VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola RSIT

https://forum.viry.cz:443/viewtopic.php?t=110838

Stránka 1 z 1

kontrola RSIT

Napsal: 06 dub 2011 18:44
od terihostak
Prosím o kontrolu RSIT, počítač je pomalý a Avast stále hlásí podezřejé soubory, děkuju moc

Logfile of random's system information tool 1.08 (written by random/random)
Run by teri at 2011-04-06 19:11:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 185 GB (78%) free of 238 GB
Total RAM: 1013 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:28:50, on 6.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\BisonC07\BisonM07.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\teri\Local Settings\Temporary Internet Files\Content.IE5\JLFGLSQM\RSIT[1].exe
C:\Program Files\trend micro\teri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll
O2 - BHO: ToggleEN - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

--
End of file - 8548 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6413052A-4FE1-416F-965E-4C7E8AAE14C6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\prxtbTog0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\prxtbTog0.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-09-28 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-09-28 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-09-28 141336]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-25 1594664]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-25 18789408]
"BisonMnt"=C:\WINDOWS\BisonC07\BisonM07.exe [2009-05-05 36864]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-09-29 4470600]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-08-13 1282048]
"Device Detector"=DevDetect.exe -autorun []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-09-24 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\PinnacleExtractor\Programs\RM.exe"="C:\Documents and Settings\All Users\PinnacleExtractor\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Documents and Settings\All Users\PinnacleExtractor\Programs\Studio.exe"="C:\Documents and Settings\All Users\PinnacleExtractor\Programs\Studio.exe:*:Enabled:Studio"
"C:\Documents and Settings\All Users\PinnacleExtractor\Programs\umi.exe"="C:\Documents and Settings\All Users\PinnacleExtractor\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-04-06 19:11:21 ----D---- C:\Program Files\trend micro
2011-04-06 19:11:20 ----D---- C:\rsit
2011-04-03 17:19:25 ----D---- C:\Documents and Settings\teri\Application Data\PriceGong
2011-03-24 23:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-17 22:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-12 20:41:00 ----D---- C:\Program Files\HP
2011-03-12 20:40:29 ----HD---- C:\Config.Msi
2011-03-12 20:36:46 ----D---- C:\Temp
2011-03-12 19:11:26 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-03-11 19:57:37 ----D---- C:\WINDOWS\system32\appmgmt
2011-03-10 20:32:27 ----D---- C:\WINDOWS\Sun
2011-03-10 20:20:13 ----D---- C:\Documents and Settings\teri\Application Data\3M
2011-03-10 20:14:01 ----D---- C:\Documents and Settings\teri\Application Data\Diary
2011-03-09 16:19:35 ----D---- C:\Documents and Settings\teri\Application Data\Apple Computer
2011-03-09 10:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 10:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$

======List of files/folders modified in the last 1 months======

2011-04-06 19:13:35 ----D---- C:\WINDOWS\Temp
2011-04-06 19:12:27 ----D---- C:\WINDOWS\Prefetch
2011-04-06 19:11:21 ----RD---- C:\Program Files
2011-04-06 19:04:00 ----SD---- C:\WINDOWS\Tasks
2011-04-06 19:03:14 ----D---- C:\WINDOWS\system32
2011-04-06 19:03:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-06 18:59:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-06 15:36:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-25 08:26:18 ----D---- C:\WINDOWS
2011-03-24 23:13:30 ----HD---- C:\WINDOWS\inf
2011-03-23 23:18:39 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-17 22:33:38 ----A---- C:\WINDOWS\imsins.BAK
2011-03-17 22:33:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-12 19:17:22 ----D---- C:\WINDOWS\system32\drivers
2011-03-11 19:57:37 ----SHD---- C:\WINDOWS\Installer
2011-03-11 19:57:15 ----D---- C:\Program Files\Sony
2011-03-09 10:47:13 ----D---- C:\WINDOWS\Debug
2011-03-09 10:47:04 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3b51c15d;MpKsl3b51c15d; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{389DDD38-22ED-4F13-9199-250593D734B2}\MpKsl3b51c15d.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2009-09-03 40704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-11-05 2485504]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-07-09 991264]
R3 Cam5607;Lenovo EasyCamera ; C:\WINDOWS\System32\Drivers\BisonC07.sys [2009-11-19 1214192]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-09-24 6301696]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-25 5962240]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-11-25 230576]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 MpKsl0943c245;MpKsl0943c245; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85879FB2-996B-42B8-A2BD-413407E693F8}\MpKsl0943c245.sys []
S1 MpKslb5474f22;MpKslb5474f22; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8ACC6-F0EB-4DF8-BB87-AA0B8A847FEE}\MpKslb5474f22.sys []
S1 MpKslbf690dfa;MpKslbf690dfa; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B47C05AA-E35D-488B-BCDB-071CA4DD11C1}\MpKslbf690dfa.sys []
S1 MpKsld091c795;MpKsld091c795; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2D10B52-1C0D-41A6-98AB-6ECF217AFBDE}\MpKsld091c795.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-09-30 175104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2009-08-14 349528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-24 153376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: kontrola RSIT

Napsal: 06 dub 2011 18:52
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: kontrola RSIT

Napsal: 06 dub 2011 20:51
od terihostak
děkuju mockrat, udělala jsem vse podle pokynu a vytvorilo mi to tento log:

ComboFix 11-04-05.02 - teri 06.04.2011 20:59:18.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1013.379 [GMT 2:00]
Spuštěný z: c:\documents and settings\teri\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hpe13B.dll
c:\documents and settings\teri\Application Data\PriceGong
c:\documents and settings\teri\Application Data\PriceGong\Data\1.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\a.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\b.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\c.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\d.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\e.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\f.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\g.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\h.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\i.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\J.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\k.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\l.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\m.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\n.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\o.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\p.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\q.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\r.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\s.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\t.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\u.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\v.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\w.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\x.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\y.xml
c:\documents and settings\teri\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-06 do 2011-04-06 )))))))))))))))))))))))))))))))
.
.
2011-04-06 18:53 . 2011-04-06 18:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\MpKsla8b82807.sys
2011-04-06 18:52 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\mpengine.dll
2011-04-06 17:11 . 2011-04-06 17:28 -------- d-----w- c:\program files\trend micro
2011-04-06 17:11 . 2011-04-06 17:28 -------- d-----w- C:\rsit
2011-03-12 18:41 . 2011-03-12 18:41 -------- d-----w- c:\program files\HP
2011-03-12 18:38 . 2005-12-17 05:56 2537304 ----a-w- c:\temp\HP_WebRelease\setup\sipm\HpTcpMon.exe
2011-03-12 18:37 . 2005-12-17 05:56 188416 ----a-w- c:\temp\HP_WebRelease\util\aio\hpopin05.exe
2011-03-12 18:36 . 2011-03-12 18:36 -------- d-----w- C:\Temp
2011-03-12 17:11 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-12 17:11 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-10 18:32 . 2011-03-10 18:32 -------- d-----w- c:\windows\Sun
2011-03-10 18:20 . 2011-03-10 18:20 -------- d-----w- c:\documents and settings\teri\Application Data\3M
2011-03-10 18:14 . 2011-03-10 18:14 -------- d-----w- c:\documents and settings\teri\Application Data\Diary
2011-03-09 14:19 . 2011-03-09 14:19 -------- d-----w- c:\documents and settings\teri\Application Data\Apple Computer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-10-26 16:35 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-06 10:36 . 2011-03-06 10:36 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-10-20 14:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-10-20 14:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-24 21:54 . 2011-01-24 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-24 21:54 . 2011-01-24 21:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-01-26 15:26 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-13 08:47 . 2010-10-20 16:53 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-10-20 16:53 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-10-20 16:54 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-10-20 16:53 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-10-20 16:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-10-20 16:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-10-20 16:53 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-10-20 16:53 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-10-20 16:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Brothersoft\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-25 18789408]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4470600]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-08-13 1282048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\RM.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\Studio.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\umi.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 18:54 294608]
R1 MpKsla8b82807;MpKsla8b82807;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\MpKsla8b82807.sys [6.4.2011 20:53 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 18:54 17744]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [21.10.2010 20:15 40704]
S1 MpKsl0943c245;MpKsl0943c245;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85879FB2-996B-42B8-A2BD-413407E693F8}\MpKsl0943c245.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85879FB2-996B-42B8-A2BD-413407E693F8}\MpKsl0943c245.sys [?]
S1 MpKslb5474f22;MpKslb5474f22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8ACC6-F0EB-4DF8-BB87-AA0B8A847FEE}\MpKslb5474f22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8ACC6-F0EB-4DF8-BB87-AA0B8A847FEE}\MpKslb5474f22.sys [?]
S1 MpKslbf690dfa;MpKslbf690dfa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B47C05AA-E35D-488B-BCDB-071CA4DD11C1}\MpKslbf690dfa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B47C05AA-E35D-488B-BCDB-071CA4DD11C1}\MpKslbf690dfa.sys [?]
S1 MpKsld091c795;MpKsld091c795;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2D10B52-1C0D-41A6-98AB-6ECF217AFBDE}\MpKsld091c795.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2D10B52-1C0D-41A6-98AB-6ECF217AFBDE}\MpKsld091c795.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [5.1.2011 21:48 90112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.10.2010 17:13 1691480]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [20.10.2010 17:06 175104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5.1.2011 21:17 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5.1.2011 21:17 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5.1.2011 21:17 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5.1.2011 21:17 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5.1.2011 21:17 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5.1.2011 21:17 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5.1.2011 21:17 109864]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLA8B82807
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-04-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
2011-04-06 c:\windows\Tasks\User_Feed_Synchronization-{6413052A-4FE1-416F-965E-4C7E8AAE14C6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Double Driver_is1 - c:\ovladače\Double Driver\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????z??????????????????????????????????????????|???x????????????v?|????????x????v??????|????????x?|????????????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-06 21:30:13
ComboFix-quarantined-files.txt 2011-04-06 19:30
.
Před spuštěním: 197 507 936 256 bytes free
Po spuštění: Volných bajtů: 199 450 820 608
.
- - End Of File - - 9C0DFCF6DD4489CC4EDFEC84F7D397A1

co bych s tím měla dělat dál? je už tímto problém vyřešený? díky

Re: kontrola RSIT

Napsal: 06 dub 2011 21:22
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: kontrola RSIT

Napsal: 07 dub 2011 18:49
od terihostak
teď mi to napsalo tohle:

ComboFix 11-04-06.03 - teri 07.04.2011 19:16:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1013.423 [GMT 2:00]
Spuštěný z: c:\documents and settings\teri\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\teri\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_2a.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-07 do 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 16:57 . 2011-04-07 16:57 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\MpKsle6a08c3f.sys
2011-04-06 18:52 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\mpengine.dll
2011-04-06 17:11 . 2011-04-06 17:28 -------- d-----w- c:\program files\trend micro
2011-04-06 17:11 . 2011-04-06 17:28 -------- d-----w- C:\rsit
2011-03-12 18:41 . 2011-03-12 18:41 -------- d-----w- c:\program files\HP
2011-03-12 18:38 . 2005-12-17 05:56 2537304 ----a-w- c:\temp\HP_WebRelease\setup\sipm\HpTcpMon.exe
2011-03-12 18:37 . 2005-12-17 05:56 188416 ----a-w- c:\temp\HP_WebRelease\util\aio\hpopin05.exe
2011-03-12 18:36 . 2011-03-12 18:36 -------- d-----w- C:\Temp
2011-03-12 17:11 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-12 17:11 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-10 18:32 . 2011-03-10 18:32 -------- d-----w- c:\windows\Sun
2011-03-10 18:20 . 2011-03-10 18:20 -------- d-----w- c:\documents and settings\teri\Application Data\3M
2011-03-10 18:14 . 2011-03-10 18:14 -------- d-----w- c:\documents and settings\teri\Application Data\Diary
2011-03-09 14:19 . 2011-03-09 14:19 -------- d-----w- c:\documents and settings\teri\Application Data\Apple Computer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-10-26 16:35 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-06 10:36 . 2011-03-06 10:36 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-10-20 14:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-10-20 14:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-24 21:54 . 2011-01-24 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-24 21:54 . 2011-01-24 21:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-01-26 15:26 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-13 08:47 . 2010-10-20 16:53 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-10-20 16:53 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-10-20 16:54 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-10-20 16:53 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-10-20 16:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-10-20 16:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-10-20 16:53 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-10-20 16:53 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-10-20 16:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-06_19.22.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-07 16:57 . 2011-04-07 16:57 16384 c:\windows\Temp\Perflib_Perfdata_994.dat
+ 2008-04-14 12:00 . 2011-04-07 17:01 67646 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-04-06 18:42 67646 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-04-07 17:01 432690 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-06 18:42 432690 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Brothersoft\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-25 18789408]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4470600]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-08-13 1282048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\RM.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\Studio.exe"=
"c:\\Documents and Settings\\All Users\\PinnacleExtractor\\Programs\\umi.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 18:54 294608]
R1 MpKsle6a08c3f;MpKsle6a08c3f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-95FF-B653FB6E638B}\MpKsle6a08c3f.sys [7.4.2011 18:57 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 18:54 17744]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [21.10.2010 20:15 40704]
S1 MpKsl0943c245;MpKsl0943c245;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85879FB2-996B-42B8-A2BD-413407E693F8}\MpKsl0943c245.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85879FB2-996B-42B8-A2BD-413407E693F8}\MpKsl0943c245.sys [?]
S1 MpKslb5474f22;MpKslb5474f22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8ACC6-F0EB-4DF8-BB87-AA0B8A847FEE}\MpKslb5474f22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8ACC6-F0EB-4DF8-BB87-AA0B8A847FEE}\MpKslb5474f22.sys [?]
S1 MpKslbf690dfa;MpKslbf690dfa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B47C05AA-E35D-488B-BCDB-071CA4DD11C1}\MpKslbf690dfa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B47C05AA-E35D-488B-BCDB-071CA4DD11C1}\MpKslbf690dfa.sys [?]
S1 MpKsld091c795;MpKsld091c795;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2D10B52-1C0D-41A6-98AB-6ECF217AFBDE}\MpKsld091c795.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2D10B52-1C0D-41A6-98AB-6ECF217AFBDE}\MpKsld091c795.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [5.1.2011 21:48 90112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.10.2010 17:13 1691480]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [20.10.2010 17:06 175104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5.1.2011 21:17 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5.1.2011 21:17 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5.1.2011 21:17 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5.1.2011 21:17 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5.1.2011 21:17 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5.1.2011 21:17 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5.1.2011 21:17 109864]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLE6A08C3F
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6413052A-4FE1-416F-965E-4C7E8AAE14C6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????z??????????????????????????????????????????|???x????????????v?|????????x????v??????|????????x?|????????????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-07 19:42:46
ComboFix-quarantined-files.txt 2011-04-07 17:42
ComboFix2.txt 2011-04-06 19:30
.
Před spuštěním: 199 369 637 888 bytes free
Po spuštění: Volných bajtů: 199 342 460 928
.
- - End Of File - - C0895747E031D026BB68476A6583F9D1

Re: kontrola RSIT

Napsal: 07 dub 2011 19:02
od Rudy
Smazáno, log již vypadá čistý. Nastala nějaká změna?

Re: kontrola RSIT

Napsal: 07 dub 2011 19:28
od terihostak
no chvíli se zdálo, že je to dobry, myslim, ze je pocitac i rychlejsi, ale ted mi zase hlasil Avast podezrele soubory, tak nevim :/

Re: kontrola RSIT

Napsal: 07 dub 2011 19:44
od Rudy
O jaké jde soubory?

Re: kontrola RSIT

Napsal: 07 dub 2011 20:09
od terihostak
doslova mi to píše toto:

C:\Dokuments and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38FD1B70-CF6B-4F29-

a je to schopny mi to hlasit treba 6x za den...

Re: kontrola RSIT

Napsal: 07 dub 2011 21:12
od Rudy
Pokud používáte Avast a MS Antimalware, pak se nedivte. Programy se bijí. Doporučuji si ponechat Avast a MS AntiMalware odinstalovat. Pokud jste tak již učinil, soubor smažte.

Re: kontrola RSIT

Napsal: 07 dub 2011 21:24
od terihostak
aha tak tim to asi bude ;) děkuju mockrát za pomoc!! ;)

Re: kontrola RSIT

Napsal: 07 dub 2011 21:57
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz