Tak jsme provedl novy log z Combo fixu.
Jeste jeden dotaz. Proc se mi po pouziti ComboFixu vytvori na plose ikona IE a nastavi se jako vychozi prohlizec?
Vypis ComboFixu:
ComboFix 10-01-20.06 - Jiras 21.01.2010 17:27:23.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.621 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiras\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Java\jre6\bin\jucheck.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-20 19:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:24 . 2010-01-20 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 18:37 . 2010-01-20 18:37 -------- d-----w- c:\program files\Trend Micro
2010-01-20 13:57 . 2010-01-20 13:57 -------- d---a-w- c:\windows\rundll16.exe
2010-01-20 13:57 . 2010-01-20 13:57 -------- d---a-w- c:\windows\logo1_.exe
2010-01-20 13:48 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-19 16:34 . 2010-01-19 16:34 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-19 16:34 . 2010-01-19 16:34 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-19 16:34 . 2010-01-19 16:34 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-19 16:34 . 2010-01-19 16:34 -------- d---a-w- c:\windows\logo_1.exe
2010-01-19 16:32 . 2010-01-19 16:33 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-19 16:32 . 2010-01-19 16:32 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-19 16:32 . 2010-01-19 16:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-19 16:32 . 2008-04-14 04:22 137216 ----a-w- c:\windows\system32\T.COM
2010-01-19 16:32 . 2008-04-14 04:22 147968 ----a-w- c:\windows\R.COM
2010-01-19 16:32 . 2010-01-19 16:32 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-19 15:04 . 2010-01-19 15:04 -------- d-----w- c:\program files\Opera
2010-01-12 21:55 . 2010-01-12 21:55 -------- d-----w- c:\program files\VideoLAN
2010-01-12 21:52 . 2010-01-12 21:52 -------- d-----w- c:\documents and settings\Jiras\dwhelper
2010-01-07 18:29 . 2010-01-07 18:29 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-01-06 16:08 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-06 16:08 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-06 16:08 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-06 16:08 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-06 16:08 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-06 16:08 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-06 16:07 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-06 16:07 . 2010-01-06 16:07 -------- d-----w- c:\program files\Alwil Software
2009-12-31 10:30 . 2009-12-31 10:30 -------- d-----w- c:\program files\CCleaner
2009-12-25 16:59 . 2009-12-25 16:59 -------- d-----w- c:\program files\Pontifex II
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 14:02 . 2006-06-29 03:45 83586 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 14:02 . 2006-06-29 03:45 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-12-02 08:58 . 2009-12-02 08:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-02 08:57 . 2009-12-02 08:57 -------- d-----w- c:\program files\vso
2009-11-29 12:50 . 2009-11-29 12:50 -------- d-----w- c:\program files\IVCsoft
2009-11-21 16:03 . 2004-08-18 19:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-10-29 05:26 . 2006-01-09 19:08 668160 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-20 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-15 2879488]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-05-16 2176000]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-04 15:26 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-07-20 14:05 729177 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-02-12 15:22 397312 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-02-12 17:16 69632 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Dassault Systemes\\B19\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B19\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Spyware Terminator\\SpyWareTerminator.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Jiras\\Plocha\\UTORRENT.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2214:UDP"= 2214:UDP:Windows Media Format SDK (firefox.exe)
"2215:UDP"= 2215:UDP:Windows Media Format SDK (firefox.exe)
"2216:UDP"= 2216:UDP:Windows Media Format SDK (firefox.exe)
"6560:TCP"= 6560:TCP:*:Disabled:hbyuox
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.1.2010 17:08 114768]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24.4.2007 17:52 16688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16.5.2009 22:27 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.1.2010 17:08 20560]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 qertsz;Boot Center;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 20:00 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [21.3.2009 13:14 20608]
S3 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\drivers\modrc.sys [7.7.2008 9:23 13056]
S3 st324bus;st324bus;c:\windows\system32\drivers\st324bus.sys [11.11.2002 0:31 8416]
S3 st324kj;st324kj;c:\windows\system32\drivers\st324kj.sys [13.11.2002 17:43 88896]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [6.7.2008 23:19 9446]
S3 ZD1211BU(AirLive);AirLive WL-5480USB WLAN USB Driver(AirLive);c:\windows\system32\drivers\ZD1211BU.sys [21.3.2009 13:14 402432]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - INT15.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qertsz
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B7322049-1B05-4D0F-8F09-8BDF61F08D35} = 10.0.0.0,20.0.0.0
FF - ProfilePath - c:\documents and settings\Jiras\Data aplikací\Mozilla\Firefox\Profiles\3ibhj92d.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60341&qkw=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 17:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1911979739-1208315462-2274971583-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C4AD4B3-7742-4B94-A8DB-7E3A835A6C1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdadbppfemhoaadhdhhdagbmlamihncka"=hex:61,61,00,00
"bbdadbppfemhoaadhdchmobmhcfmfnmchlhk"=hex:61,61,00,00
.
Celkový čas: 2010-01-21 17:32:24
ComboFix-quarantined-files.txt 2010-01-21 16:32
ComboFix2.txt 2010-01-20 19:57
Před spuštěním: Volných bajtů: 15 410 200 576
Po spuštění: Volných bajtů: 15 373 828 096
- - End Of File - - E512E10EF14AE75C85377685E822139C
