tak posílám log z combofixu což byl poslední krok, který jsme řešili v minulém tématu, díky:-)ComboFix 10-10-16.03 - Gregora 17.10.2010 22:42:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1014 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gregora\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gregora\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Totem Shared
c:\program files\Common Files\Totem Shared\Uninstall0001\Network.dll
c:\program files\Common Files\Totem Shared\Uninstall0001\profile\data.ndq
c:\program files\Common Files\Totem Shared\Uninstall0001\profile\profile.lsf
c:\program files\Common Files\Totem Shared\Uninstall0001\Stats.dll
c:\program files\Common Files\Totem Shared\Uninstall0001\System.dll
c:\program files\Common Files\Totem Shared\Uninstall0001\Upd.exe
c:\program files\Common Files\Totem Shared\Uninstall0001\Update.dll
c:\program files\Common Files\Totem Shared\Uninstall0001\Windows.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-17 do 2010-10-17 )))))))))))))))))))))))))))))))
.
2010-10-13 14:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 14:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 21:26 . 2010-10-12 21:26 -------- d-----w- c:\program files\Xilisoft
2010-09-21 15:16 . 2010-09-21 15:16 -------- d-----w- C:\_OTM
2010-09-20 20:58 . 2010-09-22 21:26 -------- d-----w- c:\program files\trend micro
2010-09-20 20:58 . 2010-09-20 20:59 -------- d-----w- C:\rsit
2010-09-20 20:25 . 2010-09-20 20:25 -------- d-----w- c:\documents and settings\Gregora\Data aplikací\Malwarebytes
2010-09-20 20:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 20:25 . 2010-09-20 20:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-09-20 20:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 20:25 . 2010-09-20 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 19:34 . 2010-09-20 20:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2010-09-18 10:23 . 2010-09-18 10:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-04-06 32768]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 08:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-29 149280]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Gregora\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-4-6 450560]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16.4.2009 16:31 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.8.2010 18:46 165456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 18:38 375296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.8.2010 18:46 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5.11.2009 9:44 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 0:25 11520]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16.4.2009 16:31 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2008 18:58 717296]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} - hxxp://xtraz.icq.com/xtraz/products/photo/english/ICQDevilImg.cab
FF - ProfilePath - c:\documents and settings\Gregora\Data aplikací\Mozilla\Firefox\Profiles\00qn9t9j.default\
FF - prefs.js: browser.startup.homepage - isohunt.com
FF - prefs.js: network.proxy.type - 2
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(7304)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\Gregora\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-17 23:01:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-17 21:01
ComboFix2.txt 2010-10-17 15:34
Před spuštěním: Volných bajtů: 10 165 858 304
Po spuštění: Volných bajtů: 10 113 515 520
- - End Of File - - 400EC2AF614B092C2AFCA8C65B8CF4BE
Přispějete na provoz fóra?