chtěl bych zkontrolovat log v závislosti na tomto příspěvku: viewtopic.php?f=8&t=38949
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:35, on 1.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11395 bytes
***k tomuto logu mi to napsalo to, co zde přikládám na obrázku..tak jsem udělal ještě i log jako admin a je tam pár změn tak to zde taky přikládám:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:55, on 1.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11860 bytes
Díky za ochotu...moooc:)
kontrola logu.. Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Zítra..
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: kontrola logu..
Malwarebytes' Anti-Malware 1.35
Verze databáze: 1904
Windows 6.0.6001 Service Pack 1
2.4.2009 10:41:53
mbam-log-2009-04-02 (10-41-45).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62761
Uplynulý cas: 2 minute(s), 44 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\senekamwtmnenu.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\kr_done1 (Malware.Trace) -> No action taken.
C:\Windows\System32\senekamxbbctts.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\senekarukoiiyp.dat (Trojan.Agent) -> No action taken.
Verze databáze: 1904
Windows 6.0.6001 Service Pack 1
2.4.2009 10:41:53
mbam-log-2009-04-02 (10-41-45).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62761
Uplynulý cas: 2 minute(s), 44 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\senekamwtmnenu.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\kr_done1 (Malware.Trace) -> No action taken.
C:\Windows\System32\senekamxbbctts.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\senekarukoiiyp.dat (Trojan.Agent) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM
Vypni rez. ochranu u Norton/Symantec.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM
Vypni rez. ochranu u Norton/Symantec.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: kontrola logu..
ok, provedu..vše vložím večer..:)dík
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: kontrola logu..
Výpis z Antimalwaru:
Malwarebytes' Anti-Malware 1.35
Verze databáze: 1904
Windows 6.0.6001 Service Pack 1
2.4.2009 19:51:57
mbam-log-2009-04-02 (19-51-57).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62622
Uplynulý cas: 2 minute(s), 23 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekamwtmnenu.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\senekamxbbctts.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekarukoiiyp.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Výpis z Combofixu:
ComboFix 09-04-01.01 - Ondra 2009-04-02 19:56:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1935 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-02 do 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 21:29 . 2008-10-23 23:14 239,863 --a------ c:\windows\System32\ati2sgav.exe
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-08 22:46 0 ----a-w c:\users\Ondra\AppData\Roaming\wklnhst.dat
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-10-23 239863]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{194e53e3-f27d-11dd-ac4b-001e688f44b3}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-02 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:02:13
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3288)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
.
Celkový čas: 2009-04-02 20:03:38
ComboFix-quarantined-files.txt 2009-04-02 19:03:32
Před spuštěním: 28 701 614 080 bytes free
Po spuštění: 28,681,854,976 bytes free
305 --- E O F --- 2009-03-24 16:02:20
Malwarebytes' Anti-Malware 1.35
Verze databáze: 1904
Windows 6.0.6001 Service Pack 1
2.4.2009 19:51:57
mbam-log-2009-04-02 (19-51-57).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62622
Uplynulý cas: 2 minute(s), 23 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekamwtmnenu.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\senekamxbbctts.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekarukoiiyp.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Výpis z Combofixu:
ComboFix 09-04-01.01 - Ondra 2009-04-02 19:56:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1935 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-02 do 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 21:29 . 2008-10-23 23:14 239,863 --a------ c:\windows\System32\ati2sgav.exe
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-08 22:46 0 ----a-w c:\users\Ondra\AppData\Roaming\wklnhst.dat
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-10-23 239863]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{194e53e3-f27d-11dd-ac4b-001e688f44b3}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-02 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:02:13
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3288)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
.
Celkový čas: 2009-04-02 20:03:38
ComboFix-quarantined-files.txt 2009-04-02 19:03:32
Před spuštěním: 28 701 614 080 bytes free
Po spuštění: 28,681,854,976 bytes free
305 --- E O F --- 2009-03-24 16:02:20
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
Script vložím zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\QBChanUtil_Trigger.ini
c:\windows\System32\SetDepNx.exe
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\users\Ondra\AppData\Roaming\wklnhst.dat
c:\program files\desktop.ini
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{194e53e3-f27d-11dd-ac4b-001e688f44b3}]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\QBChanUtil_Trigger.ini
c:\windows\System32\SetDepNx.exe
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: kontrola logu..
Virustotal-nejde mi net(viz první přispěvek-link)
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:57, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10943 bytes
Log z Combofixu:
ComboFix 09-04-01.01 - Ondra 2009-04-03 10:20:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1679 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: F:\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\program files\desktop.ini
c:\users\Ondra\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\desktop.ini
c:\users\Ondra\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\programdata\WindowsSearch
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 21:29 . 2008-10-23 23:14 239,863 --a------ c:\windows\System32\ati2sgav.exe
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.02.49,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-02 18:56:27 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-02 18:53:52 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-02 18:58:42 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-03 09:22:32 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-02 18:58:42 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-03 09:22:32 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-02 18:46:53 298,378 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-04-03 09:18:55 299,274 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-10-23 239863]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 10:22:30
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-04-03 10:23:43
ComboFix-quarantined-files.txt 2009-04-03 09:23:40
ComboFix2.txt 2009-04-02 19:03:40
Před spuštěním: 27 734 413 312 bytes free
Po spuštění: 27,699,716,096 bytes free
320 --- E O F --- 2009-03-24 16:02:20
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:57, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10943 bytes
Log z Combofixu:
ComboFix 09-04-01.01 - Ondra 2009-04-03 10:20:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1679 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: F:\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\program files\desktop.ini
c:\users\Ondra\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\desktop.ini
c:\users\Ondra\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\programdata\WindowsSearch
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 21:29 . 2008-10-23 23:14 239,863 --a------ c:\windows\System32\ati2sgav.exe
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.02.49,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-02 18:56:27 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-02 18:53:52 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-02 18:58:42 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-03 09:22:32 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-02 18:58:42 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-03 09:22:32 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-02 18:46:53 298,378 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-04-03 09:18:55 299,274 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-10-23 239863]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 10:22:30
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-04-03 10:23:43
ComboFix-quarantined-files.txt 2009-04-03 09:23:40
ComboFix2.txt 2009-04-02 19:03:40
Před spuštěním: 27 734 413 312 bytes free
Po spuštění: 27,699,716,096 bytes free
320 --- E O F --- 2009-03-24 16:02:20
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
Omlouvám se , zapomněl jsem na jednoho trojana...
Takže ještě jeden script v CF , postup stejný:
Zase log z Cf a HJT.
Takže ještě jeden script v CF , postup stejný:
Kód: Vybrat vše
File::
c:\windows\system32\ati2sgav.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"=-Zase log z Cf a HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: kontrola logu..
Takže log z Combofixu:
ComboFix 09-04-01.01 - Ondra 2009-04-03 19:13:37.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1606 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\ati2sgav.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ati2sgav.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\programdata\WindowsSearch
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.02.49,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-02 18:56:27 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-02 18:53:52 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-02 18:58:42 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-03 09:22:32 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-02 18:58:42 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-03 09:22:32 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-02 18:46:53 298,378 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-04-03 18:10:46 299,994 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 19:15:00
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-04-03 19:16:10
ComboFix-quarantined-files.txt 2009-04-03 18:16:07
ComboFix2.txt 2009-04-03 09:23:44
ComboFix3.txt 2009-04-02 19:03:40
Před spuštěním: 27 105 144 832 bytes free
Po spuštění: 27,071,356,928 bytes free
316 --- E O F --- 2009-03-24 16:02:20
***Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:49, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10762 bytes
***Už je to všecko OK nebo nějaké fixy v hjt musím udělat? mám problém s Symantecem(norton antivrus) v menu, když kliknu pravým na nějaký soubor, viz: viewtopic.php?f=39&t=39064
díky
ComboFix 09-04-01.01 - Ondra 2009-04-03 19:13:37.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2814.1606 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\ati2sgav.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ati2sgav.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-04-02 20:02 . 2009-04-02 20:02 <DIR> d-------- c:\programdata\WindowsSearch
2009-04-02 10:31 . 2009-04-02 10:31 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Malwarebytes
2009-04-02 10:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-02 10:30 . 2009-04-02 10:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 10:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-31 22:47 . 2009-03-31 22:47 <DIR> d-------- c:\users\Ondra\AppData\Roaming\MathWorks
2009-03-31 22:30 . 2004-03-01 23:05 407,104 --a------ c:\windows\System32\MSHFLXGD.OCX
2009-03-31 22:29 . 2009-03-31 22:29 645,120 --a------ c:\windows\System32\config.gms
2009-03-31 22:07 . 2009-03-31 22:07 <DIR> d-------- c:\program files\MATLAB
2009-03-29 10:07 . 2009-03-29 10:07 <DIR> d-------- c:\users\Ondra\AppData\Roaming\My Games
2009-03-28 10:56 . 2009-03-28 10:56 <DIR> d-------- c:\users\Ondra\AppData\Roaming\InstallShield
2009-03-28 10:12 . 2009-03-28 10:12 <DIR> d-------- c:\program files\Firaxis Games
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Atari
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-27 12:26 . 2009-03-27 12:26 <DIR> d-------- c:\programdata\FLEXnet
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\users\All Users\ALM
2009-03-27 03:02 . 2009-03-27 03:02 <DIR> d-------- c:\programdata\ALM
2009-03-27 02:55 . 2009-03-27 02:55 <DIR> d-------- C:\perflogs
2009-03-27 02:48 . 2009-03-27 02:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-27 02:29 . 2009-03-27 14:05 <DIR> d-------- c:\users\Ondra\AppData\Roaming\TOSHIBA
2009-03-21 18:04 . 2009-03-21 18:04 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WildTangent
2009-03-20 15:40 . 2009-03-20 15:40 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-03-20 15:39 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\System32\cdintf300.dll
2009-03-20 15:39 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\System32\acXMLParser.dll
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\users\All Users\Intuit
2009-03-20 15:34 . 2009-03-21 21:08 <DIR> d-------- c:\programdata\Intuit
2009-03-20 15:34 . 2009-03-20 15:37 <DIR> d-------- c:\program files\Common Files\Intuit
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\users\All Users\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\SQL Anywhere 10
2009-03-20 15:33 . 2009-03-20 15:33 <DIR> d-------- c:\programdata\COMMON FILES
2009-03-20 15:33 . 2009-03-20 15:39 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-03-20 14:38 . 2009-03-20 14:57 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Download Manager
2009-03-20 14:36 . 2009-03-20 14:36 <DIR> d-------- c:\users\Ondra\AppData\Roaming\WinBatch
2009-03-17 16:08 . 2009-03-17 16:08 <DIR> d-------- C:\PFiles
2009-03-15 13:19 . 2009-03-15 13:23 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Hamachi
2009-03-15 13:18 . 2009-03-30 10:11 <DIR> d-------- c:\program files\Hamachi
2009-03-15 13:18 . 2009-03-15 13:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\users\All Users\TrackMania
2009-03-14 15:34 . 2009-03-27 16:20 <DIR> d-------- c:\programdata\TrackMania
2009-03-12 21:41 . 2009-03-12 21:41 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Leadertech
2009-03-12 21:33 . 2009-03-12 21:33 <DIR> d-------- c:\program files\EA Sports
2009-03-12 21:33 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-12 21:33 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-12 21:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-12 21:33 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-12 21:33 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-12 21:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-12 21:33 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-12 21:33 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-12 21:33 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-12 21:33 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-12 19:43 . 2009-03-12 19:43 <DIR> dr------- c:\program files\Skype
2009-03-11 09:26 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:26 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-09 00:27 . 2009-03-09 00:27 <DIR> d-------- c:\windows\System32\Adobe
2009-03-03 23:08 . 2009-03-03 23:08 <DIR> d-------- c:\users\Ondra\AppData\Roaming\Desktopicon
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\users\All Users\Google Updater
2009-03-03 00:14 . 2009-04-02 19:56 <DIR> d-------- c:\programdata\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 09:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 09:11 --------- d-----w c:\users\Ondra\AppData\Roaming\uTorrent
2009-03-30 09:11 --------- d-----w c:\programdata\Symantec
2009-03-30 09:11 --------- d-----w c:\program files\Norton 360
2009-03-28 22:41 --------- d-----w c:\users\Ondra\AppData\Roaming\Skype
2009-03-28 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 11:38 --------- d-----w c:\program files\Java
2009-03-27 02:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 01:28 --------- d-----w c:\users\Ondra\AppData\Roaming\CyberLink
2009-03-22 00:23 --------- d-----w c:\users\Ondra\AppData\Roaming\ICQ
2009-03-21 20:19 --------- d-----w c:\program files\ICQ6.5
2009-03-21 17:14 --------- d-----w c:\programdata\WildTangent
2009-03-21 17:08 --------- d-----w c:\program files\TOSHIBA Games
2009-03-20 14:34 --------- d-----w c:\program files\Intuit
2009-03-15 18:14 --------- d-----w c:\users\Ondra\AppData\Roaming\BSplayer
2009-03-12 18:43 --------- d-----w c:\programdata\Skype
2009-03-12 18:35 --------- d-----w c:\users\Ondra\AppData\Roaming\skypePM
2009-03-12 02:06 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 19:16 --------- d-----w c:\program files\Opera
2009-03-03 16:14 --------- d-----w c:\program files\ParadisePoker
2009-03-02 23:15 --------- d-----w c:\program files\Google
2009-02-28 12:26 --------- d-----w c:\program files\QIP Infium
2009-02-27 07:49 --------- d-----w c:\program files\QIP
2009-02-26 07:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 11:52 --------- d-----w c:\program files\Trend Micro
2009-02-19 10:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 10:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 13:45 --------- d-----w c:\program files\Common Files\Real
2009-02-16 13:44 --------- d-----w c:\program files\Real
2009-02-16 13:43 --------- d-----w c:\program files\QuickTime
2009-02-16 13:42 --------- d-----w c:\programdata\Apple Computer
2009-02-15 12:33 --------- d-----w c:\program files\VideoLAN
2009-02-06 14:44 --------- d-----w c:\program files\CCleaner
2009-02-06 14:37 --------- d-----w c:\program files\RocketDock
2009-02-06 13:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 10:58 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 10:57 --------- d-----w c:\programdata\ICQ
2009-02-04 10:33 --------- d-----w c:\programdata\CyberLink
2009-02-04 10:31 --------- d-----w c:\users\Ondra\AppData\Roaming\QIP
2009-02-04 05:37 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Lite
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-02-04 05:35 --------- d-----w c:\users\Ondra\AppData\Roaming\DAEMON Tools
2009-02-04 05:35 --------- d-----w c:\programdata\DAEMON Tools Lite
2009-02-04 05:34 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-04 05:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-31 01:00 81,920 ----a-w c:\windows\System32\winlogon2.exe
2009-01-28 12:54 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-28 12:54 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.02.49,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-02 18:56:27 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-02 18:53:52 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-02 18:56:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-02 18:53:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-02 18:58:42 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-03 09:22:32 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-02 18:58:42 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-03 09:22:32 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-02 18:46:53 298,378 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-04-03 18:10:46 299,994 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-02-12 5213184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 185896]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-04-25 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E6B1DE0-8E96-4194-854F-40E974BE9EE7}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0712168B-6F32-423A-968F-FDC3360649D5}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{619F849F-5277-42E3-8754-2B11140B957C}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4B4AB1DE-7168-4369-AC35-83FE01A2F921}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A166E3B6-6763-4B2F-8416-3F3713C06701}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{066F72DB-86CF-4934-8E0F-4534224D9726}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7073FC43-6338-4DCA-ACBB-28B76C0A7045}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80045572-BA77-4DC1-A191-FF676D78D63E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{24E4588B-7CC2-49A0-B5A4-3AF7F85C53FB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2EDE9FC7-819E-4B1F-BE5E-B30F3E741B21}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADCFE833-358B-48C0-BBF2-CBC3727D5770}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{389EC6F9-18E5-42E6-89FA-A24D378E9083}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1DDB885-3A5A-4624-A02E-C220BEE3EEF7}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{932E7906-8F15-467A-972A-95B8E3B7DEBA}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D32CE533-34E5-495C-B461-192B10E3CE27}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{61904C66-31CC-411C-927E-C41774E0A480}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64A895D6-26AA-4F58-A2A5-CE77DD7714DC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DCD4BA18-682A-4E8A-8CE7-F34D0C9E0451}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{60CBE4F4-67A1-4C47-8434-E56E9C682825}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{40277A25-ABE7-4101-B8A7-D5CB70A21B2C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C57A115-9EC5-4905-B405-B8DCDF9C1286}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6196FA52-C9E9-4AE7-9673-6650C8C1D39B}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C5935289-73E0-4DCB-8FE0-A15480F37048}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{3666560E-8178-4730-BA73-B5B0468624CE}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{B7CE4EC5-53B6-4A08-803C-BAB69C923E61}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{72C8B194-C33E-4F7E-AAF9-ED970E433EC3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FB870E88-18DC-42D6-9240-4B18BDD51D62}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FD48D27B-9C0E-4DA1-A71D-1F6B87FD1D98}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C02807DF-4CC4-4B68-B1C8-3C561495F761}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{8145EE18-0263-4BE1-8332-CB606F652E90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A16B3CF-450E-420C-A22A-15CAAB94E520}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6B8BAD8-6A32-46D2-8997-339EF91E9020}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{641B1A5D-72EA-4E36-933C-D82EDFFAD09C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{577CD90E-D762-4D7B-9BC1-20818CF3B4FE}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{5DC583C5-F3A4-49DA-A8AC-82DD1F0CA1E2}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{2E2382C1-CD36-4A2F-A432-F5F362E2C823}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{443327CC-0D3A-464D-AAC6-155645ED0FC7}c:\\users\\ondra\\appdata\\local\\opera\\opera\\profile\\cache4\\temporary_download\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\appdata\local\opera\opera\profile\cache4\temporary_download\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{DD21D10B-6F20-4BFF-A8FE-7BF84A9FE1CC}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= UDP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"UDP Query User{896CA81A-9927-4654-81CE-BBC43F9FFD5C}c:\\users\\ondra\\desktop\\keygen_mathworks.matlab.r2008b.exe"= TCP:c:\users\ondra\desktop\keygen_mathworks.matlab.r2008b.exe:keygen_mathworks.matlab.r2008b.exe
"TCP Query User{4A011043-4A23-4AE1-819F-498FD927874C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{8F063D71-446B-496C-A7CF-47C212C736FA}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{BC7FA189-0798-4BF3-A9C6-6F921B876674}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{44374E4B-A63D-4E35-8B77-C6FCF2D914E0}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2009-01-28 20384]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2009-01-28 72192]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S2 gupdate1c99b8caf2bcda0;Služba Google Update (gupdate1c99b8caf2bcda0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-16 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2009-01-28 954368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5738299f-0a35-11de-b7b6-001e688f44b3}]
\shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b892018f-ecca-11dd-aac1-001e688f44b3}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:53]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:14]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{1C6ADB9A-D2B9-4187-B9CA-2BD84690C275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.play.cz/listen/listen.php?sh ... &stype=WMA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 19:15:00
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-04-03 19:16:10
ComboFix-quarantined-files.txt 2009-04-03 18:16:07
ComboFix2.txt 2009-04-03 09:23:44
ComboFix3.txt 2009-04-02 19:03:40
Před spuštěním: 27 105 144 832 bytes free
Po spuštění: 27,071,356,928 bytes free
316 --- E O F --- 2009-03-24 16:02:20
***Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:49, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=WMA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c99b8caf2bcda0) (gupdate1c99b8caf2bcda0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10762 bytes
***Už je to všecko OK nebo nějaké fixy v hjt musím udělat? mám problém s Symantecem(norton antivrus) v menu, když kliknu pravým na nějaký soubor, viz: viewtopic.php?f=39&t=39064
díky
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola logu..
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Budeš muset asi opravit wi a Symantec..Tady asi vše.
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O13 - Gopher Prefix:
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Budeš muset asi opravit wi a Symantec..Tady asi vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 77 hostů