Log z Combofix
Napsal: 20 bře 2011 09:48
Zdravim,
nenasel by se prosim Vas nekdo znaly, kdo by mi projel Log z Comba a rekl mi, jak to vypada s mym ntb.? Jsem v tomhle ohledu naprosty laik.
Problem je v tom, ze kdykoli spustim Firefox a chci kliknout na nejaky odkaz,vubec nefunguje. Musim nejprve okno minimalizovat a maximalizovat a pak mi to umozni jeden klik a konec
Zkousel jsem vsechny moznosti, ktere FF nabizi,ale nic nezabralo.
Diky za pomoc
Lada
wap25@centrum.cz
ComboFix 11-03-19.03 - Lada 20.03.2011 9:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.495.150 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lada\Dokumenty\Stažené soubory\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_002502_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-20 do 2011-03-20 )))))))))))))))))))))))))))))))
.
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-04-27 07:50 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-04-27 07:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-07-13 20:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2009-11-04 00:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-04-27 07:59 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-04-27 07:59 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-04-27 07:50 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 18:40 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-11 18:40 . 2010-06-01 17:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-11 18:40 . 2010-06-01 17:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-11 18:40 . 2010-06-01 17:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-11 18:40 . 2010-06-04 09:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-07 14:09 . 2004-04-27 07:49 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-04-27 07:50 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-04-27 07:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-04-27 07:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-04-27 07:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-04-27 07:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-04-27 07:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TFNF5"="TFNF5.exe" [2003-12-02 73728]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-29 118784]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-13 122880]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 32768]
"TPSMain"="TPSMain.exe" [2004-04-01 266240]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 2548552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 10:55 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 18:00 27576]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 15:33 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.11.2009 21:18 108289]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {5A5EBB38-88DD-448F-95AF-E9388FEABC58} = 156.154.70.25,156.154.71.25
TCP: {C614F637-E022-48DD-8FD5-1DF179F671C6} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\b99fizfb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 09:22
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\guard32.dll
c:\windows\System32\LgNotify.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2011-03-20 09:26:40
ComboFix-quarantined-files.txt 2011-03-20 08:26
.
Před spuštěním: Volných bajtů: 14 962 376 704
Po spuštění: Volných bajtů: 15 075 397 632
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 89A9F396D09C5F1CF90935F2CE25F098
nenasel by se prosim Vas nekdo znaly, kdo by mi projel Log z Comba a rekl mi, jak to vypada s mym ntb.? Jsem v tomhle ohledu naprosty laik.
Problem je v tom, ze kdykoli spustim Firefox a chci kliknout na nejaky odkaz,vubec nefunguje. Musim nejprve okno minimalizovat a maximalizovat a pak mi to umozni jeden klik a konec
Zkousel jsem vsechny moznosti, ktere FF nabizi,ale nic nezabralo.
Diky za pomoc
Lada
wap25@centrum.cz
ComboFix 11-03-19.03 - Lada 20.03.2011 9:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.495.150 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lada\Dokumenty\Stažené soubory\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_002502_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-20 do 2011-03-20 )))))))))))))))))))))))))))))))
.
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-04-27 07:50 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-04-27 07:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-07-13 20:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2009-11-04 00:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-04-27 07:59 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-04-27 07:59 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-04-27 07:50 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 18:40 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-11 18:40 . 2010-06-01 17:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-11 18:40 . 2010-06-01 17:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-11 18:40 . 2010-06-01 17:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-11 18:40 . 2010-06-04 09:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-07 14:09 . 2004-04-27 07:49 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-04-27 07:50 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-04-27 07:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-04-27 07:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-04-27 07:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-04-27 07:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-04-27 07:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TFNF5"="TFNF5.exe" [2003-12-02 73728]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-29 118784]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-13 122880]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 32768]
"TPSMain"="TPSMain.exe" [2004-04-01 266240]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 2548552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 10:55 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 18:00 27576]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 15:33 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.11.2009 21:18 108289]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {5A5EBB38-88DD-448F-95AF-E9388FEABC58} = 156.154.70.25,156.154.71.25
TCP: {C614F637-E022-48DD-8FD5-1DF179F671C6} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\b99fizfb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 09:22
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\guard32.dll
c:\windows\System32\LgNotify.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2011-03-20 09:26:40
ComboFix-quarantined-files.txt 2011-03-20 08:26
.
Před spuštěním: Volných bajtů: 14 962 376 704
Po spuštění: Volných bajtů: 15 075 397 632
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 89A9F396D09C5F1CF90935F2CE25F098