
Total RAM: 1976 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:18:05, on 30. 3. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\notebook\Downloads\RSIT.exe
C:\Program Files\trend micro\notebook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 2686 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-30 00:18:04 ----D---- C:\rsit
2011-03-25 18:22:23 ----AD---- C:\Windows\VDLL.DLL
2011-03-25 18:22:23 ----AD---- C:\Windows\system32\runouce.exe
2011-03-25 18:22:23 ----AD---- C:\Windows\RUNDL132.EXE
2011-03-25 18:22:23 ----AD---- C:\Windows\logo_1.exe
2011-03-25 15:21:52 ----A---- C:\Windows\system32\msvcr80.dll
2011-03-25 15:21:51 ----A---- C:\Windows\system32\msvcp80.dll
2011-03-25 15:21:50 ----A---- C:\Windows\system32\eEmpty.exe
2011-03-25 15:21:45 ----D---- C:\Program Files\Common Files\MicroWorld
2011-03-25 15:21:40 ----D---- C:\ProgramData\MicroWorld
2011-03-25 15:11:25 ----D---- C:\Users\notebook\AppData\Roaming\Download Manager
2011-03-25 12:47:39 ----D---- C:\Program Files\Mozilla Firefox
2011-03-25 00:57:39 ----D---- C:\Program Files\Mozilla Thunderbird
2011-03-21 15:26:57 ----D---- C:\Program Files\Defraggler
2011-03-21 11:14:06 ----A---- C:\Windows\system32\javaws.exe
2011-03-21 11:14:06 ----A---- C:\Windows\system32\javaw.exe
2011-03-21 11:14:06 ----A---- C:\Windows\system32\java.exe
2011-03-16 00:56:37 ----A---- C:\Windows\system32\FntCache.dll
2011-03-16 00:56:37 ----A---- C:\Windows\system32\DWrite.dll
2011-03-16 00:56:36 ----A---- C:\Windows\system32\d2d1.dll
2011-03-11 14:32:48 ----D---- C:\Program Files\Common Files\Skype
2011-03-09 08:32:17 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 08:32:17 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 08:32:16 ----A---- C:\Windows\system32\sbe.dll
2011-03-07 11:41:18 ----D---- C:\Program Files\trend micro
2011-03-07 01:53:01 ----D---- C:\Users\notebook\AppData\Roaming\Spyware Terminator
2011-03-07 01:53:01 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-03-07 01:53:00 ----D---- C:\ProgramData\Spyware Terminator
2011-03-07 01:52:59 ----D---- C:\Program Files\Spyware Terminator
2011-03-02 14:19:03 ----D---- C:\Users\notebook\AppData\Roaming\ESET
2011-03-02 14:17:41 ----D---- C:\ProgramData\ESET
2011-03-02 14:17:41 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2011-03-30 00:18:05 ----D---- C:\Windows\Temp
2011-03-30 00:14:58 ----D---- C:\Windows\system32\config
2011-03-30 00:14:48 ----D---- C:\Windows
2011-03-30 00:13:31 ----D---- C:\Windows\Prefetch
2011-03-29 23:37:26 ----D---- C:\Windows\inf
2011-03-29 23:37:26 ----AD---- C:\Windows\System32
2011-03-29 23:37:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-27 11:17:51 ----SHD---- C:\System Volume Information
2011-03-26 13:11:04 ----SHD---- C:\Windows\Installer
2011-03-26 13:10:21 ----RD---- C:\Program Files
2011-03-25 21:33:01 ----D---- C:\Users\notebook\AppData\Roaming\Skype
2011-03-25 19:51:30 ----A---- C:\Windows\win.ini
2011-03-25 15:21:45 ----D---- C:\Program Files\Common Files
2011-03-25 15:21:40 ----HD---- C:\ProgramData
2011-03-25 12:46:14 ----D---- C:\Program Files\Mozilla Firefox 4.0
2011-03-25 09:48:13 ----RD---- C:\Program Files\Skype
2011-03-25 09:30:30 ----D---- C:\Windows\system32\catroot2
2011-03-23 21:36:32 ----D---- C:\Windows\system32\catroot
2011-03-21 16:41:23 ----D---- C:\Users\notebook\AppData\Roaming\uTorrent
2011-03-21 15:07:22 ----D---- C:\Windows\system32\Tasks
2011-03-21 15:02:32 ----D---- C:\Windows\system32\drivers
2011-03-21 15:02:32 ----D---- C:\Windows\IME
2011-03-21 11:14:02 ----D---- C:\Program Files\Java
2011-03-16 01:40:01 ----D---- C:\Windows\winsxs
2011-03-12 10:24:47 ----D---- C:\ProgramData\Kaspersky Lab
2011-03-11 01:34:58 ----D---- C:\Windows\debug
2011-03-10 20:27:17 ----D---- C:\Users\notebook\AppData\Roaming\skypePM
2011-03-09 17:40:06 ----A---- C:\Windows\system32\MRT.exe
2011-03-08 13:30:25 ----D---- C:\Program Files\CCleaner
2011-03-08 13:12:00 ----D---- C:\Windows\DigitalLocker
2011-03-07 01:46:40 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-03-03 16:52:00 ----D---- C:\ProgramData\TamoSoft
2011-03-03 16:46:08 ----D---- C:\Windows\system32\DriverStore
2011-03-02 13:54:03 ----D---- C:\ProgramData\Avira
2011-03-02 13:39:55 ----D---- C:\ProgramData\Comodo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-03-07 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-14 530944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-03-07 496128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]

-----------------EOF-----------------

#7 Příspěvek od **Roli** » 30 bře 2011 06:59

Ano je to správně

amon1 · #8 Příspěvek od **amon1** » 30 bře 2011 12:06

ešte raz vdaka

#9 Příspěvek od **Roli** » 30 bře 2011 12:50

Není zač.

VIRY.CZ

prosim radcov o kontrolu logu

prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu

Re: prosim radcov o kontrolu logu