Registrace  •  FAQ  •  Pravidla fóra  •  Uživatelské blogy  •  PCTuning.cz  •  Hledat  • Přihlášení
 • Funkce report, slouží pro upozornění na porušení pravidel, ne vzkazy moderátorům.

Právě je po 2. srpen 2021, 22:58

Zobrazit příspěvky bez odpovědiZobrazit aktivní témata



Čas je uváděn v UTC + 1 hodina


Odpovědět na téma  [ 8 příspěvků ] 
Autor Zpráva
 Předmět: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: po 29. březen 2010, 17:23 
Nováček
Nováček

Založen: 25. březen 2010
Nahoru
Dobry den,posím o kontrolu logu z ComboFix.
Dostala se mi do počítače nějaká havěť.
Děkuji.
Z.Hlavatý
ComboFix 10-03-28.03 - Zdeněk - Hlavatý 2010-03-29 19:02:47.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1022.693 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk - Hlavatý\Plocha\dddd.exe
AV: avast! antivirus 4.8.1368 [VPS 100329-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 16:03 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-29 16:03 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-29 15:48 . 2010-03-29 15:48 -------- d-----w- C:\dddd
2010-03-29 15:48 . 2010-03-29 15:47 390144 ----a-w- c:\windows\system32\CF30186.exe
2010-03-29 15:46 . 2010-03-29 15:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 15:28 . 2010-03-29 15:28 390144 ----a-w- c:\windows\system32\CF26463.exe
2010-03-29 14:32 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-03-29 14:32 . 2010-03-13 03:53 358944 ----a-w- c:\windows\vncutil.exe
2010-03-29 14:32 . 2010-03-13 03:53 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-29 14:31 . 2010-03-13 03:53 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-29 14:31 . 2010-03-13 03:53 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-29 14:31 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-03-29 14:20 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-29 13:07 . 2010-03-29 13:07 -------- d-----w- c:\program files\Driver Genius
2010-03-28 22:58 . 2009-10-20 15:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-03-26 07:09 . 2010-01-05 08:58 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-26 07:09 . 2010-01-05 08:58 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-26 07:08 . 2009-06-29 07:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-03-26 07:08 . 2010-01-05 08:58 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-26 07:08 . 2010-01-05 08:57 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-03-26 07:08 . 2010-01-05 08:57 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-03-26 07:08 . 2009-12-31 14:33 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-26 07:08 . 2010-01-05 08:58 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-25 18:20 . 2008-06-14 16:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-25 18:17 . 2009-06-10 07:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-03-25 18:17 . 2009-12-09 09:11 2191360 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-25 18:17 . 2009-12-09 09:11 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-25 18:16 . 2009-12-09 09:11 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-25 18:16 . 2009-12-09 09:11 2068224 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-25 18:16 . 2009-12-04 17:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-25 15:53 . 2010-03-25 15:53 390144 ----a-w- c:\windows\system32\CF28554.exe
2010-03-25 15:09 . 2008-04-14 11:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-25 15:09 . 2008-04-14 11:00 31360 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-03-25 15:09 . 2008-04-14 11:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2010-03-25 15:09 . 2008-04-14 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-03-25 15:09 . 2008-04-14 11:00 455168 ----a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-03-25 15:09 . 2008-04-14 11:00 44032 ----a-w- c:\windows\system32\dllcache\tintlphr.exe
2010-03-25 15:09 . 2008-04-14 11:00 10240 ----a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-03-25 15:09 . 2008-04-14 11:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-03-25 15:09 . 2008-04-14 11:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2010-03-25 15:09 . 2008-04-14 11:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2010-03-25 15:09 . 2008-04-14 11:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-03-25 15:07 . 2008-04-14 11:00 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-03-25 15:06 . 2003-04-14 18:48 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-03-25 15:04 . 2008-04-14 11:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-25 15:03 . 2008-04-14 11:00 32768 ----a-w- c:\windows\system32\dllcache\icwdl.dll
2010-03-25 15:03 . 2008-04-14 11:00 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-03-25 15:03 . 2008-04-14 11:00 215552 ----a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-03-25 15:03 . 2008-04-14 11:00 20480 ----a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-03-25 14:59 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-03-25 14:59 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-03-25 14:59 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-03-25 14:59 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-03-25 14:51 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-03-25 14:50 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-25 14:50 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-25 14:50 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-25 14:50 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-25 07:19 . 2010-03-25 07:19 -------- d-----w- c:\program files\Spyware Terminator
2010-03-25 06:25 . 2007-01-18 11:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-24 20:57 . 2010-03-24 20:57 -------- d-----w- c:\program files\AVG
2010-03-24 18:57 . 2010-03-24 18:57 -------- d-----w- C:\FOUND.002
2010-03-24 11:10 . 2010-03-24 11:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-23 17:43 . 2010-03-23 17:43 -------- d-----w- c:\documents and settings\Zdeněk Hlavatý
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-03-23 17:35 . 2010-03-23 17:35 -------- d-sh--w- c:\documents and settings\All Users.WINDOWSA\DRM
2010-03-23 17:20 . 2010-03-23 17:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWSA
2010-03-23 17:20 . 2010-03-23 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWSA
2010-03-23 17:14 . 2010-03-23 17:14 -------- d-----w- C:\WINDOWSA
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\windows\Performance
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-12 16:44 . 2008-11-11 14:55 -------- d-----w- C:\FAMILY_10883
2010-03-12 16:43 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10882
2010-03-12 16:41 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10881
2010-03-12 15:38 . 2010-03-12 15:38 -------- d-----w- C:\OziExplorer
2010-03-11 11:16 . 2010-03-11 11:16 -------- d-----w- c:\program files\Enigma Codebook Tool
2010-03-11 11:15 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-03-10 19:22 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 17:06 . 2003-04-19 02:17 528328 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 17:06 . 2003-04-19 02:17 118794 ----a-w- c:\windows\system32\perfc005.dat
2010-03-25 15:02 . 2003-04-19 01:11 23588 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 03:53 . 2005-11-01 22:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-13 03:53 . 2005-10-20 20:49 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-13 03:53 . 2005-11-16 18:27 19521056 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-13 03:53 . 2005-09-20 17:24 84512 ----a-w- c:\windows\SoundMan.exe
2010-03-13 03:53 . 2005-10-10 20:33 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-13 03:53 . 2005-09-06 17:40 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-13 03:53 . 2005-05-03 01:43 64032 ----a-w- c:\windows\Alcmtr.exe
2010-03-13 03:41 . 2005-11-16 22:45 5867040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-26 09:20 . 2005-04-16 05:20 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-24 08:16 . 2009-10-02 23:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:34 . 2008-10-16 17:58 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-18 10:24 . 2010-02-18 10:24 -------- d-----w- c:\program files\Web TV Pro
2010-01-15 09:44 . 2010-01-15 09:44 1015144 ----a-w- C:\MapInstallELL.dll
2010-01-15 09:44 . 2010-01-15 09:44 1012584 ----a-w- C:\MapInstallDEU.dll
2010-01-15 09:44 . 2010-01-15 09:44 992104 ----a-w- C:\MapInstallDAN.dll
2010-01-15 09:44 . 2010-01-15 09:44 996200 ----a-w- C:\MapInstallCSY.dll
2010-01-15 09:44 . 2010-01-15 09:44 919400 ----a-w- C:\MapInstallCHT.dll
2010-01-15 09:44 . 2010-01-15 09:44 917864 ----a-w- C:\MapInstallCHS.dll
2010-01-15 09:44 . 2010-01-15 09:44 8140136 ----a-w- C:\MapInstall.exe
2010-01-15 09:09 . 2010-01-15 09:09 953704 ----a-w- C:\MapSourcePLK.dll
2010-01-15 09:08 . 2010-01-15 09:08 941416 ----a-w- C:\MapSourceTRK.dll
2010-01-15 09:06 . 2010-01-15 09:06 960872 ----a-w- C:\MapSourceESN.dll
2010-01-15 09:06 . 2010-01-15 09:06 971112 ----a-w- C:\MapSourceELL.dll
2010-01-15 09:06 . 2010-01-15 09:06 967528 ----a-w- C:\MapSourceDEU.dll
2010-01-15 09:06 . 2010-01-15 09:06 941416 ----a-w- C:\MapSourceDAN.dll
2010-01-15 09:06 . 2010-01-15 09:06 947048 ----a-w- C:\MapSourceCSY.dll
2010-01-15 09:06 . 2010-01-15 09:06 853352 ----a-w- C:\MapSourceCHT.dll
2010-01-15 09:06 . 2010-01-15 09:06 852328 ----a-w- C:\MapSourceCHS.dll
2010-01-15 09:06 . 2010-01-15 09:06 11921768 ----a-w- C:\MapSource.exe
2010-01-13 16:24 . 2008-06-26 04:15 6598656 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-01-12 06:34 . 2009-08-17 11:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-05 08:58 . 2008-04-14 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 08:57 . 2008-04-14 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 15:50 . 2008-04-14 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.
Kód:
<pre>
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Intel\Wireless\Bin\eouwiz .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\Acer\OrbiCam\installhelper .exe
c:\program files\Acer\OrbiCam\cameraassistant .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Launch Manager\qtzgacer .exe
c:\program files\Spyware Terminator\spywareterminatorshield .exe
c:\program files\Spyware Terminator\spywareterminatorupdate .exe
c:\program files\IObit\Advanced WindowsCare V2\memcleaner       .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft ActiveSync\wcescomm         .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\firststart .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\mmonitor      .exe
c:\program files\MSI\Digi Vox AD\DTVR\scheduled .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\Canon\MultiPASS4\mptbox .exe
c:\program files\Canon\MultiPASS4\monitr32 .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>


((((((((((((((((((((((((((((( SnapShot@2010-03-29_16.06.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-19 02:17 . 2010-03-29 17:06 531230 c:\windows\system32\perfh009.dat
+ 2003-04-19 02:17 . 2010-03-29 17:06 106984 c:\windows\system32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-13 19521056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-14 11:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Garmin\\UMP-pcPL\\rsync.exe"=
"c:\\Program Files\\MSI\\Digi Vox AD\\DTVR\\DTVR.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Wisco\\SynchPst\\SynchPst.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spyware Terminator\\spywareterminatorupdate .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-27 20560]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-17 691696]
S1 kcpkobnn;kcpkobnn;\??\c:\windows\system32\drivers\kcpkobnn.sys --> c:\windows\system32\drivers\kcpkobnn.sys [?]
S2 gupdate1c9ddeee83ed39a;Služba Google Update (gupdate1c9ddeee83ed39a);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
S2 MSSQL$ELISKACLIENT2008;SQL Server (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe" -sELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-03-29 1691480]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2005-11-30 1088896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$ELISKACLIENT2008;SQL Server Agent (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE" -i ELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-03-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-24 12:11]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659754447-3941593778-4232737989-1006Core1cacb49162d37d6.job
- c:\documents and settings\Zden [2009-05-13 13:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://web.volny.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - component: c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\ZDENIK~1\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-29 19:10:19
ComboFix-quarantined-files.txt 2010-03-29 17:10
ComboFix2.txt 2010-03-29 16:12

Před spuštěním: Volných bajtů: 11,944,919,040
Po spuštění: Volných bajtů: 11,903,107,072

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B936116C3082BC815CC4D5071594745E


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: čt 1. duben 2010, 15:38 
Středně pokročilý
Středně pokročilý

Založen: 25. prosinec 2009
Bydliště: Chrudim
Nahoru
Ahoj, něco málo tam vidět je, dej sem ještě prosím log z MBAMu a uvidíme.

Citace:
Stáhněte Malwarebytes' Anti-Malware - http://viry.cz/forum/viewtopic.php?f=29&t=67229
Dejte úplný sken C systém
Log sem, nic nemazat až po posouzení logu :!: :!:

_________________
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 09:02 
Nováček
Nováček

Založen: 25. březen 2010
Nahoru
Ahoj,nějak jsem si to neuvědomil a dal rychlý sken a poskenovaní infikované soubory smazal.
Posílám log(1) rychlého skenu před smazanim a log (2) uplného skenu po smazání.

log 1
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.4.2010 8:55:25
mbam-log-2010-04-02 (08-55-25).txt

Typ skenu: Rychlý sken
Skenované objekty: 138742
Uplynulý čas: 6 minuta(y), 40 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 2
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7a4dfc1-32c7-4a3c-bfac-21b526a00347} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7a4dfc1-32c7-4a3c-bfac-21b526a00347} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\48549939 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

Infikované soubory:
C:\WINDOWS\system32\SystemX86\EF.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) ->
Quarantined and deleted successfully.
C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

log 2
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.4.2010 9:49:35
mbam-log-2010-04-02 (09-49-35).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 247320
Uplynulý čas: 47 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 10:09 
Středně pokročilý
Středně pokročilý

Založen: 25. prosinec 2009
Bydliště: Chrudim
Nahoru
Kéž by někdo četl všechno, co píšu...
Citace:
Log sem, nic nemazat až po posouzení logu :!: :!:

No nic, naštěstí MBAM neměl žádný planý poplach, takže smazání bylo v pořádku, ale v případě, že by označil jako infikovaný nějaký důležitý soubor (ač je to vynikající skener, taky není neomylný), máme problém navíc, případně reinstal PC.

OK, tak po promazání MBAMem sem dej ještě aktuální log z ComboFixu, pokud tam něco zbylo, domažeme to.

Citace:
Stahni si ComboFix
( http://download.bleepingcomputer.com/sUBs/ComboFix.exe , http://www.forospyware.com/sUBs/ComboFix.exe ) na plochu,

beta: http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

- ukoncete vsechna aktivni okna a spuste ho pod uctem administratora.
- potvrdte licencni podminky - klik na "Ano", pripadne dalsi vyzvy programu.
- zapiste si informace proc se ukoncil nebo co mu brani v provozu (sdelte radci)
- nechte stahnout i nainstalovat recovery konzolu (velmi doporucuji)
- behem skenu neklikejte do zobrazeneho okna, je mozne ze CF restartuje PC.
- sken by mel trvat max. 20 minut. Pokud ani do uvedene doby nedojde k jeho ukonceni, ukoncite ho, kdy uvedeny problem nahlaste radci.
- po ukonceni se otevre log (textovy soubor) - pokud se tak nestane lze log najit C:\ComboFix.txt - cely obsah logu zkopirujte do sveho prispevku

BTW: Ani ComboFix bych nedoporučoval používat bez doporučení, neodbornou manipulací se s ním dá napáchat taky hodně škod...

No a neškodil by ani log z HijackThis, pro jistotu. Stáhni jej třeba odtud http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe a spusť, klikni na Do a system scan and save a log, po chvíli se zobrazí log v Poznámkovém dokumentu, jeho obsah sem vlož.

_________________
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 10:43 
Nováček
Nováček

Založen: 25. březen 2010
Nahoru
S tím mazáním jsem se uklep

log z ComboFix

ComboFix 10-04-01.02 - Zdeněk - Hlavatý 02.04.2010 11:22:37.7.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.410 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk - Hlavatý\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ZdenŘk - Hlavatě\Dokumenty\cc_20100329_191641.reg 29.3..reg
c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-02 do 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 06:45 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 06:45 . 2010-04-02 06:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 06:45 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 11:12 . 2010-03-31 11:12 -------- d-----w- C:\dddd13809d
2010-03-31 06:51 . 2009-10-20 15:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-03-31 06:31 . 2010-03-31 06:31 -------- d-----w- C:\dddd24288d
2010-03-31 06:22 . 2010-03-31 06:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-03-30 17:49 . 2010-03-30 17:49 -------- d-----w- C:\dddd10155d
2010-03-30 16:43 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-30 16:43 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-30 16:43 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-30 16:43 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-30 16:43 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-30 16:43 . 2010-03-30 16:43 -------- d-----w- c:\program files\Trojan Remover
2010-03-30 08:09 . 2005-11-29 12:14 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-03-30 08:00 . 2010-03-30 08:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-30 07:57 . 2010-03-30 07:57 -------- d-----w- c:\windows\tiinst
2010-03-30 07:52 . 2001-12-12 10:08 65536 ----a-w- c:\windows\system32\FxRedir.exe
2010-03-30 07:16 . 2010-02-25 06:18 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-30 07:16 . 2010-02-25 06:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-30 07:16 . 2010-02-25 06:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-30 07:16 . 2010-02-25 06:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-30 07:16 . 2010-02-25 06:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-30 07:16 . 2010-02-25 09:48 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-30 07:10 . 2008-06-14 16:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-30 07:08 . 2009-06-10 07:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-03-30 07:08 . 2009-12-09 09:11 2191360 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-30 07:08 . 2009-12-09 09:11 2068224 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-30 07:08 . 2009-12-09 09:11 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-30 07:08 . 2009-12-09 09:11 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-30 07:08 . 2009-12-04 17:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-30 07:08 . 2009-11-27 16:14 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-03-30 07:07 . 2009-11-27 15:09 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-30 07:07 . 2009-11-27 15:09 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-30 06:59 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-03-30 06:58 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-03-30 04:38 . 2010-03-30 04:38 -------- d-----w- C:\FOUND.003
2010-03-30 02:12 . 2008-04-14 12:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-03-30 02:07 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-03-30 02:07 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-03-30 02:07 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-03-30 02:07 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-03-29 22:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-03-29 22:42 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-29 22:42 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-29 22:42 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-29 22:42 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-29 18:47 . 2010-03-29 18:47 -------- d-----w- c:\program files\Uniblue
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\windows\ie8updates
2010-03-29 18:39 . 2010-03-29 18:39 -------- d-----w- c:\program files\PCPitstop
2010-03-29 18:35 . 2010-03-29 18:35 -------- d--h--w- c:\windows\ie8
2010-03-29 17:32 . 2010-03-29 17:32 -------- d-----w- c:\program files\Alwil Software
2010-03-29 17:02 . 2010-03-29 17:02 -------- d-----w- C:\dddd22288d
2010-03-29 15:48 . 2010-03-29 15:48 -------- d-----w- C:\dddd
2010-03-29 15:46 . 2010-03-29 15:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 14:32 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-03-29 14:32 . 2010-03-13 03:53 358944 ----a-w- c:\windows\vncutil.exe
2010-03-29 14:32 . 2010-03-13 03:53 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-29 14:31 . 2010-03-13 03:53 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-29 14:31 . 2010-03-13 03:53 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-29 14:31 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-03-29 14:20 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-03-29 13:07 . 2010-03-29 13:07 -------- d-----w- c:\program files\Driver Genius
2010-03-25 15:04 . 2008-04-14 12:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-25 15:03 . 2008-04-14 12:00 32768 ----a-w- c:\windows\system32\dllcache\icwdl.dll
2010-03-25 15:03 . 2008-04-14 12:00 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-03-25 15:03 . 2008-04-14 12:00 215552 ----a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-03-25 15:03 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-03-25 07:19 . 2010-03-25 07:19 -------- d-----w- c:\program files\Spyware Terminator
2010-03-25 06:25 . 2007-01-18 11:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-24 20:57 . 2010-03-24 20:57 -------- d-----w- c:\program files\AVG
2010-03-24 18:57 . 2010-03-24 18:57 -------- d-----w- C:\FOUND.002
2010-03-24 11:10 . 2010-03-24 11:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-23 17:43 . 2010-03-23 17:43 -------- d-----w- c:\documents and settings\Zdeněk Hlavatý
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2010-03-23 17:41 . 2010-03-23 17:41 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-03-23 17:35 . 2010-03-23 17:35 -------- d-sh--w- c:\documents and settings\All Users.WINDOWSA\DRM
2010-03-23 17:20 . 2010-03-23 17:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWSA
2010-03-23 17:20 . 2010-03-23 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWSA
2010-03-23 17:14 . 2010-03-23 17:14 -------- d-----w- C:\WINDOWSA
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\windows\Performance
2010-03-15 10:08 . 2010-03-15 10:08 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-12 16:44 . 2008-11-11 14:55 -------- d-----w- C:\FAMILY_10883
2010-03-12 16:43 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10882
2010-03-12 16:41 . 2008-11-11 14:47 -------- d-----w- C:\FAMILY_10881
2010-03-12 15:38 . 2010-03-12 15:38 -------- d-----w- C:\OziExplorer
2010-03-11 11:16 . 2010-03-11 11:16 -------- d-----w- c:\program files\Enigma Codebook Tool
2010-03-11 11:15 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-03-10 19:22 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 17:53 . 2003-04-19 02:17 528328 ----a-w- c:\windows\system32\perfh005.dat
2010-03-30 17:53 . 2003-04-19 02:17 118794 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 02:09 . 2003-04-19 01:11 23588 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 10:24 . 2008-06-27 09:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 10:24 . 2008-06-27 09:43 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 10:12 . 2008-06-27 09:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 10:12 . 2008-06-27 09:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 10:09 . 2008-06-27 09:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 10:08 . 2008-06-27 09:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 10:08 . 2008-06-27 09:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 10:08 . 2008-06-27 09:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 10:08 . 2008-06-27 09:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-26 09:20 . 2005-04-16 05:20 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-25 06:18 . 2008-04-14 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 08:16 . 2009-10-02 23:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:34 . 2008-10-16 17:58 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-18 10:24 . 2010-02-18 10:24 -------- d-----w- c:\program files\Web TV Pro
2010-01-15 09:44 . 2010-01-15 09:44 1015144 ----a-w- C:\MapInstallELL.dll
2010-01-15 09:44 . 2010-01-15 09:44 1012584 ----a-w- C:\MapInstallDEU.dll
2010-01-15 09:44 . 2010-01-15 09:44 992104 ----a-w- C:\MapInstallDAN.dll
2010-01-15 09:44 . 2010-01-15 09:44 996200 ----a-w- C:\MapInstallCSY.dll
2010-01-15 09:44 . 2010-01-15 09:44 919400 ----a-w- C:\MapInstallCHT.dll
2010-01-15 09:44 . 2010-01-15 09:44 917864 ----a-w- C:\MapInstallCHS.dll
2010-01-15 09:44 . 2010-01-15 09:44 8140136 ----a-w- C:\MapInstall.exe
2010-01-15 09:09 . 2010-01-15 09:09 953704 ----a-w- C:\MapSourcePLK.dll
2010-01-15 09:08 . 2010-01-15 09:08 941416 ----a-w- C:\MapSourceTRK.dll
2010-01-15 09:06 . 2010-01-15 09:06 960872 ----a-w- C:\MapSourceESN.dll
2010-01-15 09:06 . 2010-01-15 09:06 971112 ----a-w- C:\MapSourceELL.dll
2010-01-15 09:06 . 2010-01-15 09:06 967528 ----a-w- C:\MapSourceDEU.dll
2010-01-15 09:06 . 2010-01-15 09:06 941416 ----a-w- C:\MapSourceDAN.dll
2010-01-15 09:06 . 2010-01-15 09:06 947048 ----a-w- C:\MapSourceCSY.dll
2010-01-15 09:06 . 2010-01-15 09:06 853352 ----a-w- C:\MapSourceCHT.dll
2010-01-15 09:06 . 2010-01-15 09:06 852328 ----a-w- C:\MapSourceCHS.dll
2010-01-15 09:06 . 2010-01-15 09:06 11921768 ----a-w- C:\MapSource.exe
2010-01-13 16:24 . 2008-06-26 04:15 6598656 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-01-12 06:34 . 2009-08-17 11:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
Kód:
<pre>
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Intel\Wireless\Bin\eouwiz .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\Acer\OrbiCam\installhelper .exe
c:\program files\Acer\OrbiCam\cameraassistant .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Launch Manager\qtzgacer .exe
c:\program files\Spyware Terminator\spywareterminatorshield .exe
c:\program files\Spyware Terminator\spywareterminatorupdate .exe
c:\program files\IObit\Advanced WindowsCare V2\memcleaner       .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft ActiveSync\wcescomm         .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\firststart .exe
c:\program files\OLYMPUS\OLYMPUS Master 2\mmonitor      .exe
c:\program files\MSI\Digi Vox AD\DTVR\scheduled .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\Canon\MultiPASS4\mptbox .exe
c:\program files\Canon\MultiPASS4\monitr32 .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 151552]
"monitr32"="c:\program files\Canon\MultiPASS4\monitr32.exe" [2002-11-05 315392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"fxredir"="c:\windows\system32\fxredir.exe" [2001-12-12 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-14 11:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Garmin\\UMP-pcPL\\rsync.exe"=
"c:\\Program Files\\MSI\\Digi Vox AD\\DTVR\\DTVR.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Wisco\\SynchPst\\SynchPst.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spyware Terminator\\spywareterminatorupdate .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.6.2008 11:44 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.11.2008 15:11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.11.2008 15:11 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.6.2008 11:44 19024]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 8:13 34064]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 5:28 1088896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.8.2009 13:55 691696]
S1 kcpkobnn;kcpkobnn;\??\c:\windows\system32\drivers\kcpkobnn.sys --> c:\windows\system32\drivers\kcpkobnn.sys [?]
S2 gupdate1c9ddeee83ed39a;Služba Google Update (gupdate1c9ddeee83ed39a);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 12:44 133104]
S2 MSSQL$ELISKACLIENT2008;SQL Server (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe" -sELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.3.2010 16:32 1691480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.11.2008 15:11 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$ELISKACLIENT2008;SQL Server Agent (ELISKACLIENT2008);"c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE" -i ELISKACLIENT2008 --> c:\program files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\SQLAGENT.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - UBHELPER
.
Obsah adresáře 'Naplánované úlohy'

2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 10:44]

2010-04-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-24 12:11]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659754447-3941593778-4232737989-1006Core1cacb49162d37d6.job
- c:\documents and settings\Zden [2009-05-13 13:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://web.volny.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - component: c:\documents and settings\Zdeněk - Hlavatý\Data aplikací\Mozilla\Firefox\Profiles\mdwq8nok.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{90A23DD7-4841-4F02-A83D-DAAFF4E8E365} - (no file)
Notify-95416dc623 - (no file)
Notify-geBqNhFY - (no file)
AddRemove-HijackThis - c:\documents and settings\Zdeněk - Hlavatý\Plocha\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 11:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\docume~1\ZDENIK~1\LOCALS~1\Temp\cdfss"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Canon\MultiPASS4\MPSERVIC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-02 11:36:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-02 09:36

Před spuštěním: Volných bajtů: 11 823 710 208
Po spuštění: Volných bajtů: 11 815 649 280

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5DC2FD37472BA37D5E7684D7CDB819B3

log z hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:12, on 2.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\WINDOWS\system32\fxredir.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Zdeněk - Hlavatý\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Zdeněk - Hlavatý\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211354073031
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9ddeee83ed39a) (gupdate1c9ddeee83ed39a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: SQL Server (ELISKACLIENT2008) (MSSQL$ELISKACLIENT2008) - Unknown owner - C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10366 bytes


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 11:23 
Středně pokročilý
Středně pokročilý

Založen: 25. prosinec 2009
Bydliště: Chrudim
Nahoru
V pohodě. V HijackThis nic nebezpečného není vidět, jen bych odinstaloval DealioToolbar a Trojan Remover, je to Spyware, a ten antitrojan je k ničemu, je to spíše trojan, nežli antitrojan. Spyware Terminator je OK. Jak se PC chová? Jsou nějaké problémy? Pokud je, je to myslím vše.

_________________
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 11:37 
Nováček
Nováček

Založen: 25. březen 2010
Nahoru
Odinstalováno.
Jinak PC vypada OK.Kdyby něco ozvu se.
Moc díky a přeji přijemné svátky.
Z.Hlavatý


 Profil  
 Předmět: Re: Prosím o kontrolu logu z ComboFix
PříspěvekZaslal v: pá 2. duben 2010, 12:13 
Středně pokročilý
Středně pokročilý

Založen: 25. prosinec 2009
Bydliště: Chrudim
Nahoru
OK, kdyžtak napiš. Taky děkuji, a samozřejmě též přeji příjemné prožití svátků.

_________________
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.


 Profil  
Zobrazit příspěvky za poslední:  Řadit podle  
Odpovědět na téma  [ 8 příspěvků ] 


Čas je uváděn v UTC + 1 hodina


Přejít do sekce:
  

Kdo je přihlášený

Uživatelé procházející si tuto sekci: Žádní registrovaní uživatelé a 0 anonymních


Nemůžete zakládat nová témata v této sekci
Nemůžete odpovídat na příspěvky v této sekci
Nemůžete upravovat své příspěvky v této sekci
Nemůžete mazat své příspěvky v této sekci
Nemůžete připojit přílohy v této sekci

 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Český překlad - PCT fórum, Zásady ochrany osobních údajů.