Prosim o kontrolu

Zpráva

Kalli · #1 Příspěvek od **Kalli** » 15 lis 2009 14:02

predem dekuji za kontrolu logu....

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kalli at 2009-11-15 13:54:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 32 GB (7%) free of 465 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:12, on 15.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\utorrent\utorrent.exe
C:\Users\Kalli\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\TC UP\totalcmd.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\TC UP\totalcmd.exe
C:\Users\Kalli\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Kalli.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe nhni.goo mgxaig
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kalli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "E:\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [servises] C:\Windows\system32\servises.exe
O4 - HKCU\..\Run: [userini] C:\Windows\system32\userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\Windows\system32\userini.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - E:\GAMES\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9653 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800175409-3391531039-2124801675-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800175409-3391531039-2124801675-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{2C08BCA0-9451-406F-9F86-05C88D4A49C5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~2\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-18 104936]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-29 210216]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2008-10-07 75048]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]
"Google Update"=C:\Users\Kalli\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-16 133104]
"uTorrent"=E:\utorrent\utorrent.exe [2009-01-28 270128]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-07-30 2363392]
"servises"=C:\Windows\system32\servises.exe []
"userini"=C:\Windows\system32\userini.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\Windows\system32\servises.exe []
"userini"=C:\Windows\system32\userini.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50af5012-cae3-11dd-a400-0023543b7f7e}]
shell\AutoRun\command - 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9af99c-eac3-11dd-99d9-0023543b7f7e}]
shell\AutoRun\command - K:\Installer.EXE

======List of files/folders created in the last 1 months======

2009-11-15 13:54:03 ----D---- C:\Program Files (x86)\trend micro
2009-11-15 13:54:02 ----D---- C:\rsit
2009-11-15 02:45:15 ----A---- C:\Windows\system32\a.exe
2009-11-12 00:40:17 ----D---- C:\Program Files (x86)\Call of Duty Modern Warfare 2
2009-11-11 21:20:02 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-11 21:20:01 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-11 21:20:00 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-11 21:20:00 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-11 21:19:59 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-11 21:19:59 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-11 21:19:58 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-11 21:19:56 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-11 21:19:56 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-11 21:19:54 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-11 21:19:53 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-11 21:19:53 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-11 21:19:52 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-11 21:19:52 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-11 21:19:50 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-11 21:19:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-11 21:19:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-11 21:19:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-11 21:19:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-11 21:19:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-05 22:37:06 ----D---- C:\ProgramData\BioWare
2009-11-05 22:10:10 ----D---- C:\Program Files (x86)\Common Files\BioWare
2009-10-27 18:13:45 ----A---- C:\Windows\system32\msvcr90.dll
2009-10-27 18:13:32 ----D---- C:\Program Files (x86)\Miranda IM KP v5.0.8.5

======List of files/folders modified in the last 1 months======

2009-11-15 13:54:12 ----D---- C:\Windows\Prefetch
2009-11-15 13:54:09 ----D---- C:\Windows\Temp
2009-11-15 13:54:03 ----RD---- C:\Program Files (x86)
2009-11-15 12:11:34 ----D---- C:\Windows\System32
2009-11-15 12:11:33 ----D---- C:\Windows\inf
2009-11-15 02:45:15 ----D---- C:\Windows\SysWOW64
2009-11-14 17:07:45 ----D---- C:\Users\Kalli\AppData\Roaming\AIMP
2009-11-14 16:41:01 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-11-14 15:00:16 ----SHD---- C:\System Volume Information
2009-11-14 10:45:28 ----AD---- C:\Windows
2009-11-12 00:05:15 ----SHD---- C:\Windows\Installer
2009-11-12 00:05:12 ----D---- C:\Program Files (x86)\Common Files
2009-11-12 00:05:12 ----D---- C:\Logs
2009-11-11 21:19:12 ----RSD---- C:\Windows\assembly
2009-11-10 01:36:12 ----D---- C:\Windows\system32\drivers
2009-11-07 01:29:00 ----D---- C:\hadejfilm
2009-11-05 22:37:06 ----HD---- C:\ProgramData
2009-11-05 22:33:11 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-11-05 22:32:55 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-11-05 22:31:54 ----D---- C:\ProgramData\Media Center Programs
2009-11-05 18:23:19 ----D---- C:\Program Files (x86)\WPMP150
2009-11-05 18:21:24 ----RSD---- C:\Windows\Fonts
2009-11-05 18:21:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-11-04 01:48:25 ----D---- C:\Program Files (x86)\TC UP
2009-11-02 19:53:39 ----D---- C:\Program Files (x86)\Opera
2009-11-02 01:02:32 ----D---- C:\Program Files (x86)\The KMPlayer
2009-10-30 19:45:29 ----D---- C:\Windows\Logs
2009-10-18 01:00:39 ----D---- C:\Program Files (x86)\ESET
2009-10-16 23:48:41 ----D---- C:\DVD
2009-10-16 18:45:18 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z); C:\Windows\system32\DRIVERS\tcpz-x64d.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S2 CrackTcpip;Crack Tcpip; C:\Windows\system32\drivers\CrackTcpip.sys []
S2 srenum;srenum; SysWOW64\DRIVERS\srenum.sys []
S3 ay4kpo43;ay4kpo43; C:\Windows\system32\drivers\ay4kpo43.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 ndisrd;WinpkFilter Service; C:\Windows\system32\DRIVERS\ndisrd.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-07-01 468224]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-11 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-09-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-14 215104]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-08-20 244904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\GAMES\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 21760]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 15 lis 2009 17:44

Vidím tam minimálně jednoho trojáka. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Kalli · #3 Příspěvek od **Kalli** » 17 lis 2009 21:11

Rudy píše:Vidím tam minimálně jednoho trojáka. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

myslel jsem si to, antivir mi neco podobneho hlasil ale nesel vylecit....

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3188
Windows 6.0.6001 Service Pack 1

17.11.2009 21:09:41
mbam-log-2009-11-17 (21-09-36).txt

Typ kontroly: Kompletní kontrola (C:\|E:\|)
Zkontrolované objekty: 425823
Uplynulý čas: 1 hour(s), 11 minute(s), 11 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 4
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe nhni.goo mgxaig) Good: (Explorer.exe) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\System32\a.exe (Backdoor.Bot) -> No action taken.

#4 Příspěvek od **Rudy** » 17 lis 2009 22:05

Vše smažte.

Kalli · #5 Příspěvek od **Kalli** » 19 lis 2009 19:31

Rudy píše:Vše smažte.

smazano a prikladam novy log...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kalli at 2009-11-19 19:30:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 46 GB (10%) free of 465 GB
Total RAM: 4094 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:05, on 19.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\utorrent\utorrent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Kalli\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Miranda IM KP v5.0.8.5\miranda32.exe
C:\Users\Kalli\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Kalli.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kalli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "E:\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - E:\GAMES\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9498 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800175409-3391531039-2124801675-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800175409-3391531039-2124801675-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{2C08BCA0-9451-406F-9F86-05C88D4A49C5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~2\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-18 104936]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-29 210216]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2008-10-07 75048]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]
"Google Update"=C:\Users\Kalli\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-16 133104]
"uTorrent"=E:\utorrent\utorrent.exe [2009-01-28 270128]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-07-30 2363392]
"Steam"=c:\program files (x86)\steam\steam.exe [2009-11-17 1217808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9af99c-eac3-11dd-99d9-0023543b7f7e}]
shell\AutoRun\command - K:\setup.exe

======List of files/folders created in the last 1 months======

2009-11-17 19:39:55 ----D---- C:\Users\Kalli\AppData\Roaming\Malwarebytes
2009-11-17 19:39:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-11-17 13:28:28 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-11-17 13:28:26 ----D---- C:\Program Files (x86)\Steam
2009-11-16 16:55:03 ----D---- C:\Program Files (x86)\ABBYY PDF Transformer 2.0
2009-11-16 16:53:38 ----D---- C:\Temp
2009-11-16 00:12:38 ----D---- C:\Users\Kalli\AppData\Roaming\HpUpdate
2009-11-16 00:12:35 ----D---- C:\Windows\Hewlett-Packard
2009-11-15 13:54:03 ----D---- C:\Program Files (x86)\trend micro
2009-11-15 13:54:02 ----D---- C:\rsit
2009-11-12 00:40:17 ----D---- C:\Program Files (x86)\Call of Duty Modern Warfare 2
2009-11-11 21:20:02 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-11 21:20:01 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-11 21:20:00 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-11 21:20:00 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-11 21:19:59 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-11 21:19:59 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-11 21:19:58 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-11 21:19:56 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-11 21:19:56 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-11 21:19:54 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-11 21:19:53 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-11 21:19:53 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-11 21:19:52 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-11 21:19:52 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-11 21:19:50 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-11 21:19:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-11 21:19:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-11 21:19:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-11 21:19:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-11 21:19:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-05 22:37:06 ----D---- C:\ProgramData\BioWare
2009-11-05 22:10:10 ----D---- C:\Program Files (x86)\Common Files\BioWare
2009-10-27 18:13:45 ----A---- C:\Windows\system32\msvcr90.dll
2009-10-27 18:13:32 ----D---- C:\Program Files (x86)\Miranda IM KP v5.0.8.5

======List of files/folders modified in the last 1 months======

2009-11-19 19:30:05 ----D---- C:\Windows\Prefetch
2009-11-19 19:30:03 ----D---- C:\Windows\Temp
2009-11-19 19:02:19 ----SHD---- C:\System Volume Information
2009-11-19 17:08:02 ----D---- C:\Windows\System32
2009-11-19 17:08:02 ----D---- C:\Windows\inf
2009-11-19 00:03:57 ----D---- C:\hadejfilm
2009-11-18 21:19:15 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-11-18 17:57:51 ----D---- C:\Users\Kalli\AppData\Roaming\AIMP
2009-11-17 21:33:49 ----RD---- C:\Program Files (x86)
2009-11-17 21:21:59 ----A---- C:\Windows\system32\BReWErS.dll
2009-11-17 21:21:48 ----AD---- C:\Windows
2009-11-17 21:19:55 ----D---- C:\Windows\SysWOW64
2009-11-17 19:39:48 ----D---- C:\Windows\system32\drivers
2009-11-17 13:28:29 ----SHD---- C:\Windows\Installer
2009-11-17 13:28:28 ----D---- C:\Program Files (x86)\Common Files
2009-11-17 13:27:17 ----RSD---- C:\Windows\assembly
2009-11-16 00:12:53 ----D---- C:\Program Files (x86)\HP
2009-11-12 00:05:12 ----D---- C:\Logs
2009-11-05 22:37:06 ----HD---- C:\ProgramData
2009-11-05 22:33:11 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-11-05 22:32:55 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-11-05 22:31:54 ----D---- C:\ProgramData\Media Center Programs
2009-11-05 18:23:19 ----D---- C:\Program Files (x86)\WPMP150
2009-11-05 18:21:24 ----RSD---- C:\Windows\Fonts
2009-11-05 18:21:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-11-04 01:48:25 ----D---- C:\Program Files (x86)\TC UP
2009-11-02 19:53:39 ----D---- C:\Program Files (x86)\Opera
2009-11-02 01:02:32 ----D---- C:\Program Files (x86)\The KMPlayer
2009-10-30 19:45:29 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z); C:\Windows\system32\DRIVERS\tcpz-x64d.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S2 CrackTcpip;Crack Tcpip; C:\Windows\system32\drivers\CrackTcpip.sys []
S2 srenum;srenum; SysWOW64\DRIVERS\srenum.sys []
S3 a5gjl39d;a5gjl39d; C:\Windows\system32\drivers\a5gjl39d.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 ndisrd;WinpkFilter Service; C:\Windows\system32\DRIVERS\ndisrd.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-07-01 468224]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-11 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-09-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-18 215104]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-08-20 244904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\GAMES\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 21760]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-06-30 316664]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 19 lis 2009 20:03

Log vypadá čistý.

Kalli · #7 Příspěvek od **Kalli** » 04 dub 2010 13:38

dekuji za kontrolu

#8 Příspěvek od **Rudy** » 04 dub 2010 16:02

Nemáte zač!

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu