Ahoj, už tady asi týden bojuji se suspenzorem pc. Jsem už bezradný. Nakonec jsem podle návodu použil sdfix a hijackthis. Prosím, zkontrolujte mi to. Díky moc
SDFix: Version 1.150
Run by Halinka a Davidek on ne 02.03.2008 at 11:14
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\Installer\{a2a69528-082d-4737-9b05-640d7564de84}\AlrtBoot.dll - Deleted
C:\WINDOWS\Installer\{94d7dc10-f757-470a-be9b-515fb03a725b}\DriveService.dll - Deleted
C:\DOCUME~1\HALINK~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alofkmn.dll - Deleted
C:\WINDOWS\ekvgsnw.dll - Deleted
Folder C:\WINDOWS\Installer\{a2a69528-082d-4737-9b05-640d7564de84} - Removed
Folder C:\WINDOWS\Installer\{94d7dc10-f757-470a-be9b-515fb03a725b} - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 11:28:47
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd103fce]
"0012d2f89b73"=hex:de,87,d2,28,2c,73,9e,a8,36,3d,a9,aa,2d,15,6d,6f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd103fce]
"0012d2f89b73"=hex:de,87,d2,28,2c,73,9e,a8,36,3d,a9,aa,2d,15,6d,6f
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\Halinka a Davidek\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe"="C:\\Documents and Settings\\Halinka a Davidek\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe:*:Enabled:Remote Mobile Module"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"F:\\Utility\\strong dc++ R10\\StrongDC.exe"="F:\\Utility\\strong dc++ R10\\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 27 Jan 2008 72 ..SH. --- "C:\WINDOWS\S56DA7948.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Halinka a Davidek\Data aplikacˇ\U3\temp\Launchpad Removal.exe"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b3bc46dfaa1585506cd1fe692e19b69\download\BIT5F.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b19de24ba3a89dd56463e44dc05d8a07\download\BIT60.tmp"
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 11:40:05, on 2.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Documents and Settings\Halinka a Davidek\Plocha\My Mobile\MyMobiler\MyMobiler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DU Meter] C:\WINDOWS\system32\DUMeter.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1375886280
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1378155859
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: bw+0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {607F2A75-7849-4296-BD15-9CAE1906ACC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Moc prosím o kontrolu logu
-
edousek007
- nováček
- Příspěvky: 2
- Registrován: březen 08
- Pohlaví:
- Stav:
Offline
-
edousek007
- nováček
- Příspěvky: 2
- Registrován: březen 08
- Pohlaví:
- Stav:
Offline
při spuštění systému se mi objevovala červená plocha s logem biohazard nebo tak něco. Tato plocha byla aktivní, myslím, že gif. Když jsem klikl na plochu tak se to začalo připojovat na stránky suspenzoru. To už by snad mělo být o.k. Jen mě zajímalo, jestli je to teď čisté. Včera se mi to podařilo jednou odstranit pomocí programu spyware doctor, ale za pár hodin to bylo zpět. Nechápu, kde jsem k tomu přišel a já je možné, že žádný program to nezachytil. Ani spywarový ani antivirák. Můžete doporučit jak se preventivně a hlavně účinně bránit? Děkuji
No asi vás trochu překvapím, ale spoléháním se jen na bezpečnostní programy kolikrát nic neřeší. Je potřeba trochu přemýšlet, na co to vlatně na Internetu klikám, jaké stránky navštěvuji, co to stahuju. Také je dobré se bránit i za pomoci samotných Windows, používat neprivilegovaný účet a protože za nějakou dobu chystám aktualizovat svoje www, které jsou na bezpečnost zaměřené a něco o účtech tam je, tak vám sem zkopíruju již hotový text, nechce se mi to znova celé psát:
Neprivilegovaný uživatelský účet: Dost často je používání toho správného účtu opomíjeno a jsou doporučovány nejrůznější firewally, antiviry, které uživatel ani neumí nastavit. Nejčastěji jsou používány účty Správce pc a účet s omezeným oprávněním, avšak ten druhý dost málo, což je právě ta chyba. Úplně nejčastěji je tedy používán účet Správce pc, kde můžete vlastně všechno. Instalovat programy, měnit důležitá nastavení systému, měnit systémové soubory a spoustu dalších věcí. Jistě užitečné, ale z hlediska bezpečnosti naprosto nepřípustné, jde o to, že vlastně jakýkoli program vy spustíte pod účtem Správce pc, tak zdědí vaše postavení (práva) v systému a může dělat, co se mu zlíbí. Měnit důležitá nastavení v systému, mazat v registru, instalovat programy, pokud je k tomu samozřejmě naprogramován. Říkáte si, vždyť já vím, že tenhle program mi nic neudělá, je na to a to. Ale co když to bude nějaký vir, který je k záškodnické činnosti naprogramován a vy ho považujete za legální program? Pak vám bude měnit systémové soubory, měnit nastavení, instalovat další viry?! A už jsme u toho. Právě tohle je nutné omezit a právě tohle žádným firewallem, antivirem, antispywarem neomezíte. Je teda nutné omezit toto riziko pomocí samotných Windows, pomocí neprivilegovaného účtu. Tz. založíme nebo z již vytvořeného uživatelského účtu vytvoříme účet s omezeným oprávněním = neprivilegovaný účet:
Neprivilegovaný uživatelský účet: Dost často je používání toho správného účtu opomíjeno a jsou doporučovány nejrůznější firewally, antiviry, které uživatel ani neumí nastavit. Nejčastěji jsou používány účty Správce pc a účet s omezeným oprávněním, avšak ten druhý dost málo, což je právě ta chyba. Úplně nejčastěji je tedy používán účet Správce pc, kde můžete vlastně všechno. Instalovat programy, měnit důležitá nastavení systému, měnit systémové soubory a spoustu dalších věcí. Jistě užitečné, ale z hlediska bezpečnosti naprosto nepřípustné, jde o to, že vlastně jakýkoli program vy spustíte pod účtem Správce pc, tak zdědí vaše postavení (práva) v systému a může dělat, co se mu zlíbí. Měnit důležitá nastavení v systému, mazat v registru, instalovat programy, pokud je k tomu samozřejmě naprogramován. Říkáte si, vždyť já vím, že tenhle program mi nic neudělá, je na to a to. Ale co když to bude nějaký vir, který je k záškodnické činnosti naprogramován a vy ho považujete za legální program? Pak vám bude měnit systémové soubory, měnit nastavení, instalovat další viry?! A už jsme u toho. Právě tohle je nutné omezit a právě tohle žádným firewallem, antivirem, antispywarem neomezíte. Je teda nutné omezit toto riziko pomocí samotných Windows, pomocí neprivilegovaného účtu. Tz. založíme nebo z již vytvořeného uživatelského účtu vytvoříme účet s omezeným oprávněním = neprivilegovaný účet:
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 115 hostů