Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém s iexplore.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
stovka
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 05 zář 2009 14:01

Problém s iexplore.exe

#1 Příspěvek od stovka »

Dobrý den mám problém s přístupem na pevné i jiné diksky přiládám log z combofix

ComboFix 10-04-06.05 - jirka 07.04.2010 20:21:50.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1422 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 18:03 . 2010-04-07 18:03 -------- d-s---w- c:\documents and settings\jirka\UserData
2010-04-07 17:46 . 2010-04-07 17:58 -------- d-----w- c:\windows\LastGood
2010-04-06 20:34 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-06 20:34 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-06 15:33 . 2010-04-06 15:33 -------- d-----w- c:\program files\Ask.com
2010-04-06 15:31 . 2010-04-06 15:33 -------- d-----w- c:\program files\The KMPlayer
2010-04-06 01:20 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-06 01:20 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-04-06 01:20 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-06 01:20 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-04-06 01:19 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-06 01:19 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-05 17:22 . 2010-04-05 17:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----w- c:\program files\Common Files\Skype
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----r- c:\program files\Skype
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Eye 312
2010-04-05 17:20 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-04-05 17:20 . 2007-06-14 16:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-05 17:20 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2010-04-05 17:20 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Pac7302
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\windows\PixArt
2010-04-05 13:25 . 2010-04-06 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\Norton Security Scan
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\NortonInstaller
2010-04-04 17:39 . 2010-04-04 17:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\AutoCAD 2010
2010-04-04 17:28 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-04-04 17:28 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-04-04 17:28 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-04-04 17:27 . 2010-04-04 17:27 -------- d-----w- c:\windows\Logs
2010-04-04 17:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-04 17:25 . 2010-04-04 17:26 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-04 17:19 . 2010-04-04 17:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-04 17:18 . 2010-04-04 17:18 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 17:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-04 17:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-04 16:59 . 2010-04-04 16:59 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 13:40 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-04-04 12:39 . 2010-04-07 17:44 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-03 23:10 . 2010-04-03 23:10 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 23:10 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 23:10 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-03 23:05 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 22:59 . 2010-04-03 22:59 -------- d-----w- c:\program files\MSXML 4.0
2010-04-03 19:40 . 2010-04-03 19:40 -------- d-----w- c:\program files\LG Electronics
2010-04-03 11:59 . 2010-04-03 12:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:53 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:53 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:37 . 2010-04-05 12:51 -------- d--h--w- c:\windows\$hf_mig$
2010-04-03 10:46 . 2010-04-03 10:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 10:10 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-04-03 09:33 . 2010-04-03 09:33 -------- d-----w- c:\program files\Flagship Studios
2010-04-03 09:29 . 2010-04-03 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 09:27 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-03 09:27 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-03 09:26 . 2010-04-03 09:26 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 09:25 . 2010-04-04 17:19 -------- d-----w- c:\program files\MSBuild
2010-04-03 09:17 . 2010-04-03 09:23 -------- d-----w- c:\windows\SHELLNEW
2010-04-03 09:13 . 2010-04-03 09:13 -------- d-----r- C:\MSOCache
2010-04-02 17:44 . 2010-04-02 17:44 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-04-02 17:34 . 2010-04-02 17:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 17:33 . 2010-04-02 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 17:33 . 2010-04-03 10:16 -------- d-----w- c:\program files\Java
2010-04-02 17:15 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-02 17:10 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 17:10 . 2010-04-02 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 20:27 . 2010-04-06 20:23 -------- d-----w- c:\program files\Aliens Vs Predator
2010-04-06 20:26 . 2010-04-06 20:26 -------- d-----w- c:\program files\Common Files\CANON
2010-04-06 20:26 . 2010-04-06 20:22 -------- d-----w- c:\program files\Canon
2010-04-06 20:23 . 2010-04-06 20:23 -------- d--h--w- c:\program files\CanonBJ
2010-04-05 17:20 . 2010-04-02 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 13:17 . 2001-10-25 14:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 13:17 . 2001-10-25 14:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 14:45 . 2010-04-02 10:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 14:45 . 2010-04-02 10:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-03 14:45 . 2010-04-02 10:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-02 12:08 . 2010-04-02 12:08 -------- d-----w- c:\program files\Opera
2010-04-02 12:03 . 2010-04-02 12:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-04-02 12:02 . 2010-04-02 10:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-02 11:30 . 2010-04-02 11:30 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 11:13 . 2010-04-02 11:13 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-02 10:51 . 2010-04-02 10:51 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-02 10:50 . 2010-04-02 10:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-02 10:48 . 2010-04-02 10:48 -------- d-----w- c:\program files\Nero
2010-04-02 10:33 . 2010-04-02 10:33 -------- d-----w- c:\program files\Intel
2010-04-02 10:28 . 2010-04-02 10:28 -------- d-----w- c:\program files\Realtek
2010-04-02 10:28 . 2010-04-02 10:28 315392 ----a-w- c:\windows\HideWin.exe
2010-04-02 10:22 . 2010-04-02 10:22 -------- d-----w- c:\program files\microsoft frontpage
2010-04-02 10:19 . 2010-04-02 10:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 08:13 . 2008-07-01 07:04 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 08:13 . 2010-03-09 08:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 08:11 . 2008-07-01 06:56 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-26 06:12 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-04-02 133368]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1691:TCP"= 1691:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 95872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.4.2010 13:13 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2010 19:10 691696]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - EAMON
*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN
*NewlyCreated* - EPFWTDIR

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\Norton Security Scan for jirka.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-05 10:50]

2010-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]

2010-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.samsungodd.com/liveupdate.asp?type=en
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\vtfkhncu.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 20:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-04-07 20:28:02
ComboFix-quarantined-files.txt 2010-04-07 18:27

Před spuštěním: 6 109 061 120
Po spuštění: 6 074 130 432

- - End Of File - - 983BE888EF8ACAB32A13AC0EE4DDD4D5

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problém s iexplore.exe

#2 Příspěvek od Rudy »

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Collect::
c:\windows\system32\winsys2.exe

Driver::
Akamai

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikionu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

stovka
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 05 zář 2009 14:01

Re: Problém s iexplore.exe

#3 Příspěvek od stovka »

ComboFix 10-04-06.05 - jirka 07.04.2010 20:55:59.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jirka\Plocha\cfscript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\windows\system32\winsys2.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\winsys2.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Service_Akamai


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 18:03 . 2010-04-07 18:03 -------- d-s---w- c:\documents and settings\jirka\UserData
2010-04-06 20:34 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-06 20:34 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-06 15:31 . 2010-04-06 15:33 -------- d-----w- c:\program files\The KMPlayer
2010-04-06 01:20 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-06 01:20 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-04-06 01:20 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-06 01:20 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-04-06 01:19 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-06 01:19 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-05 17:22 . 2010-04-05 17:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----w- c:\program files\Common Files\Skype
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----r- c:\program files\Skype
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Eye 312
2010-04-05 17:20 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-04-05 17:20 . 2007-06-14 16:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-05 17:20 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2010-04-05 17:20 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Pac7302
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\windows\PixArt
2010-04-05 13:25 . 2010-04-06 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\Norton Security Scan
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\NortonInstaller
2010-04-04 17:39 . 2010-04-04 17:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\AutoCAD 2010
2010-04-04 17:28 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-04-04 17:28 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-04-04 17:28 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-04-04 17:27 . 2010-04-04 17:27 -------- d-----w- c:\windows\Logs
2010-04-04 17:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-04 17:25 . 2010-04-04 17:26 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-04 17:19 . 2010-04-04 17:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-04 17:18 . 2010-04-04 17:18 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 17:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-04 17:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-04 16:59 . 2010-04-04 16:59 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 13:40 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-04-04 12:39 . 2010-04-07 18:35 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-03 23:10 . 2010-04-03 23:10 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 23:10 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 23:10 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-03 23:05 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 22:59 . 2010-04-03 22:59 -------- d-----w- c:\program files\MSXML 4.0
2010-04-03 19:40 . 2010-04-03 19:40 -------- d-----w- c:\program files\LG Electronics
2010-04-03 11:59 . 2010-04-03 12:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:53 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:53 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:37 . 2010-04-05 12:51 -------- d--h--w- c:\windows\$hf_mig$
2010-04-03 10:46 . 2010-04-03 10:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 10:10 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-04-03 09:33 . 2010-04-03 09:33 -------- d-----w- c:\program files\Flagship Studios
2010-04-03 09:29 . 2010-04-03 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 09:27 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-03 09:27 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-03 09:26 . 2010-04-03 09:26 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 09:25 . 2010-04-04 17:19 -------- d-----w- c:\program files\MSBuild
2010-04-03 09:17 . 2010-04-03 09:23 -------- d-----w- c:\windows\SHELLNEW
2010-04-03 09:13 . 2010-04-03 09:13 -------- d-----r- C:\MSOCache
2010-04-02 17:44 . 2010-04-02 17:44 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-04-02 17:34 . 2010-04-02 17:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 17:33 . 2010-04-02 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 17:33 . 2010-04-03 10:16 -------- d-----w- c:\program files\Java
2010-04-02 17:15 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-02 17:10 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 17:10 . 2010-04-02 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 20:27 . 2010-04-06 20:23 -------- d-----w- c:\program files\Aliens Vs Predator
2010-04-06 20:26 . 2010-04-06 20:26 -------- d-----w- c:\program files\Common Files\CANON
2010-04-06 20:26 . 2010-04-06 20:22 -------- d-----w- c:\program files\Canon
2010-04-06 20:23 . 2010-04-06 20:23 -------- d--h--w- c:\program files\CanonBJ
2010-04-05 17:20 . 2010-04-02 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 13:17 . 2001-10-25 14:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 13:17 . 2001-10-25 14:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 14:45 . 2010-04-02 10:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 14:45 . 2010-04-02 10:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-03 14:45 . 2010-04-02 10:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-02 12:08 . 2010-04-02 12:08 -------- d-----w- c:\program files\Opera
2010-04-02 12:03 . 2010-04-02 12:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-04-02 12:02 . 2010-04-02 10:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-02 11:30 . 2010-04-02 11:30 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 11:13 . 2010-04-02 11:13 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-02 10:51 . 2010-04-02 10:51 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-02 10:50 . 2010-04-02 10:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-02 10:48 . 2010-04-02 10:48 -------- d-----w- c:\program files\Nero
2010-04-02 10:33 . 2010-04-02 10:33 -------- d-----w- c:\program files\Intel
2010-04-02 10:28 . 2010-04-02 10:28 -------- d-----w- c:\program files\Realtek
2010-04-02 10:28 . 2010-04-02 10:28 315392 ----a-w- c:\windows\HideWin.exe
2010-04-02 10:22 . 2010-04-02 10:22 -------- d-----w- c:\program files\microsoft frontpage
2010-04-02 10:19 . 2010-04-02 10:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 08:13 . 2008-07-01 07:04 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 08:13 . 2010-03-09 08:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 08:11 . 2008-07-01 06:56 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-26 06:12 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-04-02 133368]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2010 19:10 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 95872]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.4.2010 13:13 246520]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\Norton Security Scan for jirka.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-05 10:50]

2010-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.samsungodd.com/liveupdate.asp?type=en
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\vtfkhncu.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 21:07
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6041F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> 0x8a6041f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47b21
SendHandler -> NDIS.sys @ 0xf7b2587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(660)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-07 21:12:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-07 19:12
ComboFix2.txt 2010-04-07 18:28

Před spuštěním: 6 055 616 512
Po spuštění: 5 876 195 328

- - End Of File - - 6394D2D83C00C414C133CD8F738C8CAB

stovka
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 05 zář 2009 14:01

Re: Problém s iexplore.exe

#4 Příspěvek od stovka »

nepomohlo stále mi to hlásí error při otevírání jakékoliv složky

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problém s iexplore.exe

#5 Příspěvek od Rudy »

Dejte log z CF po posledním spuštění. Jen nevím, jak tohle všechno souvisí s Internet Explorerem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět