zaujimava hlaska
Napsal: 01 zář 2010 11:31
Dobry den. Chcem poprosit o radu s tymto svinstvom. Pri pokuse o otvoreni stranky napr seznam.cz sa zobrazi tato hlaska:
Vaše PC obsahuje škodlivý kód proto byla jeho činnost na 1H pozastavena prosím tímto o nápravu a odvirováni! PC.
Symantec endpoint protection 11.0 ani spybot nic nenasiel, DNS je nastavene spravne, ani v hosts nic nie je. Prikladam vypis z hijackthis. Dik.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:41, on 1.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\kennametal\tool reporter\toolreporter.datasynchservice.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Nero\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\_backup\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 12ý
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\TRANSLAT\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit poekladae - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Poeložit &oznaeený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Poeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.gdw
O15 - Trusted Zone: http://euvpn.kennametal.com
O15 - Trusted Zone: *.kennametal.com
O15 - Trusted Zone: *.kmt.kmtl.com
O15 - Trusted Zone: *.kmtl.com
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {1BE1E882-0CEA-11D5-9667-00B0D06BAB06} (ToolPackDwgs.AssocDwgs) - http://gdw/controls/ToolPackDwgs.CAB
O16 - DPF: {20DD1B9E-87C4-11D1-8BE3-0000F8754DA1} (Microsoft Date and Time Picker Control, version 6.0) - http://gdw/controls/mscomct2.cab
O16 - DPF: {2540933D-13BA-4BC9-8FB8-160BE8AC1562} (Chooser Class) - http://gdw/controls/filechooser.CAB
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://euvpn.kennametal.com/vdesk/cach ... ,1010,0301
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://euvpn.kennametal.com/vdesk/term ... 5535,65535
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {4168B577-2E83-11D5-BC83-204C4F4F5020} (AssociatedFilesCtrl.AssociatedFiles) - http://gdw/controls/AssociatedFiles.CAB
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,310
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://euvpn.kennametal.com/vdesk/term ... ,1010,0312
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {50D7ED6A-C328-4E08-8B27-05D18F256390} (EANDrawings.AffectedDrawings) - http://gdw/controls/affectedDrawingsCtrl.CAB
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://mymail.kennametal.com/vdesk/ter ... ,1010,0303
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3149130668
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B44068E-B1D5-4288-B1B3-6F30A53E18D5} (Quest3D Control) - http://www.quest3d.com/webplugin/downlo ... ctivex.cab
O16 - DPF: {B06CF94E-6002-11D5-BCEA-204C4F4F5020} (ftpUpload.ftpUp1) - http://gdw/controls/ftpUpload.CAB
O16 - DPF: {BBF0DEE9-C553-4348-8709-DB0CE725B775} (ZipDownloader Class) - http://gdw/controls/kmtZipDownloader.CAB
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,308
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,304
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://euvpn.kennametal.com/policy/dow ... ,1010,0309
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://gdw/controls/acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O17 - HKLM\Software\..\Telephony: DomainName = kmt.kmtl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSynchServices - Kennametal Inc. - c:\program files\kennametal\tool reporter\toolreporter.datasynchservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9cd838d423bb6) (gupdate1c9cd838d423bb6) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - D:\Nero\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Jedno přihlášení do programu Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
Vaše PC obsahuje škodlivý kód proto byla jeho činnost na 1H pozastavena prosím tímto o nápravu a odvirováni! PC.
Symantec endpoint protection 11.0 ani spybot nic nenasiel, DNS je nastavene spravne, ani v hosts nic nie je. Prikladam vypis z hijackthis. Dik.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:41, on 1.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\kennametal\tool reporter\toolreporter.datasynchservice.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Nero\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\_backup\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 12ý
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\TRANSLAT\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit poekladae - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Poeložit &oznaeený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Poeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.gdw
O15 - Trusted Zone: http://euvpn.kennametal.com
O15 - Trusted Zone: *.kennametal.com
O15 - Trusted Zone: *.kmt.kmtl.com
O15 - Trusted Zone: *.kmtl.com
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {1BE1E882-0CEA-11D5-9667-00B0D06BAB06} (ToolPackDwgs.AssocDwgs) - http://gdw/controls/ToolPackDwgs.CAB
O16 - DPF: {20DD1B9E-87C4-11D1-8BE3-0000F8754DA1} (Microsoft Date and Time Picker Control, version 6.0) - http://gdw/controls/mscomct2.cab
O16 - DPF: {2540933D-13BA-4BC9-8FB8-160BE8AC1562} (Chooser Class) - http://gdw/controls/filechooser.CAB
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://euvpn.kennametal.com/vdesk/cach ... ,1010,0301
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://euvpn.kennametal.com/vdesk/term ... 5535,65535
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {4168B577-2E83-11D5-BC83-204C4F4F5020} (AssociatedFilesCtrl.AssociatedFiles) - http://gdw/controls/AssociatedFiles.CAB
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,310
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://euvpn.kennametal.com/vdesk/term ... ,1010,0312
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {50D7ED6A-C328-4E08-8B27-05D18F256390} (EANDrawings.AffectedDrawings) - http://gdw/controls/affectedDrawingsCtrl.CAB
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://mymail.kennametal.com/vdesk/ter ... ,1010,0303
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3149130668
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B44068E-B1D5-4288-B1B3-6F30A53E18D5} (Quest3D Control) - http://www.quest3d.com/webplugin/downlo ... ctivex.cab
O16 - DPF: {B06CF94E-6002-11D5-BCEA-204C4F4F5020} (ftpUpload.ftpUp1) - http://gdw/controls/ftpUpload.CAB
O16 - DPF: {BBF0DEE9-C553-4348-8709-DB0CE725B775} (ZipDownloader Class) - http://gdw/controls/kmtZipDownloader.CAB
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,308
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://euvpn.kennametal.com/vdesk/term ... 9,1010,304
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://euvpn.kennametal.com/policy/dow ... ,1010,0309
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - https://euvpn.kennametal.com/vdesk/term ... ,1218,2305
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://gdw/controls/acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O17 - HKLM\Software\..\Telephony: DomainName = kmt.kmtl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kmt.kmtl.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSynchServices - Kennametal Inc. - c:\program files\kennametal\tool reporter\toolreporter.datasynchservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9cd838d423bb6) (gupdate1c9cd838d423bb6) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - D:\Nero\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Jedno přihlášení do programu Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\