vyskakovaci okna firefox

[mark222]

Dnes jsem si všimnul, že i na některých stránkách se mi zobrazuje v textu reklama u nějakého slova, při najetí myší se ukáže okno s reklamou. Dal jsem do vyhledávače hledat a ten problém býva v doplňcích tak jsem zkusil zakázat dva : Save now a Salesale, nepamatuji si že bych je instaloval. Po restartu Firefoxu zabralo, reklama je pryč a i hlavni problém nová okna v internetbankingu už fungují . Takže vyřešeno. Ale jestli mám nějakou havět jěště v pc netuším, co říká výpis combofix na to?

[Rudy]

Ještě dpčistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\
FF - prefs.js: keyword.URL - hxxp://search.newtabking.com/?t=1&q=
FF - ExtSQL: 2013-02-23 19:17; adblockpopups@jessehakanen.net; c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-03-28 17:21; {6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}; c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\extensions

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[mark222]

Provedeno, vypis combofix,


ComboFix 13-03-28.01 - Markos 29.03.2013 21:18:31.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1209 [GMT 1:00]
Spuštěný z: c:\documents and settings\Markos\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Markos\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-29 )))))))))))))))))))))))))))))))
.
.
2013-03-26 09:33 . 2013-03-26 09:33 -------- d-----w- c:\program files\Common Files\Skype
2013-03-22 13:48 . 2013-03-28 15:19 -------- d-----w- c:\program files\trend micro
2013-03-16 16:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 16:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-06 09:55 . 2013-03-06 09:55 86016 ----a-w- c:\windows\system32\NtDirect.dll
2013-03-05 20:53 . 2013-03-05 20:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 20:13 . 2012-11-02 17:39 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-29 20:13 . 2012-11-02 17:39 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 20:13 . 2012-11-02 17:39 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-16 11:40 . 2012-04-21 10:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-16 11:40 . 2012-04-21 10:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 20:53 . 2012-08-17 13:37 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 20:53 . 2010-10-15 08:56 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 20:53 . 2010-10-15 08:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 00:32 . 2008-08-10 11:52 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-17 13:49 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-17 13:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2004-08-17 13:44 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-17 13:49 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2008-08-11 17:47 . 2008-08-11 17:47 136 ----a-w- c:\program files\BMonitor.dll
2013-03-10 09:38 . 2013-03-10 09:38 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Markos\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Markos\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Markos\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Markos\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sticky Pad"="d:\instalovane programy\StickyPad\StickyPad.exe" [2011-09-01 528441]
"AlcoholAutomount"="d:\instalovane programy\Alcohol Soft\Alcohol 120\axcmd.exe" [2011-09-01 4608]
"BandwidthMeterPro"="d:\instalovane programy\BandwidthMeterPro\BWMeterPro.exe" [2011-09-01 236032]
"DAEMON Tools Lite"="d:\instalovane programy\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]
"WMUTray.exe"="d:\instalovane programy\WakeMeUp\WMUTray.exe" [2006-12-07 745984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"GrooveMonitor"="d:\instalovane programy\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"COMODO Internet Security"="d:\instalovane programy\Comodo\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"QuickTime Task"="d:\instalovane programy\quick\qttask.exe" [2011-09-01 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
"WMUAgent.exe"="d:\instalovane programy\WakeMeUp\WMUAgent.exe" [2006-11-25 160256]
.
c:\documents and settings\Markos\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2012-1-16 194775]
Dropbox.lnk - c:\documents and settings\Markos\Data aplikací\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Feed Notifier.lnk - d:\instalovane programy\Feed Notifier\notifier.exe [2012-4-1 58368]
Folding@home-gpu.lnk - c:\documents and settings\Markos\Data aplikací\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_98830A63A82EB98D7BA198.exe [2009-2-3 98477]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - d:\instalovane programy\Microsoft Office\Office12\ONENOTEM.EXE [2011-9-1 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ExifLauncher2.lnk - d:\instalovane programy\FinePixViewer\QuickDCF2.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\instalovane programy\superantispyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^VirtuaWin.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\VirtuaWin.lnk
backup=c:\windows\pss\VirtuaWin.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="d:\instalovane programy\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"d:\\Instalovane programy\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Instalovane programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Instalovane programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Instalovane programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Markos\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Hry\\StarCraft II\\StarCraft II.exe"=
"d:\\Hry\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\Hry\\Steam\\Steam.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\crimecraft\\SteamLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [25.5.2007 4:35 137728]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8.9.2012 21:30 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2.11.2012 18:39 37352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30.6.2011 8:38 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30.6.2011 8:38 29400]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
R1 SASDIFSV;SASDIFSV;d:\instalovane programy\superantispyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;d:\instalovane programy\superantispyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;d:\instalovane programy\superantispyware\SASCore.exe [11.7.2012 19:54 116608]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.11.2012 18:39 86752]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 15:41 810144]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23.5.2007 1:17 20539]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [9.3.2010 16:39 44880]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [1.7.2010 9:10 93440]
R3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\ProtoWall.sys [12.8.2004 16:29 22912]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [9.3.2010 16:39 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [9.3.2010 16:39 19408]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [23.5.2007 1:36 61440]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.12.2008 12:42 47360]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [6.1.2009 17:31 23600]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\vmcam323av.sys [25.12.2010 19:59 232448]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [25.12.2010 19:59 475136]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 11:40]
.
2013-03-29 c:\windows\Tasks\SmartDefrag_Startup.job
- d:\instalovane programy\Smart Defrag 2\SmartDefrag.exe [2012-09-08 17:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\instal~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\instal~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\instalovane programy\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\instalovane programy\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\instalovane programy\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\instalovane programy\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath - c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2013-02-23 19:17; adblockpopups@jessehakanen.net; c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-03-28 17:21; {6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}; c:\documents and settings\Markos\Data aplikací\Mozilla\Firefox\Profiles\l5f8knmj.default\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-29 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4104)
c:\windows\system32\guard32.dll
c:\documents and settings\Markos\Data aplikací\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
d:\instalovane programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\instalovane programy\WakeMeUp\WMUSvc.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2013-03-29 21:35:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-29 20:35
ComboFix2.txt 2013-03-29 05:52
.
Před spuštěním: Volných bajtů: 67 335 409 664
Po spuštění: Volných bajtů: 67 291 496 448
.
- - End Of File - - 3CB1B844D7ADAA61D40AF50AC55A8184

[Rudy]

Čisto. Nastala nějaká změna?

[mark222]

Díky za čištění, hlavní problém o kterém jsem věděl, dělaly ty doplňky ve firefoxu. Co všechno dělala ta ostatní havět co jsem v pc měl raději nevědět a už nebude mít příležitost ve svých nekalostech pokračovat. Takže ještě jednou díky, a zřejmě uzamknout

[Rudy]

Rádo se stalo!