Problémy s Firefoxom, videami a záznamy fakeAV

[graupel]

Pokud odinstalováváte FF, musíte profil zálohovat. Při opětovné instalaci jej obnovíte. Nic by se nemělo ztratit. Log vypadá OK.

Opäť ďakujem.

[Rudy]

Není zač!

[graupel]

Tak bohužiaľ, ako sa hovorí - do tretice všetko dobré, no teraz je to naopak.
Dnes som opäť natrafil na to mrznutie prehliadača a SysInspectora.
Dnes mi prišla odpoveď od ESET technickej podpory na moju otázku, že prečo mi prehliadač a SysInspector mrzne. Táto správa mailom ma veľmi znepokojila a začínam mať už aj strach!
"Vážený zákazník
Mrznutie prehliadaca a SysInspectora byva najcastejsie sposobena stavajucou infiltraciou na systeme, ktora nebola zdetegovana a odstranena. Zial 100% rezidentna ochrana neexistuje.
Jedine co by som v tomto pripade poradil je nastavenie Local Administrator hesla na minimalnu dlzku 13 znakov. Stava sa ze pri instalacii WinXP ludia zabudaju na local admin usera a prave cez nezaheslovany admin ucet sa do systemu dostava najviac havede."

Takže mám otázku, skôr, než si nastavím heslo do Local Administration, existuje nejaký program, ktorý dokáže odstrániť stávajúce infiltrácie na systéme?

[Rudy]

Udělejte nový sken ComboFix a dejte log.

[graupel]

ComboFix 10-04-09.06 - Home 10.04.2010 15:08:07.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2559.2004 [GMT 2:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system
c:\windows\system32\system\msvcr80.dll
c:\windows\system32\system\msvcr80d.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 19:00 . 2008-12-04 00:25 120832 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-04-09 19:00 . 2009-12-16 15:05 347136 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-09 19:00 . 2009-12-16 15:05 340992 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-09 19:00 . 2009-12-16 15:05 43008 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-09 19:00 . 2009-12-16 15:05 471040 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-04-09 19:00 . 2009-12-16 15:05 1452032 ----a-w- c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-09 17:34 . 2010-04-09 17:35 -------- d-----w- C:\rsit
2010-04-06 05:21 . 2010-04-06 05:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-06 05:21 . 2010-04-06 05:21 -------- d-----w- c:\program files\Reference Assemblies
2010-04-06 05:09 . 2010-04-06 05:09 -------- d-----w- c:\program files\Windows Imaging
2010-04-06 05:06 . 2010-04-06 05:09 -------- d-----w- c:\program files\Windows AIK
2010-04-06 05:06 . 2010-04-06 05:06 -------- d-----w- c:\program files\MSXML 6.0
2010-03-31 21:10 . 2005-10-28 06:44 308224 ----a-w- c:\windows\system32\avisynth.dll
2010-03-30 20:02 . 2010-03-30 20:02 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 20:01 . 2010-03-30 20:01 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f1485ee-n\msvcp71.dll
2010-03-30 20:01 . 2010-03-30 20:01 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f1485ee-n\jmc.dll
2010-03-30 20:01 . 2010-03-30 20:01 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f1485ee-n\msvcr71.dll
2010-03-30 20:01 . 2010-03-30 20:01 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71e7e2d0-n\decora-sse.dll
2010-03-30 20:01 . 2010-03-30 20:01 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71e7e2d0-n\decora-d3d.dll
2010-03-27 17:40 . 2010-03-27 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 17:03 . 2010-03-27 17:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2010-03-26 18:35 . 2010-03-26 18:35 -------- d-----w- c:\program files\Common Files\Skype
2010-03-16 16:37 . 2004-02-21 22:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-16 16:37 . 2010-03-31 21:11 -------- d-----w- c:\program files\Magic Video Converter
2010-03-16 08:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-16 08:46 . 2010-03-16 08:46 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-16 08:45 . 2010-03-16 08:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-16 08:45 . 2010-03-16 08:45 -------- d-----w- c:\windows\system32\LogFiles
2010-03-13 14:56 . 2010-04-09 17:35 -------- d-----w- c:\program files\trend micro
2010-03-11 18:36 . 2010-03-11 19:04 -------- d-----w- c:\program files\ESET
2010-03-11 18:36 . 2010-03-11 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 13:00 . 2009-10-30 18:06 -------- d-----w- c:\documents and settings\Home\Application Data\ICQ
2010-04-10 13:00 . 2009-07-27 20:06 -------- d-----w- c:\documents and settings\Home\Application Data\Skype
2010-04-10 12:46 . 2009-07-26 09:00 -------- d-----w- c:\documents and settings\Home\Application Data\skypePM
2010-04-10 11:20 . 2009-10-30 18:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-09 22:04 . 2009-03-25 17:22 -------- d-----w- c:\program files\PowerArchiver
2010-04-09 19:10 . 2010-01-03 21:35 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-09 14:44 . 2009-12-04 21:08 -------- d-----w- c:\documents and settings\Home\Application Data\vlc
2010-04-06 17:48 . 2009-03-23 14:01 74320 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 10:35 . 2009-10-30 19:09 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 17:17 . 2010-02-20 11:44 -------- d-----w- c:\program files\ICQ7.0
2010-03-30 20:01 . 2009-06-16 14:25 -------- d-----w- c:\program files\Java
2010-03-27 20:58 . 2009-03-23 14:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 20:58 . 2010-01-31 15:07 -------- d-----w- c:\program files\CyberLink
2010-03-27 20:57 . 2009-12-29 16:20 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2010-03-27 17:05 . 2009-03-25 17:38 -------- d-----w- c:\documents and settings\Home\Application Data\dvdcss
2010-03-27 17:03 . 2009-12-29 16:23 -------- d-----w- c:\documents and settings\Home\Application Data\CyberLink
2010-03-27 14:45 . 2009-08-18 08:12 -------- d-----w- c:\documents and settings\Home\Application Data\Vso
2010-03-27 14:45 . 2009-08-18 08:12 81920 ----a-w- c:\documents and settings\Home\Application Data\ezpinst.exe
2010-03-27 14:45 . 2009-08-18 08:12 81920 ----a-w- c:\documents and settings\Home\Application Data\ezpinst.exe
2010-03-27 14:45 . 2009-08-18 08:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-27 14:45 . 2009-08-18 08:12 47360 ----a-w- c:\documents and settings\Home\Application Data\pcouffin.sys
2010-03-27 14:45 . 2009-08-18 08:12 47360 ----a-w- c:\documents and settings\Home\Application Data\pcouffin.sys
2010-03-20 13:52 . 2009-12-03 20:35 -------- d-----w- c:\program files\Magic Audio Converter
2010-03-10 14:39 . 2009-03-25 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 02:28 . 2009-06-16 14:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 20:53 . 2010-02-27 19:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 20:51 . 2010-03-07 20:20 -------- d-----w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2010-03-07 20:51 . 2009-03-23 14:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-07 20:20 . 2010-03-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-07 20:20 . 2010-03-07 20:20 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-03-07 16:32 . 2009-03-25 17:10 -------- d-----w- c:\documents and settings\Home\Application Data\U3
2010-03-07 13:55 . 2010-03-07 13:55 -------- d-----w- c:\documents and settings\Home\Application Data\Iomatic
2010-03-04 23:06 . 2010-03-04 23:06 332 ----a-w- c:\windows\desctemp.dat
2010-02-26 05:43 . 2006-02-28 11:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2009-09-07 14:17 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-26 05:41 . 2009-12-16 21:18 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-02-26 05:41 . 2009-12-16 21:18 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-02-26 05:41 . 2009-12-16 21:18 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-02-26 05:41 . 2009-12-16 21:18 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-02-26 05:39 . 2009-12-16 21:17 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-24 08:16 . 2010-01-26 18:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-15 13:44 . 2009-12-30 14:03 -------- d-----w- c:\program files\Winamp
2010-02-15 10:59 . 2010-02-15 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-12 12:29 . 2009-04-24 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-12 12:27 . 2010-02-12 12:27 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-12 10:03 . 2010-03-05 12:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-10 12:52 . 2009-03-29 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2010-02-10 12:46 . 2010-02-10 12:46 -------- d-----w- c:\program files\IVT Corporation
2010-02-10 12:43 . 2010-02-10 12:43 8854 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\UNINST_Uninstall_J_A3E10C17D54A4735B4E6E3B73680365E.exe
2010-02-10 12:43 . 2010-02-10 12:43 40960 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut2_8527C3D5BA1D46E988D2AF25544311A3.exe
2010-02-10 12:43 . 2010-02-10 12:43 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\ARPPRODUCTICON.exe
2010-02-10 12:43 . 2009-07-26 09:35 40960 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut3_8527C3D5BA1D46E988D2AF25544311A3.exe
2010-02-10 12:43 . 2010-02-10 12:43 -------- d-----w- c:\program files\USB PC Camera
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PAStarter.EXE" [2008-01-24 141352]
"Google Update"="c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-04 135664]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\documents and settings\Home\Application Data\Facebook\facebook.exe"= c:\documents and settings\Home\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.12.2009 23:18 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 7:41 810120]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23.3.2009 16:21 31392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [23.3.2009 16:19 238080]
S2 gupdate1ca18d0efe6cce8;Služba Google Update (gupdate1ca18d0efe6cce8);c:\program files\Google\Update\GoogleUpdate.exe [9.8.2009 11:08 133104]
S3 CAM1690;ANTIK PC Camera;c:\windows\system32\drivers\cam1690.sys [31.10.2007 14:34 180864]
S3 esihdrv;esihdrv;\??\c:\docume~1\Home\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Home\LOCALS~1\Temp\esihdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 09:08]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 09:08]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1383384898-682003330-1004Core.job
- c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 14:27]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1383384898-682003330-1004UA.job
- c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 14:27]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.sk
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {5ECFB204-96E8-4F98-ACE5-A736778877A7} = 172.22.13.254,217.119.117.170
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - chrome://google-toolbar/content/new-tab.html
FF - prefs.js: keyword.URL - hxxp://recovery.alexa.com/helper/?aid=H0Xfb1oht900gd&plugin=alxf-1.51&reason=keyword&location=
FF - component: c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\zmgmhlzx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Home\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\nvLsp.dll
.
Completion time: 2010-04-10 15:11:28
ComboFix-quarantined-files.txt 2010-04-10 13:11

Pre-Run: 35 282 169 856 bytes free
Post-Run: 35 423 961 088 bytes free

- - End Of File - - 74494136B5962AE57792D9AE48E36072

[Rudy]

3 položky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

[graupel]

3 položky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

1) Nenastala. Len neviem, že z ktorých stránok som tie 3 položky dostal, ComboFix som nedávno použil a dnes zase niečo našiel. Skúsil som CCleaner, ani to nepomohlo.
2) Neviem CF odinštalovať, do spustiť som napisal combofix /unistall alebo aj combofix /u, program sa nechce odinštalovať, ale spustiť.
3) Rozmýšľam, či problémy v Firefoxe nespôsobujú doplnky.

[Rudy]

1. Pokud zadáte combofix /uninstall, CF se spustí, a po několika sekundách vám oznámí, že byl odinstalován.
2. Je opravdu možné, že problém způsobují doplňky.

[graupel]

1. Pokud zadáte combofix /uninstall, CF se spustí, a po několika sekundách vám oznámí, že byl odinstalován.
2. Je opravdu možné, že problém způsobují doplňky.

Je to vyriešené, vymazal som v Mozille Firefox cookies, cache, históriu, niektoré doplnky som odinštaloval a teraz je všetko OK, v Eset Smart Security som pre Mozillu Firefox vypol aj aktívny režim (i to spôsobovalo spomaľovanie).

Ak budem mať nejaký problém, môžem bez Vášho povolenia použiť Combofix? Je veľmi dobrý!

[Rudy]

Ve vyjímečných případech může systém poškodit i pouhý sken, záleží na tom, co v PC běží. proto dáváme na úvod sken RSIT. Dále mazání skriptem smaže defacto cokoli, co do skriptu zadáte. Tím si můžete nenávratně poškodit systém. Použití nedoporučujeme běžným uživatelům. Rozhodnutí je ovšem na každém jednotlivci.