VIRY.CZ

Zdravím,

před necelým týdnem jsem řešil jeden menší HW problém a na chvíli jsem potřeboval odstavit antivir s firewallem. Samozřejmě jsem se předtím odpojil od sítě, bohužel já hlava děravá jsem po opětovném připojení zapomněl antivir + firewall znovu zapnout. Mezitím jsem stačil jít na seznamácký e-mail, než jsem si to stačil uvědomit. Po několika dalších minutách začal Firefox otravovat s nějakou novou důležitou aktualizací (možná už s tím otravoval předtím, nevzpomínám si). Dal jsem to nainstalovat a ESS mi varováním zahlásil, že došlo ke změně aplikace firefox.exe. Nějak jsem to nepovažoval za důležité a Firefox povolil. Od té doby se Firefox chová nějak retardovaně. Ve zkratce: po každém spuštění hlásí chybu při obnovení oken, na hlavní stránce Googlu píše ve vyhledávači jakýmsi divným tučným písmem, adresní řádek nefunguje, vždy mě to přesune kurzor někde do pole stránky, pokud mám víc jak jednu záložku, nejdou zavřít - zaseknou se, většina stránek má posunovací lištu nalevo místo napravo a v neposlední řadě mi nefunguje kliknutí na některé odkazy na stránkách, třeba tady na fóru jsem se nemohl ani proklikat do sekce.

Dělá to asi jen v tom Firefoxu i když IE se mi zdá nějaký pomalý, nemohl jsem se přes něj vůbec dostat k nainstalování flash playeru, ale kdo ví, zda je to ten samý problém. U Google Chrome všechno v pohodě, z něj teď píšu. Operační systém taktéž nejeví žádné známky jiného chování než předtím. Netuším teda, jestli v tom má zrovna prsty ta dočasná nefunkce antiviru a firewallu, ale ta aktualizace Firefoxu určitě.

Tady je log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by NB at 2010-11-16 09:27:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (21%) free of 33 GB
Total RAM: 1023 MB (45% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1957994488-1060284298-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1957994488-1060284298-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2008-09-29 93472]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-10-27 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-10-27 143360]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2007-02-06 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Program Files\Replay Media Catcher\FLVSrvc.exe [2009-09-22 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\NB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-02-13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung_AppInst]
F:\SamsungSoftware\AppInst.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-10-27 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:SQL Server (SQLEXPRESS)"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe:*:Enabled:SQL Server Active Directory Helper"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:SQL Server Browser"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe:*:Enabled:SQL Server VSS Writer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-16 09:27:08 ----D---- C:\Program Files\trend micro
2010-11-16 09:27:07 ----D---- C:\rsit
2010-11-15 19:45:33 ----D---- C:\Documents and Settings\NB\Application Data\ProgSense
2010-11-15 19:45:21 ----D---- C:\downloads
2010-11-15 19:45:21 ----D---- C:\Documents and Settings\NB\Application Data\GrabPro
2010-11-15 19:45:13 ----D---- C:\Documents and Settings\NB\Application Data\Orbit
2010-11-11 13:31:58 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-11-11 13:31:40 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-10-18 17:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-18 17:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-18 17:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-18 17:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-18 17:45:05 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-10-18 17:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-18 17:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-18 17:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-18 17:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-18 17:40:32 ----A---- C:\WINDOWS\imsins.BAK
2010-10-18 17:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-16 09:27:08 ----RD---- C:\Program Files
2010-11-16 09:15:56 ----D---- C:\WINDOWS\Temp
2010-11-16 09:09:47 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-16 09:08:33 ----A---- C:\WINDOWS\wincmd.ini
2010-11-15 23:21:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 19:44:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 19:39:30 ----D---- C:\Program Files\Replay Media Catcher
2010-11-15 19:36:57 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2010-11-15 19:36:54 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2010-11-14 09:55:21 ----SHD---- C:\WINDOWS\Installer
2010-11-11 16:58:01 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-11 13:32:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-11 13:31:58 ----D---- C:\WINDOWS\system32
2010-11-11 13:31:42 ----D---- C:\WINDOWS\system32\drivers
2010-11-11 09:42:45 ----D---- C:\Program Files\Mozilla Firefox
2010-11-09 11:12:28 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-09 11:12:20 ----RSD---- C:\WINDOWS\assembly
2010-11-04 21:14:44 ----D---- C:\Documents and Settings\NB\Application Data\AIMP
2010-10-31 13:27:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-31 13:23:25 ----ASH---- C:\boot.ini
2010-10-31 13:23:25 ----A---- C:\WINDOWS\win.ini
2010-10-31 13:23:25 ----A---- C:\WINDOWS\system.ini
2010-10-18 19:51:50 ----HD---- C:\WINDOWS\inf
2010-10-18 19:51:08 ----D---- C:\WINDOWS
2010-10-18 17:45:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-18 17:45:11 ----D---- C:\WINDOWS\WinSxS
2010-10-18 17:44:28 ----D---- C:\Program Files\Internet Explorer
2010-10-17 15:23:09 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\System32\DRIVERS\snapman.sys [2009-02-12 114048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-02-13 685816]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-10-24 11520]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-12 17801]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-06-16 10970]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-02-13 47360]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-14 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-09-29 23080]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2006-07-13 674560]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a0qngpji;a0qngpji; C:\WINDOWS\system32\drivers\a0qngpji.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-10-27 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-10-27 217088]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-06 364544]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 matlabserver;MATLAB Server; C:\MATLAB\webserver\bin\win32\matlabserver.exe [2002-06-18 503808]
R2 MSR Service;Virtual Disk Service Manager; C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe [2010-03-13 114688]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2006-06-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2006-06-16 426051]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Moc chytrý z toho teda nejsem, jediné, co jsem vyčetl ze seznamu modifikovaných souborů je, že to bylo asi toho 11. 11. 2010, kdy jsem nainstaloval ty aktualizace firefoxu.
Nevím, třeba bude stačit jen přeinstalovat Firefox a bude to v pohodě, ale pro prevenci mi ten log prosím prověřte, pokud budete mít chvíli času. Díky.

Mimochodem, před založením tématu jsem si chtěl pročíst zdejší pravidla, ale to téma s názvem "Pred zalozenim temy precitajte! Dolezite upozornenie!!!" nějak nefunguje, prý to téma neexistuje, tak se omlouvám za případné prohřešky.

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Tady je:

ComboFix 10-11-16.05 - NB 17.11.2010 19:01:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.489 [GMT 1:00]
Spuštěný z: c:\documents and settings\NB\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NB\Application Data\inst.exe
c:\program files\tcpview\tcpview.exe
c:\windows\ST6UNST.000
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-17 do 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-16 08:27 . 2010-11-16 08:27 -------- d-----w- c:\program files\trend micro
2010-11-16 08:27 . 2010-11-16 08:27 -------- d-----w- C:\rsit
2010-11-15 18:45 . 2010-11-15 18:45 -------- d-----w- c:\documents and settings\NB\Application Data\ProgSense
2010-11-15 18:45 . 2010-11-15 18:56 -------- d-----w- C:\downloads
2010-11-15 18:45 . 2010-11-15 18:45 -------- d-----w- c:\documents and settings\NB\Application Data\GrabPro
2010-11-15 18:45 . 2010-11-15 19:00 -------- d-----w- c:\documents and settings\NB\Application Data\Orbit
2010-11-11 12:31 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-11 12:31 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-11 12:31 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-11 12:31 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-11 08:42 . 2010-11-11 08:42 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-11 08:42 . 2010-11-11 08:42 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 18:36 . 2010-06-01 21:06 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-11-15 18:36 . 2010-06-01 21:06 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-09-28 11:28 . 2010-09-28 11:28 1409 ----a-w- c:\windows\QTFont.for
2010-09-18 10:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2001-08-23 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-23 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2001-08-23 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-23 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 13:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2001-08-23 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2008-09-29 93472]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-13 16:32 133104 ----atw- c:\documents and settings\NB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-02-13 20:20 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqladhlp90.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwriter.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP"= 1434:UDP:UDP
"1433:TCP"= 1433:TCP:TCP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2009 18:33 685816]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [13.2.2009 15:44 16384]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 8:16 472280]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [31.8.2010 10:37 114688]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27.12.2007 14:39 51816]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [29.9.2008 10:15 23080]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-13 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2009-02-13 00:38]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1957994488-1060284298-1003Core.job
- c:\documents and settings\NB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 16:32]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1957994488-1060284298-1003UA.job
- c:\documents and settings\NB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-13 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NB\Application Data\Mozilla\Firefox\Profiles\2yxa7jg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\documents and settings\NB\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\VLC Media Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-Samsung_AppInst - f:\samsungsoftware\AppInst.exe
AddRemove-PC Translator - c:\docume~1\NB\LOCALS~1\Temp\UN32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 19:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="15D3F608575585E752600F70D935E1497DD03876DD8D24202D1E6FFCB214D645D16DB2B34A5803F5C416828E69CF13900AA93C3F18E914DC7914B9D0F0B543E52C4EC744B41967683F176C45B61A7EC8E2C4F46C942EBB20B9A1E393B92AD05589DF9B3341AF8E4B408DEBD914BB4E15BB2FDE2DE935AFC574D4E47B0D9BA249654FC0E07336C9CC53E852F3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D679406B75B7F719F02F366AD588DDCAA3CD59DCF89E0A5AD359A1B5C91825EE162FAEB0CACF9292758A5CE4D10BE77C00C6B208412291626ED0A136AAA06165DC8F837693D28F570F7CD511DB79A24E36CAC08537957D1C900D0D622199312E09D965B12E89748C0AEA4685155A96B99E69A737E148D1581D457CB781E8664554645A1CA7D7BA7A37F45DFA0E618E82FBB9955CEAB0E31FA866B286570DBB1675B5D275C3E2BB1661EB0DBC3DBB54E32DCF0F28E7BC30C23E43DF8E6B936B609A9975D16E222931BF44850FA98F5DEF66F4DE88EB63A9D3174E31CFB175B406E319308C916FD1117A1D3080873F07294CFC0A5A102A4749BE958C7AA9B34B11226D23F4BF60281F6758021B2BAE276E48C3EEBA0F555319E35F7817BCD4F802F713CF0F51816CF1675DB8CC32E2CE987669D52651EC6893B718427F9A6DDB7C83099DD2681C47C195C590F0C01CE6361551DC2D27E95C6357522E6381438F3A2B11B9ABE2D3B19E29651C55DDA74889604DB7E4889814514C6DAC5C979D4E8477C5090A40ACECEA146FE1B0E58E89615CFDD9530A971F625A11C1AC7AB545C0346317AC1FC75D641C08152F70A1B5E0BCB8CEFF53C6D6277F538124EF4F629E6FD996C04D9C802F20FDA017BF220C36ABE34C78890221EDF6663AAFE93A3BC49C3C4C75CEF89332F70F4907A0BAF3EEB2405ADDB6DDFD975CAB7397EB9649A416AD7C740F91AE02FD39ABF5BBEA35B0BA81302E80B9C5616AF31E4740CE457AD7C57F7ABAD811870E0FA9F896F7EBB052F577DA817F067E053B3A98E27F99E2EB62FB89831E976B5EFA895F3EF6391DD4EADA91CB099773BA902D77C9698AEA9072CC00C20A3AF060F1B5C8B071A275ED1D76647EE77044ADAC792735D5A59C81482960A089F0CA800AE0147F20E588E37F7E5325A8F1EFC4191D1AB71FC04F736C7189B6DF5E4AFB7A2E52362CF14C0B0182EE6708B6A03ECD0E1E23D622A69F9F5764F4761ABE9E099409D7A92DF0626A41B76A03724CFA05AE1581E11D9901F6C35B77FC1E1EFD61B1AB7D02F54B5B06CDAF4D003161CD5E7C4D16732B5A89A6C2FE8F5189F1A2D14D17A74A11DEB1F26F0F7DA06A264B617D497DC1573AC949C0F7D7E8C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1636)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\oodag.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\1XConfig.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-11-17 19:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-17 18:16

Před spuštěním: 7 184 408 576 bytes free
Po spuštění: 9 678 163 968 bytes free

- - End Of File - - EA8DF4B604C80B75994791BA4A2A5777

4 poloožky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

Problém ve Firefoxu přetrvává. Ale nevadí, měl jsem takové tušení, že to postihlo jen ten prohlížeč, jelikož jak už jsem se zmínil, operační systém se chová bezproblémově. Chtěl jsem se jen ujistit, že se tento problém týká opravdu jen Firefoxu. Takže si udělám pouze zálohu záložek, hesel a prohlížeč přeinstaluji a bude to v pořádku.

Děkuji za Vámi věnovaný čas mému problému, vážím si toho.

VYŘEŠENO, jestli se to tu zamyká, tak to můžete locknout.

Nemáte zač!

VIRY.CZ

Divné chování firefoxu po jeho aktualizaci - VYŘEŠENO!

Divné chování firefoxu po jeho aktualizaci - VYŘEŠENO!

Re: Divné chování firefoxu po jeho aktualizaci

Re: Divné chování firefoxu po jeho aktualizaci

Re: Divné chování firefoxu po jeho aktualizaci

Re: Divné chování firefoxu po jeho aktualizaci

Re: Divné chování firefoxu po jeho aktualizaci - VYŘEŠENO!