kis2009 oznamuje škodlivý kód Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 13:49

Zdravím,
KIS 2009 oznamuje, že MF obsahuje škodlivý kod http://www - co s tím - jak se toho zbavit?

/upraven odkaz na zavirovanou stránku.memphisto
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Reklama
Uživatelský avatar
alenka_v_říši_divů
Level 6
Level 6
Příspěvky: 3201
Registrován: únor 09
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje: http://jl.chura.pl/rc

Příspěvekod alenka_v_říši_divů » 04 dub 2009 13:53

a kde je ten HJT? :) vlož log.....

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje: http://jl.chura.pl/rc

Příspěvekod Dubák » 04 dub 2009 14:01

pardon!
Zde prosím:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:06, on 4.4.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
D:\Moje instal\VISTA\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do blokovaných reklamních lišt - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statisktika ochrany webového provozu - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c986f9749acad0) (gupdate1c986f9749acad0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9362 bytes
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 16:01

je v tom pc něco?
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod jaro3 » 04 dub 2009 16:19

Nic tam nevidím, napiš zda je vista 32 nebo 64bit.
Fixni:

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O13 - Gopher Prefix:


toto je důvěryhodná stránka:
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll ?
Já to neznám.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 16:21

VHP 32
je to stránka s rodokmeny
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod jaro3 » 04 dub 2009 16:31

Vypni rez. ochrany +firewall u KIS.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 16:52

Tak celej log se nevejde do odpovědi!!! nelze odpověd odeslat - příliš mnoho znaků.
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 17:00

Takže jen výběr - tedy je pokud bude k něčemu dobrej:


ComboFix 09-04-03.01 - Dubak J 2009-04-04 16:35:54.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2046.695 [GMT 2:00]
Spuštěný z: c:\users\Dubak J\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-04 do 2009-04-04 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 14:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-04 13:56 --------- d-----w c:\programdata\Kaspersky Lab
2009-04-04 13:52 907,472 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-04 13:52 761,888 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-04 13:52 67,212,576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-04 13:52 5,780 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-04 11:36 --------- d-----w c:\program files\FlashGet
2009-04-04 11:17 2,359,296 --sha-w c:\users\Míra\ntuser.dat
2009-04-04 11:17 2,359,296 --sha-w c:\users\Míra\ntuser.dat
2009-04-04 09:34 152,105 ----a-w c:\users\Dubak J\AppData\Roaming\nvModes.dat
2009-04-04 08:43 --------- d-----w c:\program files\StrongDC
2009-04-04 08:20 --------- d-----w c:\program files\Common Files\Intel
2009-04-04 07:40 --------- d-----w c:\program files\Google
2009-04-03 17:23 --------- d-----w c:\users\Dubak J\AppData\Roaming\Malwarebytes
2009-04-03 17:23 --------- d-----w c:\programdata\Malwarebytes
2009-04-03 15:48 --------- d-----w c:\users\Dubak J\AppData\Roaming\Skype
2009-04-02 16:03 --------- d-----w c:\users\Dubak J\AppData\Roaming\SlySoft
2009-04-02 15:56 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-02 15:56 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-02 15:56 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-30 10:59 --------- d-----w c:\programdata\Skype
2009-03-30 10:59 --------- d-----r c:\program files\Skype
2009-03-29 18:12 --------- d-----w c:\program files\ICQ6
2009-03-29 18:11 --------- d-----w c:\users\Míra\AppData\Roaming\Skype
2009-03-29 17:19 --------- d-----w c:\users\Míra\AppData\Roaming\Mozilla
2009-03-27 12:12 --------- d-----w c:\programdata\Microsoft Help
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 20:39 --------- d-----w c:\program files\Java
2009-03-22 20:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 19:32 --------- d-----w c:\users\Dubak J\AppData\Roaming\GHISLER
2009-03-22 17:24 --------- d-s---w c:\users\Míra\AppData\Roaming\Microsoft
2009-03-22 17:22 --------- d-----w c:\users\Míra\AppData\Roaming\Zoner
2009-03-22 16:51 --------- d-----w c:\program files\Fotolab
2009-03-22 16:50 --------- d-----w c:\program files\Fotostar
2009-03-15 14:17 --------- d-----w c:\program files\CD-LabelPrint
2009-03-14 08:27 --------- d-----w c:\program files\Nokia
2009-03-14 08:27 --------- d-----w c:\program files\Common Files\Nokia
2009-03-14 08:25 --------- d-----w c:\programdata\Nokia
2009-03-14 08:24 --------- d-----w c:\programdata\Installations
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 10:41 --------- d-----w c:\program files\LogMeIn
2009-02-27 09:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 14:40 --------- d-----w c:\program files\Enterra
2009-02-20 14:16 --------- d-----w c:\programdata\eSellerate
2009-02-17 17:11 24,232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 89,256 ----a-w c:\windows\System32\ElbyCDIO.dll
2009-02-09 01:59 2,028,032 ----a-w c:\windows\System32\win32k.sys
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-24 07:46 55,272 ----a-w c:\users\Míra\AppData\Roaming\nvModes.dat
2008-12-13 11:38 174 --sha-w c:\program files\desktop.ini
2008-10-25 08:07 55,303 ----a-w c:\users\Jakub\AppData\Roaming\nvModes.dat
2008-09-20 18:33 22,328 ----a-w c:\users\Dubak J\AppData\Roaming\PnkBstrK.sys
2008-03-15 07:36 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-15 07:36 32 ----a-w c:\programdata\ezsid.dat
2007-08-09 12:08 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2008-03-14 16:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 16:29 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 16:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-12-19 13:20 64,728,864 --sha-w c:\windows\System32\drivers\fidbox(151).dat
2008-06-30 10:16 31,759,648 --sha-w c:\windows\System32\drivers\fidbox(163).dat
2008-05-15 17:28 22,312,224 --sha-w c:\windows\System32\drivers\fidbox(164).dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-04_13.20.40,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-04 14:29:55 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-04-04 14:29:56 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-04 14:29:56 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-04-04 14:29:56 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-04-04 14:29:56 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-04-04 14:29:55 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-04-04 14:29:56 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-04-04 14:29:57 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-04-04 14:29:57 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-04-04 14:30:08 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-04-04 14:29:58 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-04-04 14:29:58 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-04-04 14:29:59 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-04-04 14:29:59 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-04-04 14:29:55 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-04-04 14:31:24 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-04-04 14:29:54 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-04-04 14:31:24 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-04-04 14:29:55 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-04-04 14:30:00 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-04-04 14:30:09 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-04-04 14:29:54 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-04-04 14:30:10 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-04-04 14:30:11 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-04-04 14:31:24 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-04-04 14:30:00 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-04-04 14:31:24 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-04-04 14:30:18 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-04-04 14:31:25 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-04-04 14:30:19 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-04-04 14:30:01 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-04-04 14:29:54 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-04-04 14:30:01 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2009-04-03 19:04:17 4,132 ----a-w c:\windows\bthservsdp.dat
+ 2009-04-04 13:51:50 4,132 ----a-w c:\windows\bthservsdp.dat
+ 2009-04-04 14:35:40 6,295,552 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-07-29 21:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 21:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 21:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 21:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 21:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 21:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 21:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 21:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 21:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 16:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 16:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 16:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 16:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 16:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 16:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 16:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 16:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 16:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 16:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 16:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 16:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 16:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 16:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 16:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 16:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 16:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 16:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll


((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-26 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-21 4608]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2008-04-22 22237184]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-19 5244928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 201992]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-30 57344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2009-01-30 00:20 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-26 16:16 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RCApp"=c:\program files\gigabyte\RCApp\U7000RCApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2469910441-1435336178-266847045-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06CBBD27-A56E-4C2C-A542-718EE0CCF3B9}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{3744BF4B-D773-4673-9323-C928F88C923D}"= UDP:c:\hry\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{F1726235-909A-4818-ACB5-9B47F79A258B}"= TCP:c:\hry\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{D13A2564-2B6D-443E-9EDE-182E4EB1F2D4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{355F0755-ED1F-4181-8DF3-0064D366B894}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{40314862-2C7C-44C5-B59A-AD71FD14F24A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BEE5FEAA-2A48-46FA-A0A2-DDC5AB16FAA6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B7155A86-2B06-413E-B2D2-47CE9A0627B0}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8B3FA0F0-4FDD-40B5-957A-32ECDED58747}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D4D28157-37E4-40B1-B799-A85AFB27F70E}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E9F557-1472-492B-8079-2D3DD869AE6A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{85919A7D-F3AF-4824-9EF4-F958CDD55287}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3880B066-0045-48D8-8C40-AC15DF41F0AF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6FD92E70-9198-45E7-AF0A-9B74818807D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{92A2C914-1086-4BCE-B9BD-0E88FC4095AB}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"UDP Query User{742BE937-C842-4B75-B4B7-9BD7C245122E}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {D93CF6CE-2BA9-48A7-B1A9-F7712EE92520}

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-02-26 70144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2008-03-22 47640]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\System32\drivers\ManyCam.sys [2008-01-14 21632]
R3 smscirrx;SMSC CIR Receive;c:\windows\System32\drivers\smscirrx.sys [2008-02-26 40448]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" --> c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [?]
S2 gupdate1c986f9749acad0;Google Update Service (gupdate1c986f9749acad0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [2007-08-24 15872]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [2006-11-14 13056]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\System32\drivers\usb2vcom.sys [2008-05-18 22760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:50]

2009-04-04 c:\windows\Tasks\User_Feed_Synchronization-{9811272B-09FF-4641-87FB-AF560C7F43F5}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
FF - ProfilePath - c:\users\Dubak J\AppData\Roaming\Mozilla\Firefox\Profiles\zjdljbjs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.novinky.cz/
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\users\Dubak J\AppData\Roaming\Mozilla\Firefox\Profiles\zjdljbjs.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 16:40:06
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-04-04 16:41:55
ComboFix-quarantined-files.txt 2009-04-04 14:41:51
ComboFix2.txt 2009-04-04 11:22:10

Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 79,532,507,136

1955 --- E O F --- 2009-04-04 14:33:27
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod jaro3 » 04 dub 2009 17:50

Mohl jsi dát ten log na dvakrát, nebo někam na server s odkazem na stáhnutí...
Nic závadného tam nevidím.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 18:09

ComboFix 09-04-03.01 - Dubak J 2009-04-04 17:59:25.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2046.1111 [GMT 2:00]
Spuštěný z: c:\users\Dubak J\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dubak J\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-04 do 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-04 17:56 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-04 16:21 . 2009-04-04 16:24 41,484,288 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-04-04 16:21 . 2009-04-04 16:24 196,608 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-04-04 16:21 . 2009-04-04 16:24 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-04-04 12:54 . 2009-04-04 12:54 <DIR> d-------- C:\rsit
2009-04-04 12:11 . 2009-04-04 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 12:11 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-04 12:11 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-04 10:20 . 2009-04-04 10:20 <DIR> d-------- c:\program files\Common Files\Intel
2009-04-03 19:23 . 2009-04-03 19:23 <DIR> d-------- c:\users\Dubak J\AppData\Roaming\Malwarebytes
2009-04-03 19:23 . 2009-04-03 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-03 19:23 . 2009-04-03 19:23 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 18:03 . 2009-04-02 18:03 <DIR> d-------- c:\users\Dubak J\AppData\Roaming\SlySoft
2009-04-02 17:56 . 2009-04-04 14:51 3,994 --a------ c:\windows\System32\%LocalXml%
2009-03-22 19:22 . 2009-03-22 19:22 <DIR> d-------- c:\users\Míra\AppData\Roaming\Zoner
2009-03-22 18:51 . 2009-03-22 18:51 <DIR> d-------- c:\program files\Fotolab
2009-03-22 18:50 . 2009-03-22 18:50 <DIR> d-------- c:\program files\Fotostar
2009-03-15 16:14 . 2009-03-15 16:17 <DIR> d-------- c:\program files\CD-LabelPrint
2009-03-14 10:25 . 2009-03-14 10:25 <DIR> d-------- c:\users\All Users\Nokia
2009-03-14 10:25 . 2009-03-14 10:25 <DIR> d-------- c:\programdata\Nokia
2009-03-11 19:10 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 19:10 . 2009-02-09 03:59 2,028,032 --a------ c:\windows\System32\win32k.sys
2009-03-11 19:10 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-11 19:10 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 19:10 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 19:10 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 20:15 . 2009-03-10 20:15 23 --a------ c:\windows\System32\abbadabbf0_r.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 15:56 770,080 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-04 15:56 5,808 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-04 15:10 --------- d-----w c:\programdata\Kaspersky Lab
2009-04-04 15:08 907,472 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-04 15:08 67,212,576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-04 11:36 --------- d-----w c:\program files\FlashGet
2009-04-04 11:17 2,359,296 --sha-w c:\users\Míra\ntuser.dat
2009-04-04 11:17 2,359,296 --sha-w c:\users\Míra\ntuser.dat
2009-04-04 09:34 152,105 ----a-w c:\users\Dubak J\AppData\Roaming\nvModes.dat
2009-04-04 08:43 --------- d-----w c:\program files\StrongDC
2009-04-04 07:40 --------- d-----w c:\program files\Google
2009-04-03 15:48 --------- d-----w c:\users\Dubak J\AppData\Roaming\Skype
2009-04-02 15:56 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-02 15:56 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-02 15:56 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-30 10:59 --------- d-----w c:\programdata\Skype
2009-03-30 10:59 --------- d-----r c:\program files\Skype
2009-03-29 18:12 --------- d-----w c:\program files\ICQ6
2009-03-29 18:11 --------- d-----w c:\users\Míra\AppData\Roaming\Skype
2009-03-29 17:19 --------- d-----w c:\users\Míra\AppData\Roaming\Mozilla
2009-03-27 12:12 --------- d-----w c:\programdata\Microsoft Help
2009-03-24 20:39 --------- d-----w c:\program files\Java
2009-03-22 20:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 19:32 --------- d-----w c:\users\Dubak J\AppData\Roaming\GHISLER
2009-03-22 17:24 --------- d-s---w c:\users\Míra\AppData\Roaming\Microsoft
2009-03-22 17:22 --------- d-----w c:\users\Míra\AppData\Roaming\Zoner
2009-03-14 08:27 --------- d-----w c:\program files\Nokia
2009-03-14 08:27 --------- d-----w c:\program files\Common Files\Nokia
2009-03-14 08:24 --------- d-----w c:\programdata\Installations
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 10:41 --------- d-----w c:\program files\LogMeIn
2009-02-27 09:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 14:40 --------- d-----w c:\program files\Enterra
2009-02-20 14:16 --------- d-----w c:\programdata\eSellerate
2009-02-17 17:11 24,232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 89,256 ----a-w c:\windows\System32\ElbyCDIO.dll
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-24 07:46 55,272 ----a-w c:\users\Míra\AppData\Roaming\nvModes.dat
2008-12-13 11:38 174 --sha-w c:\program files\desktop.ini
2008-10-25 08:07 55,303 ----a-w c:\users\Jakub\AppData\Roaming\nvModes.dat
2008-09-20 18:33 22,328 ----a-w c:\users\Dubak J\AppData\Roaming\PnkBstrK.sys
2008-03-15 07:36 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-15 07:36 32 ----a-w c:\programdata\ezsid.dat
2007-08-09 12:08 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2008-03-14 16:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 16:29 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 16:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-12-19 13:20 64,728,864 --sha-w c:\windows\System32\drivers\fidbox(151).dat
2008-06-30 10:16 31,759,648 --sha-w c:\windows\System32\drivers\fidbox(163).dat
2008-05-15 17:28 22,312,224 --sha-w c:\windows\System32\drivers\fidbox(164).dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-04_16.40.46,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-04 15:19:23 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\47f30118e75b8c1f1cf45b7890cba42b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-04-04 15:19:23 1,843,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ec218c65098abe223dcf9922310a82af\Microsoft.Build.Engine.ni.dll
+ 2009-04-04 15:19:20 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\cf92ea4503dbd250eb6e33f99875df21\Microsoft.Build.Framework.ni.dll
+ 2009-04-04 15:19:26 1,978,368 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e13671170e88ffec80771019d4195642\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-04-04 15:19:27 188,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6378130563624354e426153a4433809e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-04-04 15:19:20 155,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\953baad822045a0a0fb17a52a12d047e\MSBuild.ni.exe
+ 2009-04-04 15:19:29 102,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\b54e197306bb20d84e05c54486566190\System.AddIn.Contract.ni.dll
+ 2009-04-04 15:19:28 692,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b2aab9aad62af21e2061927cd6a25b6c\System.AddIn.ni.dll
+ 2009-04-04 15:19:35 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\6c04da9ecd00a43eee25ff26101c1f99\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-04-04 15:19:35 2,486,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\615c4bf95d16632dd21ae82beb4e1c27\System.Core.ni.dll
+ 2009-04-04 15:19:36 180,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\22a076e2792ebba1a73b830efbd6f2e0\System.Data.DataSetExtensions.ni.dll
+ 2009-04-04 15:20:16 950,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\079df4625b45cc730532d6e06594a2b5\System.Data.Entity.Design.ni.dll
+ 2009-04-04 15:20:14 10,645,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\abbb6e7128065f848f18508521be0d35\System.Data.Entity.ni.dll
- 2009-04-04 13:51:50 4,132 ----a-w c:\windows\bthservsdp.dat
+ 2009-04-04 15:07:58 4,132 ----a-w c:\windows\bthservsdp.dat
- 2009-04-02 15:43:21 86,016 ----a-w c:\windows\inf\infpub.dat
+ 2009-04-04 15:57:47 86,016 ----a-w c:\windows\inf\infpub.dat
- 2009-04-02 15:43:21 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-04-04 15:57:47 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2009-04-04 13:54:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-04 15:10:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-04 13:54:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-04 15:10:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-04 13:55:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 15:10:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 15:10:45 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-04-04 13:55:35 524,288 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-04 15:10:40 524,288 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-04-04 14:33:27 2,276 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{380C7CA6-CA88-4DE8-8D63-F9FD91052B4E}.bin
+ 2009-04-04 16:03:14 2,276 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{380C7CA6-CA88-4DE8-8D63-F9FD91052B4E}.bin
- 2009-04-04 14:01:19 82,594 ----a-w c:\windows\System32\perfc005.dat
+ 2009-04-04 15:14:44 82,594 ----a-w c:\windows\System32\perfc005.dat
- 2009-04-04 14:01:19 104,768 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-04 15:14:44 104,768 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-04 14:01:19 476,852 ----a-w c:\windows\System32\perfh005.dat
+ 2009-04-04 15:14:44 476,852 ----a-w c:\windows\System32\perfh005.dat
- 2009-04-04 14:01:19 613,046 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-04 15:14:44 613,046 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-04 14:19:06 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-04-04 15:08:21 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-04-04 07:33:55 14,396 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2469910441-1435336178-266847045-1000_UserData.bin
+ 2009-04-04 15:12:08 14,396 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2469910441-1435336178-266847045-1000_UserData.bin
- 2009-04-04 13:56:44 111,342 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-04 15:12:08 111,396 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-04 13:56:42 52,278 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-04 15:12:06 52,326 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-04-04 14:32:44 104,857,391 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-04-04 15:07:56 104,857,391 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-26 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-21 4608]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2008-04-22 22237184]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-19 5244928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 201992]
"Enterra Icon Keeper"="c:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-30 57344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2009-01-30 00:20 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-26 16:16 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RCApp"=c:\program files\gigabyte\RCApp\U7000RCApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2469910441-1435336178-266847045-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06CBBD27-A56E-4C2C-A542-718EE0CCF3B9}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{3744BF4B-D773-4673-9323-C928F88C923D}"= UDP:c:\hry\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{F1726235-909A-4818-ACB5-9B47F79A258B}"= TCP:c:\hry\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{D13A2564-2B6D-443E-9EDE-182E4EB1F2D4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{355F0755-ED1F-4181-8DF3-0064D366B894}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{40314862-2C7C-44C5-B59A-AD71FD14F24A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BEE5FEAA-2A48-46FA-A0A2-DDC5AB16FAA6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B7155A86-2B06-413E-B2D2-47CE9A0627B0}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8B3FA0F0-4FDD-40B5-957A-32ECDED58747}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D4D28157-37E4-40B1-B799-A85AFB27F70E}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E9F557-1472-492B-8079-2D3DD869AE6A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{85919A7D-F3AF-4824-9EF4-F958CDD55287}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3880B066-0045-48D8-8C40-AC15DF41F0AF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6FD92E70-9198-45E7-AF0A-9B74818807D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{92A2C914-1086-4BCE-B9BD-0E88FC4095AB}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"UDP Query User{742BE937-C842-4B75-B4B7-9BD7C245122E}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {D93CF6CE-2BA9-48A7-B1A9-F7712EE92520}

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-02-26 70144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2008-03-22 47640]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\System32\drivers\ManyCam.sys [2008-01-14 21632]
R3 smscirrx;SMSC CIR Receive;c:\windows\System32\drivers\smscirrx.sys [2008-02-26 40448]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" --> c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [?]
S2 gupdate1c986f9749acad0;Google Update Service (gupdate1c986f9749acad0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [2007-08-24 15872]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [2006-11-14 13056]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\System32\drivers\usb2vcom.sys [2008-05-18 22760]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 20:50]

2009-04-04 c:\windows\Tasks\User_Feed_Synchronization-{9811272B-09FF-4641-87FB-AF560C7F43F5}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
FF - ProfilePath - c:\users\Dubak J\AppData\Roaming\Mozilla\Firefox\Profiles\zjdljbjs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.novinky.cz/
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\users\Dubak J\AppData\Roaming\Mozilla\Firefox\Profiles\zjdljbjs.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 18:03:51
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-04-04 18:05:55
ComboFix-quarantined-files.txt 2009-04-04 16:05:49
ComboFix2.txt 2009-04-04 14:41:57
ComboFix3.txt 2009-04-04 11:22:10

Před spuštěním: Volných bajtů: 78 967 361 536
Po spuštění: Volných bajtů: 78,909,341,696

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,8
289 --- E O F --- 2009-04-04 14:33:27
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.

Dubák
Level 2
Level 2
Příspěvky: 219
Registrován: červenec 06
Bydliště: podkrkonoší
Pohlaví: Muž
Stav:
Offline

Re: kis2009 oznamuje škodlivý kód

Příspěvekod Dubák » 04 dub 2009 18:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:34, on 4.4.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Moje instal\VISTA\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do blokovaných reklamních lišt - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statisktika ochrany webového provozu - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c986f9749acad0) (gupdate1c986f9749acad0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9354 bytes
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 8 hostů