Dobré ráno. Díky moc za pomoc!!!
ten soubor znám - je to aplikace s ranními zamyšleními, spouští se mi při startu počítače.
Ten log z ComboFix je tu, jdu na další část
ComboFix 10-03-03.04 - Lucky 04.03.2010 8:06.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1559 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucky\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lucky\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100303-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WFDB
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.
2010-03-03 21:53 . 2010-03-04 06:18 -------- d-----w- c:\program files\trend micro
2010-03-03 21:53 . 2010-03-03 21:53 -------- d-----w- C:\rsit
2010-03-03 13:38 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-03 13:38 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-03 13:36 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-03 13:36 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-03 13:34 . 2008-04-13 19:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-03-03 13:34 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-03-03 13:34 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 14:46 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 14:46 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-16 21:52 . 2010-02-16 21:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 09:12 . 2010-02-15 09:12 -------- d-----w- c:\program files\exe
2010-02-02 20:10 . 2007-08-03 16:30 540672 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-02-02 20:10 . 2007-07-11 09:06 13824 ----a-w- c:\windows\system32\drivers\modrc.sys
2010-02-02 20:04 . 2004-12-23 16:27 27392 ----a-w- c:\windows\system32\drivers\ULCDRHlp.sys
2010-02-02 19:58 . 2010-02-02 20:10 -------- d-----w- c:\windows\system32\WinFast
2010-02-02 18:19 . 2010-02-02 18:19 -------- d-----w- c:\program files\WinFast
2010-02-02 18:18 . 2010-02-02 18:18 -------- d-----w- c:\windows\system32\Munins
2010-02-02 18:17 . 2006-06-29 09:49 53248 ----a-w- c:\windows\system32\ModrcCoInstall.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 07:18 . 2008-12-11 17:02 -------- d-----w- c:\program files\Hesla JB
2010-03-03 21:43 . 2010-01-30 21:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-03 13:39 . 2009-07-29 07:47 -------- d-----w- c:\program files\Common Files\Motive
2010-03-01 21:42 . 2010-01-17 17:25 -------- d-----w- c:\program files\FlashGet
2010-02-17 15:30 . 2009-04-01 20:21 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 20:12 . 2001-10-25 14:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-02-02 20:12 . 2001-10-25 14:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-02-02 20:10 . 2008-12-08 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-30 20:43 . 2010-01-30 20:43 -------- d-----w- c:\program files\Alwil Software
2010-01-30 20:37 . 2008-12-11 17:04 -------- d-----w- c:\program files\ESET
2010-01-17 17:12 . 2010-01-17 17:12 -------- d-----w- c:\program files\CCleaner
2010-01-17 17:11 . 2010-01-13 19:52 -------- d-----w- c:\program files\GoFTP
2010-01-05 07:49 . 2008-12-11 17:49 -------- d-----w- c:\program files\ICQ6.5
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 10:25 . 2008-12-11 17:02 84711 ----a-w- c:\windows\system32\biblescr.dat
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-08 10:54 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Lucky\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-19 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-09-28 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Lucky\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hesla JB (jednou dennŘ).lnk - c:\program files\Hesla JB\Heslaw.exe [2008-12-11 820736]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-19 12:07 133104 ----atw- c:\documents and settings\Lucky\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.1.2010 21:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.1.2010 21:43 20560]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [12.12.2009 23:07 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12.12.2009 23:07 27632]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2.2.2010 19:19 9446]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.12.2008 17:03 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.cz.o2.com/welcome/cz/index.html
uDefault_Search_URL = hxxp://
www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lucky\Data aplikací\Mozilla\Firefox\Profiles\tkzmi9l3.default\
FF - prefs.js: browser.startup.homepage -
www.google.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-03-04 08:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'Explorer.EXE'(572)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-04 08:21:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-04 07:21
ComboFix2.txt 2010-03-03 22:22
ComboFix3.txt 2010-03-03 21:23
Před spuštěním: Volných bajtů: 19 919 319 040
Po spuštění: Volných bajtů: 19 874 426 880
- - End Of File - - 0096D65A14B678CC9366C88D3831AC6B
tento soubor znáte?
Přispějete na provoz fóra?