Problémy s Firefoxem - načítání webu nefunguje (MSIE je ok)
Napsal: 26 čer 2012 18:50
Dobrý den, nějak mi zlobí prohlížeč Firefox, nechce mi to pustit na nějaké stránky, např. Facebook, v IE jde bez problému.
Posílám log z Combofix.
Děkuji za radu - pomoc.
ComboFix 12-06-26.01 - Lenka - Krátká 26.06.2012 18:29:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.456 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lenka - Krßtkß\Plocha\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\system32\service
c:\windows\system32\service\05062012_TIS17_PccScan.log
c:\windows\system32\service\12052010_TIS17_PccScan.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_0_1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-26 do 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-25 17:17 . 2012-06-25 17:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-13 06:37 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-05 19:04 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-05 19:04 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-05 19:04 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-06-05 19:04 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-06-05 19:04 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-06-05 19:04 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-05 19:03 . 2012-06-05 19:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-06-05 19:01 . 2012-06-05 19:01 -------- d-----w- c:\program files\VideoLAN
2012-06-05 18:53 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-06-05 18:43 . 2012-06-05 18:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-05 18:43 . 2012-06-05 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-05 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 17:01 . 2012-06-06 01:48 -------- d-----w- c:\windows\AutoKMS
2012-06-05 16:48 . 2012-06-05 16:48 -------- d-----w- c:\program files\Microsoft.NET
2012-06-05 16:48 . 2012-06-05 16:48 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-06-05 16:45 . 2012-06-05 16:45 -------- d-----w- c:\windows\SHELLNEW
2012-06-05 16:45 . 2012-06-05 16:45 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-05 16:44 . 2012-06-05 16:44 -------- d-----r- C:\MSOCache
2012-06-05 15:50 . 2012-06-05 15:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-06-05 15:49 . 2012-06-05 15:49 -------- d-----w- c:\program files\ESET
2012-06-05 15:49 . 2012-06-05 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-06-05 15:34 . 2012-06-05 15:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-06-05 14:02 . 2012-06-24 16:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 14:02 . 2012-06-24 16:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 13:54 . 2012-06-05 13:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2012-06-05 13:54 . 2012-06-05 13:54 -------- d-----w- c:\program files\PatchBeam
2012-06-05 13:54 . 2012-06-05 18:42 -------- d-----w- c:\program files\PowerArchiver
2012-06-05 13:44 . 2012-06-25 17:12 -------- d-----w- c:\program files\CCleaner
2012-06-05 13:25 . 2012-06-05 13:25 -------- d-----w- c:\program files\CodeStuff
2012-06-05 13:16 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-05 13:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-06-05 13:04 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-05 13:04 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-05 12:51 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-05 12:51 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-05 12:42 . 2012-06-25 17:14 -------- d-----w- c:\documents and settings\Lenka - Krátká
2012-06-05 12:41 . 2010-05-12 04:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-06-05 12:41 . 2010-03-17 23:48 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\InstallShield
2012-06-05 12:39 . 2010-05-12 04:03 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2012-06-05 12:39 . 2010-03-18 00:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-06-05 12:33 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-06-05 12:33 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-06-01 15:27 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-06-01 15:27 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-06-01 15:27 . 2012-06-01 15:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-01 15:27 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-06-01 15:27 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-06-01 15:27 . 1999-03-06 11:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-06-01 11:30 . 2012-06-01 11:30 -------- d-----w- c:\program files\Synaptics
2012-06-01 11:29 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2012-06-01 11:29 . 2009-10-29 06:12 426096 ----a-w- c:\windows\system32\jmcamInst.dll
2012-06-01 11:29 . 2009-10-27 14:17 44400 ----a-w- c:\windows\system32\drivers\jmcam.sys
2012-06-01 11:29 . 2009-10-27 12:24 24176 ----a-w- c:\windows\system32\drivers\jmcam_lo.sys
2012-06-01 11:27 . 2012-06-01 11:27 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2010-03-17 23:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-03-17 23:52 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-12-24 02:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-12-24 02:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-12-24 02:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-03-17 23:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-03-17 23:52 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-03-17 23:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-12-24 02:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-12-24 02:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-12-23 18:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-12-24 02:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-12-24 02:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2009-12-23 18:07 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2009-12-23 18:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2009-12-23 18:07 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2009-12-23 18:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2009-12-23 18:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-12-23 18:07 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 08:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-12-24 02:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:19 . 2012-06-25 17:17 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-18 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 13:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [18.3.2010 1:51 11520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.6.2012 20:43 654408]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\drivers\jmccgp.sys [1.6.2012 13:28 15216]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\drivers\jmcam.sys [1.6.2012 13:29 44400]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\drivers\jmcam_lo.sys [1.6.2012 13:29 24176]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.11.2009 10:34 44032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.6.2012 20:43 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.6.2012 16:02 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.6.2012 13:28 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25.6.2012 19:17 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 16:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
FF - ProfilePath - c:\documents and settings\Lenka - Krátká\Data aplikací\Mozilla\Firefox\Profiles\0e7gi8mo.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1592)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Celkový čas: 2012-06-26 18:41:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-26 16:41
.
Před spuštěním: Volných bajtů: 68 106 821 632
Po spuštění: Volných bajtů: 68 094 726 144
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 344A1100230D130199330548DA752EF2
Posílám log z Combofix.
Děkuji za radu - pomoc.
ComboFix 12-06-26.01 - Lenka - Krátká 26.06.2012 18:29:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.456 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lenka - Krßtkß\Plocha\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\system32\service
c:\windows\system32\service\05062012_TIS17_PccScan.log
c:\windows\system32\service\12052010_TIS17_PccScan.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_0_1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-26 do 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-25 17:17 . 2012-06-25 17:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-13 06:37 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-05 19:04 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-05 19:04 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-05 19:04 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-06-05 19:04 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-06-05 19:04 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-06-05 19:04 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-05 19:03 . 2012-06-05 19:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-06-05 19:01 . 2012-06-05 19:01 -------- d-----w- c:\program files\VideoLAN
2012-06-05 18:53 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-06-05 18:43 . 2012-06-05 18:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-05 18:43 . 2012-06-05 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-05 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 17:01 . 2012-06-06 01:48 -------- d-----w- c:\windows\AutoKMS
2012-06-05 16:48 . 2012-06-05 16:48 -------- d-----w- c:\program files\Microsoft.NET
2012-06-05 16:48 . 2012-06-05 16:48 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-06-05 16:45 . 2012-06-05 16:45 -------- d-----w- c:\windows\SHELLNEW
2012-06-05 16:45 . 2012-06-05 16:45 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-05 16:44 . 2012-06-05 16:44 -------- d-----r- C:\MSOCache
2012-06-05 15:50 . 2012-06-05 15:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-06-05 15:49 . 2012-06-05 15:49 -------- d-----w- c:\program files\ESET
2012-06-05 15:49 . 2012-06-05 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-06-05 15:34 . 2012-06-05 15:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-06-05 14:02 . 2012-06-24 16:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 14:02 . 2012-06-24 16:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 13:54 . 2012-06-05 13:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2012-06-05 13:54 . 2012-06-05 13:54 -------- d-----w- c:\program files\PatchBeam
2012-06-05 13:54 . 2012-06-05 18:42 -------- d-----w- c:\program files\PowerArchiver
2012-06-05 13:44 . 2012-06-25 17:12 -------- d-----w- c:\program files\CCleaner
2012-06-05 13:25 . 2012-06-05 13:25 -------- d-----w- c:\program files\CodeStuff
2012-06-05 13:16 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-05 13:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-06-05 13:04 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-05 13:04 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-05 12:51 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-05 12:51 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-05 12:42 . 2012-06-25 17:14 -------- d-----w- c:\documents and settings\Lenka - Krátká
2012-06-05 12:41 . 2010-05-12 04:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-06-05 12:41 . 2010-03-17 23:48 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\InstallShield
2012-06-05 12:39 . 2010-05-12 04:03 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2012-06-05 12:39 . 2010-03-18 00:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-06-05 12:33 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-06-05 12:33 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-06-01 15:27 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-06-01 15:27 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-06-01 15:27 . 2012-06-01 15:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-01 15:27 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-06-01 15:27 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-06-01 15:27 . 1999-03-06 11:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-06-01 11:30 . 2012-06-01 11:30 -------- d-----w- c:\program files\Synaptics
2012-06-01 11:29 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2012-06-01 11:29 . 2009-10-29 06:12 426096 ----a-w- c:\windows\system32\jmcamInst.dll
2012-06-01 11:29 . 2009-10-27 14:17 44400 ----a-w- c:\windows\system32\drivers\jmcam.sys
2012-06-01 11:29 . 2009-10-27 12:24 24176 ----a-w- c:\windows\system32\drivers\jmcam_lo.sys
2012-06-01 11:27 . 2012-06-01 11:27 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2010-03-17 23:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-03-17 23:52 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-12-24 02:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-12-24 02:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-12-24 02:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-03-17 23:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-03-17 23:52 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-03-17 23:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-12-24 02:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-12-24 02:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-12-23 18:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-12-24 02:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-12-24 02:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2009-12-23 18:07 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2009-12-23 18:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2009-12-23 18:07 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2009-12-23 18:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2009-12-23 18:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-12-23 18:07 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 08:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-12-24 02:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:19 . 2012-06-25 17:17 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-18 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 13:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [18.3.2010 1:51 11520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.6.2012 20:43 654408]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\drivers\jmccgp.sys [1.6.2012 13:28 15216]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\drivers\jmcam.sys [1.6.2012 13:29 44400]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\drivers\jmcam_lo.sys [1.6.2012 13:29 24176]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.11.2009 10:34 44032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.6.2012 20:43 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.6.2012 16:02 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.6.2012 13:28 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25.6.2012 19:17 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 16:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
FF - ProfilePath - c:\documents and settings\Lenka - Krátká\Data aplikací\Mozilla\Firefox\Profiles\0e7gi8mo.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1592)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Celkový čas: 2012-06-26 18:41:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-26 16:41
.
Před spuštěním: Volných bajtů: 68 106 821 632
Po spuštění: Volných bajtů: 68 094 726 144
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 344A1100230D130199330548DA752EF2