Nevím co se děje,ale po každém restartu když otevřu Firefox,tak mi píše hlášku že není výchozí.Já odfajfkuji dát jako výchozí a za chvíli to na mně vybafne znova.Jinak tydy je log.z Combofixu.
ComboFix 14-04-20.01 - Čenda 23.04.2014 22:30:18.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.560 [GMT 2:00]
Spuštěný z: c:\documents and settings\Čenda\Plocha\Stahování z internetu\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Čenda\Plocha\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-23 do 2014-04-23 )))))))))))))))))))))))))))))))
.
.
2014-04-20 16:46 . 2000-01-01 00:00 7040 ----a-w- c:\windows\system32\drivers\whfltr2k.sys
2014-04-20 16:42 . 2014-04-23 17:27 -------- d-----w- c:\program files\Realtek AC97
2014-04-20 16:42 . 2000-01-01 00:00 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-04-20 16:42 . 2000-01-01 00:00 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-04-20 16:42 . 2000-01-01 00:00 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-04-20 16:42 . 2000-01-01 00:00 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-04-20 16:42 . 2000-01-01 00:00 315392 ----a-w- c:\windows\alcupd.exe
2014-04-20 16:42 . 2000-01-01 00:00 217088 ----a-w- c:\windows\Alcrmv.exe
2014-04-20 16:42 . 2000-01-01 00:00 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-04-20 16:42 . 2014-04-20 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-04-20 16:40 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2014-04-20 16:40 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2014-04-20 16:40 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2014-04-20 16:40 . 2006-02-07 13:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-04-20 16:40 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-04-20 16:40 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2014-04-20 16:40 . 2014-04-20 16:40 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-04-20 16:40 . 2014-04-20 16:40 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-04-20 16:36 . 2000-01-01 00:00 139264 ----a-w- c:\windows\system32\igfxres.dll
2014-04-20 16:36 . 2014-04-20 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Fighters
2014-04-20 16:30 . 2014-04-20 16:30 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\SlimWare Utilities Inc
2014-04-20 13:54 . 2014-04-20 13:54 -------- d-----w- C:\Intel
2014-04-20 09:45 . 2014-04-20 09:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2014-04-20 09:45 . 2014-04-20 09:45 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\eSupport.com
2014-04-19 15:41 . 2014-04-19 19:55 -------- d-----w- C:\FRST
2014-04-19 14:55 . 2004-04-12 15:27 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2014-04-19 14:55 . 2014-04-19 14:55 -------- d-----w- c:\program files\Mp3 Knife
2014-04-19 14:28 . 2014-04-19 14:28 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\WMTools Downloaded Files
2014-04-19 13:38 . 2014-04-19 13:38 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\Ahead
2014-04-19 13:18 . 2014-04-19 13:18 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\Help
2014-04-19 13:12 . 2014-04-19 13:42 -------- d-----w- c:\program files\Mp3 File Editor
2014-04-19 13:12 . 2014-04-19 13:21 286720 ----a-w- c:\windows\iun506.exe
2014-04-14 12:14 . 2014-04-14 12:14 -------- d-----w- c:\program files\Kaspersky Lab
2014-04-14 12:14 . 2014-04-14 12:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2014-04-13 12:31 . 2014-04-11 06:13 30720 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-04-11 15:10 . 2014-04-11 15:10 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2014-04-11 14:40 . 2014-04-11 14:40 -------- d-----w- c:\documents and settings\Čenda\Data aplikací\Apple Computer
2014-04-11 14:40 . 2014-04-11 14:40 -------- d-----w- c:\documents and settings\Čenda\AppData
2014-04-11 14:38 . 2014-04-11 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-11 14:33 . 2014-04-11 14:33 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2014-04-11 13:55 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2014-04-11 13:55 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2014-04-11 13:54 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2014-04-11 13:54 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2014-04-10 13:12 . 2014-04-10 13:12 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\Skype
2014-04-10 13:11 . 2014-04-10 13:11 -------- d-----w- c:\program files\Common Files\Skype
2014-04-10 13:11 . 2014-04-10 13:11 -------- d-----r- c:\program files\Skype
2014-04-07 15:37 . 2014-04-07 15:37 -------- d-----w- c:\documents and settings\Čenda\Local Settings\Data aplikací\Temp
2014-04-07 15:17 . 2014-04-07 15:17 43152 ----a-w- c:\windows\avastSS.scr
2014-03-27 11:16 . 2014-02-26 23:28 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-27 11:16 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 16:11 . 2014-02-14 13:06 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 16:11 . 2014-02-14 13:06 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-07 15:17 . 2014-01-21 19:44 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-07 15:17 . 2014-01-21 19:44 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-07 15:17 . 2014-01-21 19:44 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-07 15:17 . 2014-01-21 19:44 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-07 15:17 . 2014-01-21 19:44 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-07 15:17 . 2014-01-21 19:44 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-04-07 15:17 . 2014-01-21 19:44 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-04-07 15:17 . 2014-01-21 19:44 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-06 17:58 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-18 12:00 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2014-03-03 14:21 . 2014-03-03 14:21 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-03-03 14:21 . 2014-03-03 14:21 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-02-07 06:36 . 2004-08-18 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-18 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-07 15:17 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-07 3854640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2000-01-01 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2000-01-01 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2000-01-01 114688]
.
c:\documents and settings\Čenda\Nabídka Start\Programy\Po spuštění\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2014-3-3 2024960]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Čenda^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Čenda\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS]
2012-12-07 13:16 202328 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-10-02 19:28 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2000-01-01 00:00 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
2012-09-07 00:46 2777296 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
2013-10-22 05:05 3684488 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [21.1.2014 21:44 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [21.1.2014 21:44 180760]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [12.2.2014 19:53 102728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.1.2014 21:44 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [21.1.2014 21:44 411552]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [9.2.2014 23:21 32768]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [21.1.2014 21:44 67824]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [7.12.2012 15:16 202328]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [9.2.2014 23:20 587472]
S0 adagb;adagb;c:\windows\system32\drivers\agdhm.sys --> c:\windows\system32\drivers\agdhm.sys [?]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
S3 cpuz130;cpuz130;\??\c:\docume~1\ENDA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ENDA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [11.2.2014 19:06 2560]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [20.4.2014 11:45 23456]
S3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [11.2.2014 19:06 15616]
S3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [11.2.2014 19:06 20224]
S3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [11.2.2014 19:06 26368]
S3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [11.2.2014 19:06 256896]
S3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [11.2.2014 19:06 5632]
S3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [11.2.2014 19:06 7424]
S3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [11.2.2014 19:06 5376]
S3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [11.2.2014 19:06 4992]
S3 th164;th164;c:\windows\system32\drivers\th164.sys [11.2.2014 19:06 4736]
S3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [11.2.2014 19:06 4864]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [20.4.2014 18:46 7040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 06:49 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-14 16:11]
.
2014-04-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-07 15:17]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-16 09:38]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-16 09:38]
.
2014-04-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-04-23 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.157.0.1 10.157.0.128
FF - ProfilePath - c:\documents and settings\Čenda\Data aplikací\Mozilla\Firefox\Profiles\jtecfffv.default-1392973224640\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2014-04-23 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-23 22:43:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-23 20:42
ComboFix2.txt 2014-04-23 19:48
.
Před spuštěním: Volných bajtů: 93 642 010 624
Po spuštění: Volných bajtů: 93 562 314 752
.
- - End Of File - - 269202EEE3C6149FFE7C4DFF2541FEC3
413FC2A0C716421B3158746D63736515
Přispějete na provoz fóra?