Dobrý den díky za radu
tady je to report
) včera sem dal do karanteny nějaky malwary pomocí programu ADAWARE
)
ComboFix 10-10-02.02 - Robert 03.10.2010 12:53:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2204 [GMT 2:00]
Spuštěný z: c:\documents and settings\Robert\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101002-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
C:\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.
2010-10-03 10:41 . 2010-10-03 10:41 390144 ----a-w- c:\windows\system32\CF27814.exe
2010-09-16 16:26 . 2010-09-16 16:26 -------- d-----w- c:\program files\Common Files\Skype
2010-09-16 16:26 . 2010-09-16 16:26 -------- d-----r- c:\program files\Skype
2010-09-10 16:38 . 2010-09-10 16:38 503808 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\msvcp71.dll
2010-09-10 16:38 . 2010-09-10 16:38 499712 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\jmc.dll
2010-09-10 16:38 . 2010-09-10 16:38 348160 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\msvcr71.dll
2010-09-10 16:38 . 2010-09-10 16:38 61440 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2c67ea-n\decora-sse.dll
2010-09-10 16:38 . 2010-09-10 16:38 12800 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2c67ea-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:02 . 2009-11-09 11:37 -------- d-----w- c:\program files\Spyware Terminator
2010-10-02 08:36 . 2008-04-14 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-10-02 08:36 . 2008-04-14 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-09-30 17:23 . 2009-01-30 18:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-30 13:31 . 2010-08-01 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 05:08 . 2009-02-04 15:20 -------- d-----w- c:\program files\Google
2010-09-23 18:42 . 2009-12-23 18:54 -------- d-----w- c:\program files\World of Warcraft
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-06 12:18 . 2009-02-14 16:17 -------- d-----w- c:\program files\Microsoft Games
2010-08-05 18:56 . 2008-12-25 14:08 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-05 18:56 . 2008-12-25 14:08 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-31 10:24 . 2010-07-31 10:24 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-07-31 10:23 . 2010-07-31 10:23 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-07-31 10:23 . 2010-07-31 10:23 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-07-31 10:23 . 2010-07-31 10:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-07-22 15:46 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-07-31 10:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-09 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-09 2172416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"StudentDOG"=c:\program files\Student DOG\StudentDOG.exe -h
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe"
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TrackMania Sunrise2\\TmSunrise.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Robert\\Plocha\\Parbisss\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8170:TCP"= 8170:TCP:BitComet 8170 TCP
"8170:UDP"= 8170:UDP:BitComet 8170 UDP
"21741:TCP"= 21741:TCP:BitComet 21741 TCP
"21741:UDP"= 21741:UDP:BitComet 21741 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.10.2009 16:05 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 20:18 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.11.2009 13:37 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 20:18 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.3.2009 15:54 165160]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 20:06 222968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 8:22 70912]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31.7.2010 12:24 27632]
R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [27.11.2006 11:53 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [5.10.2006 3:54 8064]
S2 gupdate1c986dda26e7694;Google Update Service (gupdate1c986dda26e7694);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 17:31 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.7.2010 12:23 13224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.12.2008 21:34 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:08]
2010-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 13:03]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 15:31]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 15:31]
2010-10-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
2010-10-03 c:\windows\Tasks\User_Feed_Synchronization-{93652C6F-65F2-484E-892B-398593C7E881}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FD523AF4-F5A5-4D9E-A39A-48E36562B432} = 182.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Robert\Data aplikací\Mozilla\Firefox\Profiles\3vyfuzax.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=83677BFC-4209-416F-BA22-5DF08489ECA2&apn_ptnrs=FV&apn_sauid=E3D1BAF0-7719-46E5-9554-7348DB2330A7&apn_dtid=&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-10-03 12:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:65,ce,d0,96,0b,12,ae,ad,48,e6,de,7d,6e,b1,9c,70,4b,6b,e1,4f,51,
95,ab,5d,af,5b,4d,c7,8d,53,c5,76,59,0d,15,dc,ad,38,c2,a6,6e,4f,31,36,13,62,\
"rkeysecu"=hex:01,f8,75,05,ad,60,34,1f,9d,10,df,30,73,b5,ba,7d
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1328)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-10-03 13:01:39
ComboFix-quarantined-files.txt 2010-10-03 11:01
Před spuštěním: Volných bajtů: 109 801 885 696
Po spuštění: Volných bajtů: 110 832 549 888
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 7E354124FCD98B033A3B3C1D5D201A13
Dobrý den díky za radu :) tady je to report :)) včera sem dal do karanteny nějaky malwary pomocí programu ADAWARE :))
ComboFix 10-10-02.02 - Robert 03.10.2010 12:53:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2204 [GMT 2:00]
Spuštěný z: c:\documents and settings\Robert\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101002-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
C:\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.
2010-10-03 10:41 . 2010-10-03 10:41 390144 ----a-w- c:\windows\system32\CF27814.exe
2010-09-16 16:26 . 2010-09-16 16:26 -------- d-----w- c:\program files\Common Files\Skype
2010-09-16 16:26 . 2010-09-16 16:26 -------- d-----r- c:\program files\Skype
2010-09-10 16:38 . 2010-09-10 16:38 503808 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\msvcp71.dll
2010-09-10 16:38 . 2010-09-10 16:38 499712 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\jmc.dll
2010-09-10 16:38 . 2010-09-10 16:38 348160 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ea49810-n\msvcr71.dll
2010-09-10 16:38 . 2010-09-10 16:38 61440 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2c67ea-n\decora-sse.dll
2010-09-10 16:38 . 2010-09-10 16:38 12800 ----a-w- c:\documents and settings\Robert\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2c67ea-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:02 . 2009-11-09 11:37 -------- d-----w- c:\program files\Spyware Terminator
2010-10-02 08:36 . 2008-04-14 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-10-02 08:36 . 2008-04-14 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-09-30 17:23 . 2009-01-30 18:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-30 13:31 . 2010-08-01 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 05:08 . 2009-02-04 15:20 -------- d-----w- c:\program files\Google
2010-09-23 18:42 . 2009-12-23 18:54 -------- d-----w- c:\program files\World of Warcraft
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-06 12:18 . 2009-02-14 16:17 -------- d-----w- c:\program files\Microsoft Games
2010-08-05 18:56 . 2008-12-25 14:08 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-05 18:56 . 2008-12-25 14:08 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-31 10:24 . 2010-07-31 10:24 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-07-31 10:23 . 2010-07-31 10:23 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-07-31 10:23 . 2010-07-31 10:23 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-07-31 10:23 . 2010-07-31 10:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-07-22 15:46 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-07-31 10:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-09 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-09 2172416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"StudentDOG"=c:\program files\Student DOG\StudentDOG.exe -h
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe"
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TrackMania Sunrise2\\TmSunrise.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Robert\\Plocha\\Parbisss\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8170:TCP"= 8170:TCP:BitComet 8170 TCP
"8170:UDP"= 8170:UDP:BitComet 8170 UDP
"21741:TCP"= 21741:TCP:BitComet 21741 TCP
"21741:UDP"= 21741:UDP:BitComet 21741 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.10.2009 16:05 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 20:18 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.11.2009 13:37 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 20:18 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.3.2009 15:54 165160]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 20:06 222968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 8:22 70912]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31.7.2010 12:24 27632]
R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [27.11.2006 11:53 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [5.10.2006 3:54 8064]
S2 gupdate1c986dda26e7694;Google Update Service (gupdate1c986dda26e7694);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 17:31 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.7.2010 12:23 13224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.12.2008 21:34 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:08]
2010-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 13:03]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 15:31]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 15:31]
2010-10-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
2010-10-03 c:\windows\Tasks\User_Feed_Synchronization-{93652C6F-65F2-484E-892B-398593C7E881}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FD523AF4-F5A5-4D9E-A39A-48E36562B432} = 182.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Robert\Data aplikací\Mozilla\Firefox\Profiles\3vyfuzax.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=83677BFC-4209-416F-BA22-5DF08489ECA2&apn_ptnrs=FV&apn_sauid=E3D1BAF0-7719-46E5-9554-7348DB2330A7&apn_dtid=&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 12:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-842925246-583907252-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:65,ce,d0,96,0b,12,ae,ad,48,e6,de,7d,6e,b1,9c,70,4b,6b,e1,4f,51,
95,ab,5d,af,5b,4d,c7,8d,53,c5,76,59,0d,15,dc,ad,38,c2,a6,6e,4f,31,36,13,62,\
"rkeysecu"=hex:01,f8,75,05,ad,60,34,1f,9d,10,df,30,73,b5,ba,7d
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1328)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-10-03 13:01:39
ComboFix-quarantined-files.txt 2010-10-03 11:01
Před spuštěním: Volných bajtů: 109 801 885 696
Po spuštění: Volných bajtů: 110 832 549 888
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 7E354124FCD98B033A3B3C1D5D201A13