samovolné spouštění iexplorer a jiných, vypínaní zvuku?!

[polokiolo]

Combo smazal nejaky 3 numera v directech, ale stale zadna zmena...Tady je log:

ComboFix 10-07-01.02 - Karel IV 02.07.2010 22:49:45.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.620 [GMT 2:00]
Spuštěný z: E:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel IV\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\System32\drivers\1027162.sys
file zipped: c:\windows\System32\drivers\10271621.sys
file zipped: c:\windows\System32\drivers\10271622.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\1027162.sys
c:\windows\System32\drivers\10271621.sys
c:\windows\System32\drivers\10271622.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_10271621
-------\Legacy_10271622
-------\Service_10271621
-------\Service_10271622


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-02 do 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-06-29 22:48 . 2010-06-29 22:48 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-06-29 22:25 . 2010-06-29 22:25 -------- d-----w- c:\program files\BillP Studios
2010-06-29 21:02 . 2010-06-29 21:02 389632 ----a-w- c:\windows\system32\CF31605.exe
2010-06-29 07:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 07:37 . 2010-06-29 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 07:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 07:35 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 03:00 . 2010-06-28 23:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-28 23:13 . 2010-06-28 23:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-28 23:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 23:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 23:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 23:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 23:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 23:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 23:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 23:07 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 23:07 . 2010-06-28 23:07 -------- d-----w- c:\program files\Alwil Software
2010-06-28 16:14 . 2010-06-29 21:51 -------- d-s---w- c:\documents and settings\NetworkService\Oblíbené položky
2010-06-28 16:14 . 2010-06-28 16:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-28 15:58 . 2010-06-28 15:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 08:46 . 2010-06-28 08:46 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-28 08:44 . 2010-06-29 21:51 -------- d-s---w- c:\documents and settings\LocalService\Oblíbené položky

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 22:18 . 2009-11-12 23:29 -------- d-----w- c:\program files\CentrumczToolbar
2010-06-28 23:12 . 2009-05-17 05:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 23:04 . 2009-05-17 05:32 -------- d-----w- c:\program files\Lavasoft
2010-06-23 20:52 . 2009-05-26 05:15 -------- d-----w- c:\program files\Opera 10 Preview
2010-06-12 17:51 . 2009-09-30 17:14 -------- d-----w- c:\program files\VirtualDJ
2010-06-10 05:10 . 2010-04-26 19:21 -------- d-----w- c:\program files\ICQ7.1
2010-05-30 09:06 . 2010-05-24 15:15 -------- d-----w- c:\program files\NCH Software
.

------- Sigcheck -------

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-29_21.24.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-20 18:04 . 2004-08-17 13:49 59392 c:\windows\system32\url.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 39424 c:\windows\system32\pngfilt.dll
+ 2002-09-20 18:01 . 2004-08-17 13:48 56832 c:\windows\system32\mshtmler.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 29184 c:\windows\system32\mshta.exe
+ 2002-09-20 18:04 . 2004-08-17 13:49 22016 c:\windows\system32\licmgr10.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 15872 c:\windows\system32\jsproxy.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 96768 c:\windows\system32\inseng.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 35840 c:\windows\system32\imgutil.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 62976 c:\windows\system32\iesetup.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 48640 c:\windows\system32\iernonce.dll
+ 2009-06-15 18:52 . 2004-08-17 13:49 81920 c:\windows\system32\ieencode.dll
+ 2002-09-20 18:05 . 2004-08-17 13:49 34304 c:\windows\system32\ie4uinit.exe
+ 2001-10-25 14:00 . 2004-08-17 13:49 35328 c:\windows\system32\corpol.dll
+ 2009-05-17 05:14 . 2010-07-02 20:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-17 05:14 . 2010-07-02 20:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-17 05:14 . 2010-07-02 20:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-10-25 14:00 . 2004-08-17 13:49 61440 c:\windows\system32\admparse.dll
+ 2002-09-20 18:05 . 2004-08-17 13:49 439808 c:\windows\system32\webcheck.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 417792 c:\windows\system32\vbscript.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 675328 c:\windows\system32\urlmon.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 498176 c:\windows\system32\shlwapi.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 147456 c:\windows\system32\occache.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 530432 c:\windows\system32\mstime.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 146432 c:\windows\system32\msrating.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 146432 c:\windows\system32\msls31.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 448512 c:\windows\system32\mshtmled.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 450560 c:\windows\system32\jscript.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 249344 c:\windows\system32\iepeers.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 323584 c:\windows\system32\iedkcs32.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 225280 c:\windows\system32\ieakui.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 219136 c:\windows\system32\ieaksie.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 139264 c:\windows\system32\ieakeng.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 201728 c:\windows\system32\dxtrans.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 357888 c:\windows\system32\dxtmsft.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 225280 c:\windows\system32\dllcache\ieakui.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 100352 c:\windows\system32\advpack.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 1763328 c:\windows\system32\shdocvw.dll
+ 2009-10-22 07:57 . 2010-06-29 22:49 6175708 c:\windows\system32\Restore\rstrlog.dat
+ 2002-09-20 18:03 . 2004-08-17 13:49 1015296 c:\windows\system32\browseui.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-25 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^TransBar.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^UberIcon.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^Y'z Shadow.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-28 23:12 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 10:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 10:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 10:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-10-25 12:20 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-16 23:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-17 15:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"LVCOMSer"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\share DC++\\BzukosheQ\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17.5.2009 7:33 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.6.2010 1:08 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.6.2010 1:08 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1352832]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2010 22:43 135664]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.11.2009 13:17 246520]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:12]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:42]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:42]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {DFF07C34-4BC2-479A-8E36-022D8EDDDD8A} = 62.209.237.34,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - component: c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared\components\IGeared_cetrumczp_xputils2.dll
FF - component: c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared\components\IGeared_cetrumczp_xputils3.dll
FF - component: c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared\components\IGeared_cetrumczp_xputils35.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 22:58
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,70,8d,0d,41,1d,f8,44,a8,68,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,70,8d,0d,41,1d,f8,44,a8,68,f4,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2010-07-02 23:02:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-02 21:01
ComboFix2.txt 2010-06-30 14:41
ComboFix3.txt 2010-06-29 21:29

Před spuštěním: 3 748 368 384
Po spuštění: 3 770 343 424

- - End Of File - - 1BFD4F529F4807D8DEE4C868D0B439C1

[Rudy]

Ano. CF smazal fake drivery. Zkuste ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[polokiolo]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3.7.2010 0:44:56
mbam-log-2010-07-03 (00-44-56).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 202568
Uplynulý čas: 1 hodina(y), 16 minuta(y), 20 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Docela si uz zahrava , ja sem clovek trpelivy....ale kdyz behem jednoho songu 3 zeslabi WAWE a do toho mi otevre nejaky okno z adresy www.cz.mo...cosi?! .com a tam skvely reklamy na telefon....Zacinam ho jaksi nemit rad. Zvlaste u skvelyho filmu.

LOG Malware:

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Rudy]

Zkuste ještě spustit toto: http://www2.gmer.net/mbr/mbr.exe a dát log.

[polokiolo]

Stahl, otevrel a pri otevreni prikazoveho radku se hned zavrel a na plose vyjel tenhle report:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

[Rudy]

Nabootujte z instal. CD a přes klávesu "R" vstupte do konzoly pro zotavení až k tomu budete vyzván. Musíte znát heslo do účtu administrator. Do příkazováho řádku zadejte:

fixmbr

a odentrujte. Potvrďte a až konzola oznámí provedení příkazu, zadejte

exit

a opět odentrujte. PC se restartuje.