ComboFix 09-10-10.02 - Mirek 11.10.2009 15:34.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1467 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091010-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FILE ::
"c:\documents and settings\Z lo§\Nabˇdka Start\Programy\Po spuçtŘnˇ\prf23.tmp"
"c:\windows\system32\drivers\qjbjqqph.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Crawler\Toolbar
c:\program files\Crawler\Toolbar\adrkeys.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\POPBLOCKER_BMP.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\POPBLOCKER_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\POPBLOCKER_MENU.dat
c:\program files\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\STERM\STERM_BMP.dat
c:\program files\Crawler\Toolbar\Cache\STERM\STERM_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\STERM\STERM_MENU.dat
c:\program files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
c:\program files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
c:\program files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
c:\program files\Crawler\Toolbar\Cache\WEATHER\WEATHER_BMP.dat
c:\program files\Crawler\Toolbar\Cache\WEATHER\WEATHER_CHBMP.dat
c:\program files\Crawler\Toolbar\common_ff.dat
c:\program files\Crawler\Toolbar\confirm.dat
c:\program files\Crawler\Toolbar\ctbcomm.dll
c:\program files\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler\Toolbar\CTConf.dat
c:\program files\Crawler\Toolbar\CTipsDef.dll
c:\program files\Crawler\Toolbar\CToolbar.exe
c:\program files\Crawler\Toolbar\CUpdate.exe
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Crawler\Toolbar\firefox\components\xwsg.xpt
c:\program files\Crawler\Toolbar\firefox\chrome.manifest
c:\program files\Crawler\Toolbar\firefox\chrome\crawlertbr.jar
c:\program files\Crawler\Toolbar\firefox\install.ini
c:\program files\Crawler\Toolbar\firefox\install.rdf
c:\program files\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files\Crawler\Toolbar\lookfor.dat
c:\program files\Crawler\Toolbar\majorse.dat
c:\program files\Crawler\Toolbar\rootmenu.dat
c:\program files\Crawler\Toolbar\services.dat
c:\program files\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\Crawler\Toolbar\update\domains.cab
c:\program files\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\Crawler\Toolbar\WSGData\wfilter.dat
c:\windows\logo1_.exe
c:\windows\rundll16.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FNTMAOOH
-------\Service_fntmaooh
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-11 do 2009-10-11 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 05:25 . 2009-03-18 01:33 -------- d-----w- c:\program files\Spywareblaster
2009-10-09 21:39 . 2007-09-28 12:39 -------- d-----w- c:\program files\WinClamAVShield
2009-10-07 20:34 . 2009-01-28 22:43 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-30 22:56 . 2005-08-16 14:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 06:37 . 2007-11-22 23:31 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-18 06:37 . 2007-11-22 23:31 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-18 06:37 . 2007-11-22 23:31 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-18 06:37 . 2007-11-22 23:31 132296 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2009-09-16 23:24 . 2008-11-03 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 10:59 . 2008-04-23 17:08 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-04-23 17:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-04-23 17:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-04-23 17:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-04-23 17:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-04-23 17:09 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-04-23 17:09 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-04-23 17:09 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-04-23 17:09 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 12:54 . 2008-11-03 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-11-03 20:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 08:47 . 2008-02-16 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 11:10 . 2007-05-08 01:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-07 21:50 . 2009-09-07 21:50 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-07 21:50 . 2007-11-13 16:20 -------- d-----w- c:\program files\ACD Systems
2009-09-06 07:33 . 2007-06-08 18:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 07:49 . 2007-05-02 22:44 -------- d-----w- c:\program files\Opera
2009-08-18 22:41 . 2009-08-18 22:33 -------- d-----w- c:\program files\Nová složka (2)
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-11_12.21.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-11 13:43 . 2009-10-11 13:43 16384 c:\windows\TEMP\Perflib_Perfdata_6b0.dat
+ 2009-10-11 13:43 . 2009-10-11 13:43 16384 c:\windows\TEMP\Perflib_Perfdata_1b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 1404928]
"SpywareTerminator"="c:\vedlejší programy\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-04 2171904]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-09-18 1799952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-09-18 1799952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\Z lo§\Nabˇdka Start\Programy\Po spuçtŘnˇ\
prf23.tmp [2009-5-20 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 07:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk.disabled
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033
"SensorsViewPro31"=c:\vedlejší programy\SensorsViewPro31\sviewpro.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Acrobat 8 cz\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQLite\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8591:TCP"= 8591:TCP:BitComet 8591 TCP
"8591:UDP"= 8591:UDP:BitComet 8591 UDP
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.4.2008 19:26 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23.11.2007 1:31 132296]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [23.11.2007 1:31 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10.10.2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 12:39 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.9.2007 14:40 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.4.2008 19:26 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [27.7.2009 17:51 10384]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 CTSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctsfsyn.sys [2.5.2007 2:01 155904]
S3 SASENUM;SASENUM;\??\c:\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> C:c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [10.8.2007 12:42 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [6.9.2007 20:48 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [6.9.2007 20:48 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [26.9.2007 13:04 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [26.9.2007 13:12 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [26.9.2007 13:04 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [26.9.2007 13:04 90800]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.atlas.cz/IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout pomocí Download &Express - c:\vedlejší programy\Download Express\Add_Url.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: klient1.rb.cz
Trusted Zone: motortv.cz\www
Trusted Zone:
www.rb.czHandler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\qqvctc7w.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.seznam.cz---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-11 17:14
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
"jabjhlfinlaeedbeehda"=hex:6a,61,6f,61,6b,6e,6f,65,6f,6b,70,66,6a,64,68,6d,64,
69,6d,6a,00,00
"iabjnjpdmjongamdek"=hex:6a,61,70,61,6e,6c,6f,62,6d,66,6f,62,6f,66,63,6d,63,6e,
70,65,00,00
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\vedlejc:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-10-11 17:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-11 15:19
ComboFix2.txt 2009-10-11 12:24
Před spuštěním: 7 644 835 840
Po spuštění: 7 459 069 952
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
339 --- E O F --- 2009-09-10 00:05
A HjT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:36, on 11.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Vedlejší programy\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Vedlejší programy\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\Vedlejší programy\Hijack This\HIJACK THIS 2.0.2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.atlas.cz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Vedlejší programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Vedlejší programy\Download Express\Add_Url.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQLite\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQLite\ICQ6.5\ICQ.exe
O15 - Trusted Zone:
http://www.motortv.czO15 - Trusted Zone:
http://*.www.rb.czO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Vedlejší programy\Spyware Terminator\sp_rsser.exe
--
End of file - 7487 bytes
Tak vytížení je určitě menší. Není to ještě jako dříve hlavně Opera to vytěžuje myslím více než dříve , ale net je určitě rychlejší a celkově comp o něco zrychlil .