Ted mi pro změnu nejde Firefox
Je duležité, přejmenovávat ten soubor na Potvora.com? Protože jsem to zapomněl udělat :-/
Konečný log:
ComboFix 11-02-20.03 - Povolný 21.02.2011 17:20:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1170 [GMT 1:00]
Spuštěný z: c:\documents and settings\Povolný\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Povolný\Data aplikací\Microsoft\conhost.exe
c:\program files\Internet Explorer\rasadhlp.dll
c:\program files\Mozilla Firefox\rasadhlp.dll
c:\program files\Outlook Express\rasadhlp.dll
c:\windows\daemon.dll
c:\windows\inf\pok.pnf
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-21 do 2011-02-21 )))))))))))))))))))))))))))))))
.
2011-02-21 14:21 . 2011-02-21 15:36 -------- d-----w- c:\program files\trend micro
2011-02-21 10:11 . 2011-02-21 10:11 -------- d-----w- c:\documents and settings\Povolný\Data aplikací\Uniblue
2011-02-21 10:11 . 2011-02-21 10:11 -------- d-----w- c:\program files\Uniblue
2011-02-19 16:58 . 2011-02-20 15:36 210432 ----a-w- c:\documents and settings\Povolný\Data aplikací\dwm.exe
2011-02-19 16:58 . 2011-02-19 16:58 -------- d-----w- c:\windows\Sun
2011-02-19 16:55 . 2011-02-19 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Metacafe
2011-02-17 15:52 . 2011-02-17 15:52 -------- d-----w- c:\program files\Hewlett-Packard
2011-02-17 15:25 . 2003-04-07 05:32 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-02-17 15:25 . 2003-04-07 05:32 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-02-17 15:25 . 2003-04-07 05:32 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-02-17 15:25 . 2003-04-07 05:32 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-02-17 15:25 . 2003-04-07 05:32 233528 ----a-r- c:\windows\system32\HPZidr12.dll
2011-02-17 15:25 . 2003-04-07 05:32 167936 ----a-r- c:\windows\system32\HPZipr12.dll
2011-02-17 15:25 . 2003-04-07 05:32 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-02-17 15:24 . 2003-04-07 05:32 51024 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2011-02-17 15:24 . 2003-04-07 05:32 21456 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-02-17 15:24 . 2003-04-07 05:40 237568 ----a-r- c:\windows\system32\HPZc3212.dll
2011-02-17 15:24 . 2003-04-07 05:32 81920 ----a-r- c:\windows\system32\hpovst08.dll
2011-02-17 15:24 . 2003-04-07 05:32 561152 ----a-r- c:\windows\system32\hpotscl.dll
2011-02-17 15:24 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-02-17 15:24 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-02-16 12:22 . 2011-02-16 12:22 -------- d--h--r- c:\documents and settings\Povolný\Data aplikací\SecuROM
2011-02-16 12:22 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-02-16 12:18 . 2011-02-16 12:18 -------- d-----w- c:\windows\Logs
2011-02-14 17:11 . 2011-02-14 18:37 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-02-14 17:11 . 2011-02-14 17:11 8 --sh--r- c:\documents and settings\All Users\Data aplikací\D26F17A75F.sys
2011-02-14 17:11 . 2011-02-14 17:11 -------- d-----w- c:\documents and settings\Povolný\Data aplikací\Corel
2011-02-14 17:10 . 2011-02-14 17:10 -------- d-----w- c:\program files\Common Files\Protexis
2011-02-14 17:10 . 2011-02-14 17:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2011-02-14 17:09 . 2011-02-14 17:09 -------- d-----w- c:\program files\Common Files\Corel
2011-02-08 18:02 . 2011-02-08 18:35 -------- d-----w- c:\documents and settings\Povolný\Local Settings\Data aplikací\WMTools Downloaded Files
2011-02-07 00:05 . 2011-02-07 00:05 -------- d-----w- c:\documents and settings\Povolný\Local Settings\Data aplikací\Temp
2011-02-03 21:48 . 2011-02-04 08:39 -------- d-----w- c:\documents and settings\Povolný\Data aplikací\bearsharemediabartb
2011-02-03 21:48 . 2011-02-03 21:50 -------- d-----w- c:\documents and settings\Povolný\Local Settings\Data aplikací\BearShare
2011-02-03 21:48 . 2011-02-03 21:52 -------- d-----w- c:\program files\BearShare Applications
2011-02-03 21:47 . 2011-02-03 21:47 -------- d-----w- c:\documents and settings\Povolný\Local Settings\Data aplikací\PackageAware
2011-02-03 21:39 . 2011-02-03 21:39 -------- d-----w- c:\program files\Common Files\Java
2011-02-03 21:39 . 2011-02-03 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-03 21:39 . 2011-02-03 21:39 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
2011-02-03 21:39 . 2011-02-03 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-02-03 21:38 . 2011-02-03 21:38 -------- d-----w- c:\program files\Java
2011-02-03 21:38 . 2011-02-03 21:44 -------- d-----w- c:\program files\LimeWire
2011-01-31 13:38 . 2011-01-31 13:38 49764 ----a-w- c:\windows\system32\EpaProt.DLL
2011-01-26 11:21 . 2005-08-24 06:46 3006464 ------w- c:\windows\UNNeroShowTime.exe
2011-01-26 11:15 . 1999-09-20 04:38 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-01-24 15:51 . 2011-01-24 15:51 -------- d-----w- C:\temp
2011-01-24 15:16 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2011-01-04 15:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-01-04 15:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-01-04 15:06 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-01-04 15:06 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-01-04 15:06 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-01-04 15:06 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-01-04 15:06 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-01-04 15:06 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-01-04 15:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-18 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 20:24 . 2010-12-26 19:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-18 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2011-01-04 21:16 545 ----a-w- c:\windows\ARJ.PIF
2010-12-09 15:15 . 2004-08-18 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-18 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-07 11:14 . 2010-12-07 11:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\program files\Avast5\avastUI.exe" [2011-01-13 3396624]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 188416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Povolně\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\Hry\\PES 11\\pes2011.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Povolný\\Plocha\\zaloha\\Half-Life 2\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1804:TCP"= 1804:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 3:16 119552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.12.2010 20:28 691696]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 14:37 5504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 16:06 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 16:06 17744]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
mStart Page = hxxp://
www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyServer = http=127.0.0.1:49495
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Povolný\Data aplikací\Mozilla\Firefox\Profiles\genxfbpd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49495
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-conhost - c:\documents and settings\Povolný\Data aplikací\Microsoft\conhost.exe
AddRemove-Akamai - c:\program files\common files\akamai\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-02-21 17:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SOUNDMAN.EXE
c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-21 17:30:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-21 16:29
Před spuštěním: 4 144 988 160
Po spuštění: 4 036 018 176
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 1A13F2380FF91F310456F465B2AEEB35
Odinstalujte combofix přes Start - Spustit