Prosím o kontrolu logu z ComboFix

Problematika virů a antivirů, zabezpečení PC - firewall, spyware, atd.
Odpovědět
zdhlavaty
Nováček
Nováček
Registrován: 25. bře 2010

Prosím o kontrolu logu z ComboFix

Příspěvek od zdhlavaty »

Dobry den,posím o kontrolu logu z ComboFix.
Dostala se mi do počítače nějaká havěť.
Děkuji.
Z.Hlavatý
ComboFix 10-03-28.03 - Zdeněk - Hlavatý 2010-03-29 19:02:47.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1022.693 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk - Hlavatý\Plocha\dddd.exe
AV: avast! antivirus 4.8.1368 [VPS 100329-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 16:03 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-29 16:03 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-29 15:48 . 2010-03-29 15:48 -------- d-----w- C:\dddd
2010-03-29 15:48 . 2010-03-29 15:47 390144 ----a-w- c:\windows\system32\CF30186.exe
2010-03-29 15:46 . 2010-03-29 15:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 15:28 . 2010-03-29 15:28 390144 ----a-w- c:\windows\system32\CF26463.exe
2010-03-29 14:32 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-03-29 14:32 . 2010-03-13 03:53 358944 ----a-w- c:\windows\vncutil.exe
2010-03-29 14:32 . 2010-03-13 03:53 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-29 14:31 . 2010-03-13 03:53 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-29 14:31 . 2010-03-13 03:53 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-29 14:31 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-03-29 14:20 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-29 13:07 . 2010-03-29 13:07 -------- d-----w- c:\program files\Driver Genius
2010-03-28 22:58 . 2009-10-20 15:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-03-26 07:09 . 2010-01-05 08:58 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-26 07:09 . 2010-01-05 08:58 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-26 07:08 . 2009-06-29 07:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-03-26 07:08 . 2010-01-05 08:58 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-26 07:08 . 2010-01-05 08:57 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-03-26 07:08 . 2010-01-05 08:57 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-03-26 07:08 . 2009-12-31 14:33 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-26 07:08 . 2010-01-05 08:58 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-25 18:20 . 2008-06-14 16:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-25 18:17 . 2009-06-10 07:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-03-25 18:17 . 2009-12-09 09:11 2191360 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-25 18:17 . 2009-12-09 09:11 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-25 18:16 . 2009-12-09 09:11 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-25 18:16 . 2009-12-09 09:11 2068224 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-25 18:16 . 2009-12-04 17:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-25 15:53 . 2010-03-25 15:53 390144 ----a-w- c:\windows\system32\CF28554.exe
2010-03-25 15:09 . 2008-04-14 11:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-25 15:09 . 2008-04-14 11:00 31360 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-03-25 15:09 . 2008-04-14 11:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2010-03-25 15:09 . 2008-04-14 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-03-25 15:09 . 2008-04-14 11:00 455168 ----a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-03-25 15:09 . 2008-04-14 11:00 44032 ----a-w- c:\windows\system32\dllcache\tintlphr.exe
2010-03-25 15:09 . 2008-04-14 11:00 10240 ----a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-03-25 15:09 . 2008-04-14 11:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-03-25 15:09 . 2008-04-14 11:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2010-03-25 15:09 . 2008-04-14 11:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2010-03-25 15:09 . 2008-04-14 11:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-03-25 15:07 . 2008-04-14 11:00 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-03-25 15:06 . 2003-04-14 18:48 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-03-25 15:04 . 2008-04-14 11:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-25 15:03 . 2008-04-14 11:00 32768 ----a-w- c:\windows\system32\dllcache\icwdl.dll
2010-03-25 15:03 . 2008-04-14 11:00 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-03-25 15:03 . 2008-04-14 11:00 215552 ----a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-03-25 15:03 . 2008-04-14 11:00 20480 ----a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-03-25 14:59 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-03-25 14:59 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-03-25 14:59 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-03-25 14:59 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-03-25 14:51 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-03-25 14:50 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-25 14:50 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-25 14:50 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-25 14:50 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-25 07:19 . 2010-03-25 07:19 -------- d-----w- c:\program files\Spyware Terminator
2010-03-25 06:25 . 2007-01-18 11:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-24 20:57 . 2010-03-24 20:57 -------- d-----w- c:\program files\AVG
2010-03-24 18:57 . 2010-03-24 18:57 -------- d-----w- C:\FOUND.002
2010-03-24 11:10 . 2010-03-24 11:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-23 17:43 . 2010-03-23 17:43 -------- d-----w- c:\documents and settings\Zdeněk Hlavatý
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-03-23 17:35 . 2010-03-23 17:35 -------- d-sh--w- c:\documents and settings\All Users.WINDOWSA\DRM
2010-03-23 17:20 . 2010-03-23 17:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWSA
2010-03-23 17:20 . 2010-03-23 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWSA
2010-03-23 17:14 . 2010-03-23 17:14 -------- d-----w- C:\WINDOWSA
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\windows\Performance
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-12 16:44 . 2008-11-11 14:55 -------- d-----w- C:\FAMILY_10883
2010-03-12 16:43 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10882
2010-03-12 16:41 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10881
2010-03-12 15:38 . 2010-03-12 15:38 -------- d-----w- C:\OziExplorer
2010-03-11 11:16 . 2010-03-11 11:16 -------- d-----w- c:\program files\Enigma Codebook Tool
2010-03-11 11:15 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-03-10 19:22 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 17:06 . 2003-04-19 02:17 528328 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 17:06 . 2003-04-19 02:17 118794 ----a-w- c:\windows\system32\perfc005.dat
2010-03-25 15:02 . 2003-04-19 01:11 23588 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 03:53 . 2005-11-01 22:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-13 03:53 . 2005-10-20 20:49 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-13 03:53 . 2005-11-16 18:27 19521056 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-13 03:53 . 2005-09-20 17:24 84512 ----a-w- c:\windows\SoundMan.exe
2010-03-13 03:53 . 2005-10-10 20:33 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-13 03:53 . 2005-09-06 17:40 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-13 03:53 . 2005-05-03 01:43 64032 ----a-w- c:\windows\Alcmtr.exe
2010-03-13 03:41 . 2005-11-16 22:45 5867040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-26 09:20 . 2005-04-16 05:20 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-24 08:16 . 2009-10-02 23:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:34 . 2008-10-16 17:58 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-18 10:24 . 2010-02-18 10:24 -------- d-----w- c:\program files\Web TV Pro
2010-01-15 09:44 . 2010-01-15 09:44 1015144 ----a-w- C:\MapInstallELL.dll
2010-01-15 09:44 . 2010-01-15 09:44 1012584 ----a-w- C:\MapInstallDEU.dll
2010-01-15 09:44 . 2010-01-15 09:44 992104 ----a-w- C:\MapInstallDAN.dll
2010-01-15 09:44 . 2010-01-15 09:44 996200 ----a-w- C:\MapInstallCSY.dll
2010-01-15 09:44 . 2010-01-15 09:44 919400 ----a-w- C:\MapInstallCHT.dll
2010-01-15 09:44 . 2010-01-15 09:44 917864 ----a-w- C:\MapInstallCHS.dll
2010-01-15 09:44 . 2010-01-15 09:44 8140136 ----a-w- C:\MapInstall.exe
2010-01-15 09:09 . 2010-01-15 09:09 953704 ----a-w- C:\MapSourcePLK.dll
2010-01-15 09:08 . 2010-01-15 09:08 941416 ----a-w- C:\MapSourceTRK.dll
2010-01-15 09:06 . 2010-01-15 09:06 960872 ----a-w- C:\MapSourceESN.dll
2010-01-15 09:06 . 2010-01-15 09:06 971112 ----a-w- C:\MapSourceELL.dll
2010-01-15 09:06 . 2010-01-15 09:06 967528 ----a-w- C:\MapSourceDEU.dll
2010-01-15 09:06 . 2010-01-15 09:06 941416 ----a-w- C:\MapSourceDAN.dll
2010-01-15 09:06 . 2010-01-15 09:06 947048 ----a-w- C:\MapSourceCSY.dll
2010-01-15 09:06 . 2010-01-15 09:06 853352 ----a-w- C:\MapSourceCHT.dll
2010-01-15 09:06 . 2010-01-15 09:06 852328 ----a-w- C:\MapSourceCHS.dll
2010-01-15 09:06 . 2010-01-15 09:06 11921768 ----a-w- C:\MapSource.exe
2010-01-13 16:24 . 2008-06-26 04:15 6598656 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-01-12 06:34 . 2009-08-17 11:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-05 08:58 . 2008-04-14 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 08:57 . 2008-04-14 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 15:50 . 2008-04-14 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

Kód: Vybrat vše

<pre>
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Intel\Wireless\Bin\eouwiz .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\Acer\OrbiCam\installhelper .exe
c:\program files\Acer\OrbiCam\cameraassistant .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Launch Manager\qtzgacer .exe
c:\program files\Spyware Terminator\spywareterminatorshield .exe
c:\program files\Spyware Terminator\spywareterminatorupdate .exe
c:\program files\IObit\Advanced WindowsCare V2\memcleaner       .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft ActiveSync\wcescomm         .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\firststart .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\mmonitor      .exe
c:\program files\MSI\Digi Vox AD\DTVR\scheduled .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\Canon\MultiPASS4\mptbox .exe
c:\program files\Canon\MultiPASS4\monitr32 .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-03-29_16.06.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-19 02:17 . 2010-03-29 17:06 531230 c:\windows\system32\perfh009.dat
+ 2003-04-19 02:17 . 2010-03-29 17:06 106984 c:\windows\system32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-13 19521056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-14 11:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Garmin\\UMP-pcPL\\rsync.exe"=
"c:\\Program Files\\MSI\\Digi Vox AD\\DTVR\\DTVR.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Wisco\\SynchPst\\SynchPst.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spyware Terminator\\spywareterminatorupdate .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-27 20560]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-17 691696]
S1 kcpkobnn;kcpkobnn;\??\c:\windows\system32\drivers\kcpkobnn.sys --> c:\windows\system32\drivers\kcpkobnn.sys [?]
S2 gupdate1c9ddeee83ed39a;Služba Google Update (gupdate1c9ddeee83ed39a);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
S2 MSSQL$ELISKACLIENT2008;SQL Server (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe" -sELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-03-29 1691480]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2005-11-30 1088896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$ELISKACLIENT2008;SQL Server Agent (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE" -i ELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-03-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-24 12:11]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659754447-3941593778-4232737989-1006Core1cacb49162d37d6.job
- c:\documents and settings\Zden [2009-05-13 13:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://web.volny.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - component: c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\ZDENIK~1\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-29 19:10:19
ComboFix-quarantined-files.txt 2010-03-29 17:10
ComboFix2.txt 2010-03-29 16:12

Před spuštěním: Volných bajtů: 11,944,919,040
Po spuštění: Volných bajtů: 11,903,107,072

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B936116C3082BC815CC4D5071594745E
jan.svoboda
Středně pokročilý
Středně pokročilý
Registrován: 25. pro 2009
Bydliště: Chrudim

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od jan.svoboda »

Ahoj, něco málo tam vidět je, dej sem ještě prosím log z MBAMu a uvidíme.
Stáhněte Malwarebytes' Anti-Malware - http://viry.cz/forum/viewtopic.php?f=29&t=67229
Dejte úplný sken C systém
Log sem, nic nemazat až po posouzení logu :!: :!:
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
zdhlavaty
Nováček
Nováček
Registrován: 25. bře 2010

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od zdhlavaty »

Ahoj,nějak jsem si to neuvědomil a dal rychlý sken a poskenovaní infikované soubory smazal.
Posílám log(1) rychlého skenu před smazanim a log (2) uplného skenu po smazání.

log 1
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.4.2010 8:55:25
mbam-log-2010-04-02 (08-55-25).txt

Typ skenu: Rychlý sken
Skenované objekty: 138742
Uplynulý čas: 6 minuta(y), 40 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 2
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7a4dfc1-32c7-4a3c-bfac-21b526a00347} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7a4dfc1-32c7-4a3c-bfac-21b526a00347} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\48549939 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

Infikované soubory:
C:\WINDOWS\system32\SystemX86\EF.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) ->
Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

log 2
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.4.2010 9:49:35
mbam-log-2010-04-02 (09-49-35).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 247320
Uplynulý čas: 47 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
jan.svoboda
Středně pokročilý
Středně pokročilý
Registrován: 25. pro 2009
Bydliště: Chrudim

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od jan.svoboda »

Kéž by někdo četl všechno, co píšu...
Log sem, nic nemazat až po posouzení logu :!: :!:
No nic, naštěstí MBAM neměl žádný planý poplach, takže smazání bylo v pořádku, ale v případě, že by označil jako infikovaný nějaký důležitý soubor (ač je to vynikající skener, taky není neomylný), máme problém navíc, případně reinstal PC.

OK, tak po promazání MBAMem sem dej ještě aktuální log z ComboFixu, pokud tam něco zbylo, domažeme to.
Stahni si ComboFix
( http://download.bleepingcomputer.com/sUBs/ComboFix.exe , http://www.forospyware.com/sUBs/ComboFix.exe ) na plochu,

beta: http://download.bleepingcomputer.com/sU ... ttyFix.exe

- ukoncete vsechna aktivni okna a spuste ho pod uctem administratora.
- potvrdte licencni podminky - klik na "Ano", pripadne dalsi vyzvy programu.
- zapiste si informace proc se ukoncil nebo co mu brani v provozu (sdelte radci)
- nechte stahnout i nainstalovat recovery konzolu (velmi doporucuji)
- behem skenu neklikejte do zobrazeneho okna, je mozne ze CF restartuje PC.
- sken by mel trvat max. 20 minut. Pokud ani do uvedene doby nedojde k jeho ukonceni, ukoncite ho, kdy uvedeny problem nahlaste radci.
- po ukonceni se otevre log (textovy soubor) - pokud se tak nestane lze log najit C:\ComboFix.txt - cely obsah logu zkopirujte do sveho prispevku
BTW: Ani ComboFix bych nedoporučoval používat bez doporučení, neodbornou manipulací se s ním dá napáchat taky hodně škod...

No a neškodil by ani log z HijackThis, pro jistotu. Stáhni jej třeba odtud http://go.trendmicro.com/free-tools/hij ... ckThis.exe a spusť, klikni na Do a system scan and save a log, po chvíli se zobrazí log v Poznámkovém dokumentu, jeho obsah sem vlož.
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
zdhlavaty
Nováček
Nováček
Registrován: 25. bře 2010

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od zdhlavaty »

S tím mazáním jsem se uklep

log z ComboFix

ComboFix 10-04-01.02 - Zdeněk - Hlavatý 02.04.2010 11:22:37.7.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.410 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk - Hlavatý\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ZdenŘk - Hlavatě\Dokumenty\cc_20100329_191641.reg 29.3..reg
c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-02 do 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 06:45 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 06:45 . 2010-04-02 06:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 06:45 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 11:12 . 2010-03-31 11:12 -------- d-----w- C:\dddd13809d
2010-03-31 06:51 . 2009-10-20 15:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-03-31 06:31 . 2010-03-31 06:31 -------- d-----w- C:\dddd24288d
2010-03-31 06:22 . 2010-03-31 06:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-03-30 17:49 . 2010-03-30 17:49 -------- d-----w- C:\dddd10155d
2010-03-30 16:43 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-30 16:43 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-30 16:43 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-30 16:43 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-30 16:43 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-30 16:43 . 2010-03-30 16:43 -------- d-----w- c:\program files\Trojan Remover
2010-03-30 08:09 . 2005-11-29 12:14 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-03-30 08:00 . 2010-03-30 08:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-30 07:57 . 2010-03-30 07:57 -------- d-----w- c:\windows\tiinst
2010-03-30 07:52 . 2001-12-12 10:08 65536 ----a-w- c:\windows\system32\FxRedir.exe
2010-03-30 07:16 . 2010-02-25 06:18 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-30 07:16 . 2010-02-25 06:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-30 07:16 . 2010-02-25 06:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-30 07:16 . 2010-02-25 06:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-30 07:16 . 2010-02-25 06:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-30 07:16 . 2010-02-25 09:48 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-30 07:10 . 2008-06-14 16:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-30 07:08 . 2009-06-10 07:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-03-30 07:08 . 2009-12-09 09:11 2191360 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-30 07:08 . 2009-12-09 09:11 2068224 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-30 07:08 . 2009-12-09 09:11 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-30 07:08 . 2009-12-09 09:11 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-30 07:08 . 2009-12-04 17:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-30 07:08 . 2009-11-27 16:14 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-03-30 07:07 . 2009-11-27 15:09 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-30 07:07 . 2009-11-27 15:09 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-30 06:59 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-03-30 06:58 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-03-30 04:38 . 2010-03-30 04:38 -------- d-----w- C:\FOUND.003
2010-03-30 02:12 . 2008-04-14 12:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-03-30 02:07 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-03-30 02:07 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-03-30 02:07 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-03-30 02:07 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-03-29 22:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-03-29 22:42 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-29 22:42 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-29 22:42 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-29 22:42 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-29 18:47 . 2010-03-29 18:47 -------- d-----w- c:\program files\Uniblue
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\windows\ie8updates
2010-03-29 18:39 . 2010-03-29 18:39 -------- d-----w- c:\program files\PCPitstop
2010-03-29 18:35 . 2010-03-29 18:35 -------- d--h--w- c:\windows\ie8
2010-03-29 17:32 . 2010-03-29 17:32 -------- d-----w- c:\program files\Alwil Software
2010-03-29 17:02 . 2010-03-29 17:02 -------- d-----w- C:\dddd22288d
2010-03-29 15:48 . 2010-03-29 15:48 -------- d-----w- C:\dddd
2010-03-29 15:46 . 2010-03-29 15:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 14:32 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-03-29 14:32 . 2010-03-13 03:53 358944 ----a-w- c:\windows\vncutil.exe
2010-03-29 14:32 . 2010-03-13 03:53 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-29 14:31 . 2010-03-13 03:53 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-29 14:31 . 2010-03-13 03:53 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-29 14:31 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-03-29 14:20 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-29 13:07 . 2010-03-29 13:07 -------- d-----w- c:\program files\Driver Genius
2010-03-25 15:04 . 2008-04-14 12:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-25 15:03 . 2008-04-14 12:00 32768 ----a-w- c:\windows\system32\dllcache\icwdl.dll
2010-03-25 15:03 . 2008-04-14 12:00 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-03-25 15:03 . 2008-04-14 12:00 215552 ----a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-03-25 15:03 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-03-25 07:19 . 2010-03-25 07:19 -------- d-----w- c:\program files\Spyware Terminator
2010-03-25 06:25 . 2007-01-18 11:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-24 20:57 . 2010-03-24 20:57 -------- d-----w- c:\program files\AVG
2010-03-24 18:57 . 2010-03-24 18:57 -------- d-----w- C:\FOUND.002
2010-03-24 11:10 . 2010-03-24 11:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-23 17:43 . 2010-03-23 17:43 -------- d-----w- c:\documents and settings\Zdeněk Hlavatý
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-03-23 17:35 . 2010-03-23 17:35 -------- d-sh--w- c:\documents and settings\All Users.WINDOWSA\DRM
2010-03-23 17:20 . 2010-03-23 17:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWSA
2010-03-23 17:20 . 2010-03-23 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWSA
2010-03-23 17:14 . 2010-03-23 17:14 -------- d-----w- C:\WINDOWSA
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\windows\Performance
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-12 16:44 . 2008-11-11 14:55 -------- d-----w- C:\FAMILY_10883
2010-03-12 16:43 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10882
2010-03-12 16:41 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10881
2010-03-12 15:38 . 2010-03-12 15:38 -------- d-----w- C:\OziExplorer
2010-03-11 11:16 . 2010-03-11 11:16 -------- d-----w- c:\program files\Enigma Codebook Tool
2010-03-11 11:15 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-03-10 19:22 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 17:53 . 2003-04-19 02:17 528328 ----a-w- c:\windows\system32\perfh005.dat
2010-03-30 17:53 . 2003-04-19 02:17 118794 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 02:09 . 2003-04-19 01:11 23588 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 10:24 . 2008-06-27 09:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 10:24 . 2008-06-27 09:43 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 10:12 . 2008-06-27 09:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 10:12 . 2008-06-27 09:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 10:09 . 2008-06-27 09:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 10:08 . 2008-06-27 09:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 10:08 . 2008-06-27 09:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 10:08 . 2008-06-27 09:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 10:08 . 2008-06-27 09:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-26 09:20 . 2005-04-16 05:20 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-25 06:18 . 2008-04-14 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 08:16 . 2009-10-02 23:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:34 . 2008-10-16 17:58 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-18 10:24 . 2010-02-18 10:24 -------- d-----w- c:\program files\Web TV Pro
2010-01-15 09:44 . 2010-01-15 09:44 1015144 ----a-w- C:\MapInstallELL.dll
2010-01-15 09:44 . 2010-01-15 09:44 1012584 ----a-w- C:\MapInstallDEU.dll
2010-01-15 09:44 . 2010-01-15 09:44 992104 ----a-w- C:\MapInstallDAN.dll
2010-01-15 09:44 . 2010-01-15 09:44 996200 ----a-w- C:\MapInstallCSY.dll
2010-01-15 09:44 . 2010-01-15 09:44 919400 ----a-w- C:\MapInstallCHT.dll
2010-01-15 09:44 . 2010-01-15 09:44 917864 ----a-w- C:\MapInstallCHS.dll
2010-01-15 09:44 . 2010-01-15 09:44 8140136 ----a-w- C:\MapInstall.exe
2010-01-15 09:09 . 2010-01-15 09:09 953704 ----a-w- C:\MapSourcePLK.dll
2010-01-15 09:08 . 2010-01-15 09:08 941416 ----a-w- C:\MapSourceTRK.dll
2010-01-15 09:06 . 2010-01-15 09:06 960872 ----a-w- C:\MapSourceESN.dll
2010-01-15 09:06 . 2010-01-15 09:06 971112 ----a-w- C:\MapSourceELL.dll
2010-01-15 09:06 . 2010-01-15 09:06 967528 ----a-w- C:\MapSourceDEU.dll
2010-01-15 09:06 . 2010-01-15 09:06 941416 ----a-w- C:\MapSourceDAN.dll
2010-01-15 09:06 . 2010-01-15 09:06 947048 ----a-w- C:\MapSourceCSY.dll
2010-01-15 09:06 . 2010-01-15 09:06 853352 ----a-w- C:\MapSourceCHT.dll
2010-01-15 09:06 . 2010-01-15 09:06 852328 ----a-w- C:\MapSourceCHS.dll
2010-01-15 09:06 . 2010-01-15 09:06 11921768 ----a-w- C:\MapSource.exe
2010-01-13 16:24 . 2008-06-26 04:15 6598656 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-01-12 06:34 . 2009-08-17 11:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.

Kód: Vybrat vše

<pre>
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Intel\Wireless\Bin\eouwiz .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\Acer\OrbiCam\installhelper .exe
c:\program files\Acer\OrbiCam\cameraassistant .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Launch Manager\qtzgacer .exe
c:\program files\Spyware Terminator\spywareterminatorshield .exe
c:\program files\Spyware Terminator\spywareterminatorupdate .exe
c:\program files\IObit\Advanced WindowsCare V2\memcleaner       .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft ActiveSync\wcescomm         .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\firststart .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\mmonitor      .exe
c:\program files\MSI\Digi Vox AD\DTVR\scheduled .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\Canon\MultiPASS4\mptbox .exe
c:\program files\Canon\MultiPASS4\monitr32 .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 151552]
"monitr32"="c:\program files\Canon\MultiPASS4\monitr32.exe" [2002-11-05 315392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"fxredir"="c:\windows\system32\fxredir.exe" [2001-12-12 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-14 11:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Garmin\\UMP-pcPL\\rsync.exe"=
"c:\\Program Files\\MSI\\Digi Vox AD\\DTVR\\DTVR.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Wisco\\SynchPst\\SynchPst.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spyware Terminator\\spywareterminatorupdate .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.6.2008 11:44 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.11.2008 15:11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.11.2008 15:11 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.6.2008 11:44 19024]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 8:13 34064]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 5:28 1088896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.8.2009 13:55 691696]
S1 kcpkobnn;kcpkobnn;\??\c:\windows\system32\drivers\kcpkobnn.sys --> c:\windows\system32\drivers\kcpkobnn.sys [?]
S2 gupdate1c9ddeee83ed39a;Služba Google Update (gupdate1c9ddeee83ed39a);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 12:44 133104]
S2 MSSQL$ELISKACLIENT2008;SQL Server (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe" -sELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.3.2010 16:32 1691480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.11.2008 15:11 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$ELISKACLIENT2008;SQL Server Agent (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE" -i ELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - UBHELPER
.
Obsah adresáře 'Naplánované úlohy'

2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-04-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-24 12:11]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659754447-3941593778-4232737989-1006Core1cacb49162d37d6.job
- c:\documents and settings\Zden [2009-05-13 13:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://web.volny.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - component: c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{90A23DD7-4841-4F02-A83D-DAAFF4E8E365} - (no file)
Notify-95416dc623 - (no file)
Notify-geBqNhFY - (no file)
AddRemove-HijackThis - c:\documents and settings\Zdeněk - Hlavatý\Plocha\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 11:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\ZDENIK~1\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Canon\MultiPASS4\MPSERVIC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-02 11:36:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-02 09:36

Před spuštěním: Volných bajtů: 11 823 710 208
Po spuštění: Volných bajtů: 11 815 649 280

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5DC2FD37472BA37D5E7684D7CDB819B3

log z hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:12, on 2.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\WINDOWS\system32\fxredir.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Zdeněk - Hlavatý\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1354073031
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9ddeee83ed39a) (gupdate1c9ddeee83ed39a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: SQL Server (ELISKACLIENT2008) (MSSQL$ELISKACLIENT2008) - Unknown owner - C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10366 bytes
jan.svoboda
Středně pokročilý
Středně pokročilý
Registrován: 25. pro 2009
Bydliště: Chrudim

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od jan.svoboda »

V pohodě. V HijackThis nic nebezpečného není vidět, jen bych odinstaloval DealioToolbar a Trojan Remover, je to Spyware, a ten antitrojan je k ničemu, je to spíše trojan, nežli antitrojan. Spyware Terminator je OK. Jak se PC chová? Jsou nějaké problémy? Pokud je, je to myslím vše.
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
zdhlavaty
Nováček
Nováček
Registrován: 25. bře 2010

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od zdhlavaty »

Odinstalováno.
Jinak PC vypada OK.Kdyby něco ozvu se.
Moc díky a přeji přijemné svátky.
Z.Hlavatý
jan.svoboda
Středně pokročilý
Středně pokročilý
Registrován: 25. pro 2009
Bydliště: Chrudim

Re: Prosím o kontrolu logu z ComboFix

Příspěvek od jan.svoboda »

OK, kdyžtak napiš. Taky děkuji, a samozřejmě též přeji příjemné prožití svátků.
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
Odpovědět

Zpět na „Viry, antiviry a bezpečnost“