nejde zvuk na internetu

[Rudy]

potřeboval bych poradit kam ho rozbalit

Defaultně by se měl rozbalit do %userprofile%\localsettings\Temp a měla by se spustit instalace.

[ccc]

http://www.ulozisko.sk/obrazky/455826/directx.jpg ?

[ccc]

tak se mi to podařilo nainstalovat, ale zase to nepomohlo

[Rudy]

OK. Dám nějaku konzultaci. Vydržte, prosím.

[ccc]

jasný, děkuju

[Rudy]

Zatím udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte. Ať je jistota, že tam není virus.

Edit Rudy: dvouklikem na ikonu hlasitosti Otevřte směšovač, kde máte možnost regulovat zvuk v prohlížečích:



Zkontrolujte, zda není stažen na nulu. Nemám Win7, takže jsem o této možnosti nevěděl.

[ccc]

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Verze databáze: 8110

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

8.11.2011 0:37:32
mbam-log-2011-11-08 (00-37-22).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 313909
Uplynulý čas: 47 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\Fighters\slow-pcfighter\slow-pcfighter.exe (Trojan.Agent) -> No action taken.

jinak směšovač mám nastavenej

[Rudy]

Vše, co MBAM nalezl, smažte. Restartujte PC a vyzkoušejte funkci.

[ccc]

hotovo, ale zvuk z netu a systémové zvuky stále nic

[Rudy]

Ještě zkuste sken ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Dejte log.

[ccc]

Rudy supér, Combofix zabral - už to jede

[ccc]

ComboFix 11-11-08.02 - Ctibor 08.11.2011 20:45:02.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3547.2377 [GMT 1:00]
Spuštěný z: c:\users\Ctibor\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\users\Ctibor\AppData\Local\windows7manager.exe
c:\users\Ctibor\AppData\Roaming\chrtmp
c:\users\Ctibor\AppData\Roaming\system32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-08 do 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 19:49 . 2011-11-08 19:50 -------- d-----w- c:\users\Ctibor\AppData\Local\temp
2011-11-08 19:49 . 2011-11-08 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 15:27 . 2011-11-08 18:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{480FAB82-EAE4-4F92-9E51-7002259F2CC5}\offreg.dll
2011-11-07 22:45 . 2011-11-07 22:45 -------- d-----w- c:\users\Ctibor\AppData\Roaming\Malwarebytes
2011-11-07 22:44 . 2011-11-07 22:44 -------- d-----w- c:\programdata\Malwarebytes
2011-11-07 22:44 . 2011-11-07 23:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 22:44 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 21:00 . 2011-11-07 21:01 -------- d-----w- c:\users\Ctibor\Nová složka
2011-11-07 20:53 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2011-11-06 23:41 . 2011-10-14 14:11 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-11-06 23:41 . 2011-10-14 14:11 51200 ----a-w- c:\windows\system32\ff_acm.acm
2011-11-06 23:41 . 2011-11-08 19:05 -------- d-----w- c:\program files\ffdshow
2011-11-04 15:25 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{480FAB82-EAE4-4F92-9E51-7002259F2CC5}\mpengine.dll
2011-11-04 07:05 . 2011-07-07 23:21 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-11-04 07:05 . 2011-07-07 23:21 139880 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-11-04 07:05 . 2011-07-07 23:21 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
2011-11-04 07:04 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-04 07:04 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-04 07:04 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-04 07:04 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-04 07:04 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-04 07:04 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-04 07:04 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-04 07:03 . 2011-11-04 07:03 -------- d-----w- C:\NVIDIA
2011-11-03 23:06 . 2009-07-14 01:15 315904 ----a-w- c:\windows\system32\Difxe512.rra
2011-11-03 23:05 . 2011-11-03 23:05 -------- d-----w- c:\program files\AmIcoSingLun
2011-11-03 23:05 . 2011-11-03 23:05 -------- d-----w- c:\programdata\AmUStor
2011-11-03 22:58 . 2011-11-03 22:58 53248 ----a-r- c:\users\Ctibor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-11-03 22:58 . 2011-11-03 22:58 -------- d-----w- c:\program files\Logitech
2011-11-03 22:47 . 2011-11-03 22:47 -------- d-----w- c:\users\Ctibor\AppData\Local\Logishrd
2011-11-03 22:09 . 2011-11-03 22:09 -------- d-----w- c:\users\Ctibor\AppData\Roaming\Leadertech
2011-11-03 22:08 . 2011-11-03 22:08 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-03 22:08 . 2011-11-03 22:58 -------- d-----w- c:\programdata\Logishrd
2011-11-03 22:08 . 2011-11-03 22:58 -------- d-----w- c:\program files\Common Files\Logishrd
2011-11-03 22:06 . 2011-11-03 22:10 -------- d-----w- c:\users\Ctibor\AppData\Roaming\Logitech
2011-11-03 22:06 . 2011-11-03 22:06 -------- d-----w- c:\users\Ctibor\AppData\Roaming\Logishrd
2011-11-03 21:31 . 2011-08-06 00:39 413696 ----a-w- c:\windows\system32\DTSU2PLFX32.dll
2011-11-03 21:30 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-03 19:22 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-03 19:22 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-11-03 19:22 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-11-03 19:22 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-11-03 19:22 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-11-03 19:22 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-11-03 19:22 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-11-03 19:22 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-11-03 19:22 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-11-03 19:22 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-11-03 19:22 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-11-03 17:24 . 2011-11-03 17:46 -------- d-----w- c:\users\Ctibor\AppData\Local\eSupport.com
2011-11-03 16:31 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-10-31 23:13 . 2011-10-31 23:13 -------- d-----w- c:\program files\Renesas Electronics
2011-10-31 23:13 . 2010-09-07 16:40 162392 ------w- c:\windows\system32\xRaidAPI.dll
2011-10-31 23:13 . 2011-10-31 23:13 -------- d-----w- C:\RaidTool
2011-10-31 23:13 . 2010-09-07 16:40 1976920 ------w- c:\windows\system32\xRaidSetup.exe
2011-10-31 23:13 . 2000-01-01 00:00 72280 ----a-w- c:\windows\system32\XSrvSetup.exe
2011-10-31 23:12 . 2011-11-03 23:06 -------- d-----w- c:\windows\RaidTool
2011-10-31 23:12 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-31 23:12 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-31 23:12 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-31 23:12 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-31 23:12 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-31 23:12 . 2011-10-31 23:12 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-31 23:12 . 2011-10-31 23:12 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-31 23:00 . 2011-11-06 23:09 -------- d--h--w- c:\program files\Temp
2011-10-31 22:52 . 2000-01-01 00:00 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-10-31 22:52 . 2000-01-01 00:00 393320 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-10-31 22:42 . 2000-01-01 00:00 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-10-31 22:41 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-31 22:41 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-31 22:36 . 2011-10-31 22:36 -------- d-----w- c:\users\Ctibor\AppData\Local\SlimWare Utilities Inc
2011-10-31 00:13 . 2011-10-31 00:13 -------- d-----w- c:\program files\Common Files\Java
2011-10-29 18:28 . 2011-11-04 07:07 -------- d-----w- c:\users\UpdatusUser
2011-10-29 05:58 . 2011-10-19 11:43 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-10-24 21:53 . 2011-11-08 19:43 -------- d-----w- c:\programdata\OnlineArmor
2011-10-24 21:53 . 2011-10-24 21:53 -------- d-----w- c:\users\Ctibor\AppData\Roaming\OnlineArmor
2011-10-24 21:38 . 2011-10-19 11:42 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-10-24 21:38 . 2011-10-19 11:42 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-10-24 21:38 . 2011-10-24 21:38 -------- d-----w- c:\program files\Tall Emu
2011-10-24 00:41 . 2011-10-24 00:41 -------- d-----w- c:\users\Ctibor\AppData\Roaming\Avira
2011-10-24 00:41 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-24 00:41 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-24 00:41 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-23 23:48 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-23 23:36 . 2011-10-24 00:41 -------- d-----w- c:\programdata\Avira
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-13 05:02 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 16:08 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 16:08 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 16:08 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 16:08 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-12 16:08 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:08 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:08 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-10 19:21 . 2011-10-10 19:24 -------- d-----w- c:\program files\ICQ7.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 19:12 . 2011-05-15 21:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 00:12 . 2010-09-28 15:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-15 08:53 . 2011-05-21 04:01 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-05-21 04:01 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2011-01-07 20:06 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-15 08:53 . 2011-01-07 20:06 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-07 20:06 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2011-01-07 20:06 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-01-07 20:06 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-07 20:06 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-07-10 03:37 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2010-07-09 14:20 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-09-14 16:13 . 2011-09-14 16:13 88424 ----a-w- c:\windows\system32\nusb3co2.dll
2011-09-13 15:14 . 2011-09-13 15:14 164736 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2011-09-13 15:13 . 2011-09-13 15:13 73344 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2011-09-07 12:48 . 2011-09-07 12:48 66832 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2011-09-07 10:20 . 2011-09-07 10:20 240392 ----a-w- c:\windows\system32\PDBoot.exe
2011-09-02 06:31 . 2011-09-02 06:31 55064 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2011-09-02 06:31 . 2011-09-02 06:31 39192 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2011-09-02 06:31 . 2011-09-02 06:31 41240 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2011-08-31 18:12 . 2010-09-09 14:35 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 14:20 . 2010-09-09 14:32 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-09-29 07:07 . 2011-10-31 05:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-08-24 366024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2011-10-19 2493000]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-05-03 237568]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2011-10-19 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2010-09-07 16:40 43608 ------w- c:\windows\RaidTool\xInsIDE.exe
.
R1 iidjhbbz;iidjhbbz;c:\windows\system32\drivers\iidjhbbz.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-10-19 40296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2011-10-19 4361480]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-10-19 205864]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-10-19 25192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/23 18:31];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-12-29 10:26 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2000-01-01 72280]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\OAcat.exe [2011-10-19 207936]
S2 PDFSFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-09-07 66832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 73344]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 164736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-12-20 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 393320]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 20:32]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 20:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EAED83F9-4986-4B9F-8464-0447ED07AC89}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\w3092olk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1221677159-1799410114-737550883-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5a,a6,5f,68,8a,53,6a,02,4e,04,b3,e9,58,d2,68,69,16,53,d4,95,73,
8a,73,18,98,39,65,c8,67,3f,23,42,0e,e9,57,b5,73,92,08,1c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1221677159-1799410114-737550883-1000_Classes\CLSID\{ee29a841-ff6d-463c-b582-4a44dffea0f9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-08 20:51:13
ComboFix-quarantined-files.txt 2011-11-08 19:51
.
Před spuštěním: Volných bajtů: 33 609 064 448
Po spuštění: Volných bajtů: 33 529 769 984
.
- - End Of File - - 26B22916CB79FD8A8AA610CFCE9283C5

[Rudy]

OK. Ještě tam je rootkit, který musíme odstřelit. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\Difxe512.rra
c:\windows\system32\drivers\iidjhbbz.sys

Driver::
iidjhbbz

Firefox::
FF - ProfilePath - c:\users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\w3092olk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[ccc]

provedeno

[Rudy]

Ještě poprosím o log z posledního skenu CF, aby bylo jasné, že je všechno pryč. Najdete ho v c:\combofix.txt.