Asi vir v explorer.exe

[Nodon]

Tak už jsem se taky přidal začal mě zlobit proces explorer.exe.Co chvilka mi vyskočí hlašení o chybě explorer.exe nic se sice nestanu ale je to dost otravny.Dam jsem log z HJ a log z combofixu tu pridam zachvilku
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:07, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7945 bytes

[Reklama]

[Nodon]

Tady je ten combofix, ale jestě jsem se chtěl zaptat jestli je normalni že mi combofix vypnul avast,rezidentní spybot,hodil na plochu 2x internet explorer a odnastavil mi firefox jako výchozí prohlížeč a jestě buhví co

ComboFix 08-06-01.6 - Daniel 2008-06-03 14:16:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1612 [GMT 2:00]
Running from: C:\Documents and Settings\Daniel\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-01 20:34 . 2008-06-01 20:34 <DIR> d-------- C:\Program Files\DsNET Corp
2008-05-29 19:37 . 2008-06-01 16:23 <DIR> d-------- C:\Downloads
2008-05-29 19:36 . 2008-05-29 19:36 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-29 19:08 . 2008-05-29 19:08 <DIR> d-------- C:\Program Files\uTorrent
2008-05-29 16:13 . 2008-05-31 19:24 <DIR> d-------- C:\Program Files\SwiftSwitch
2008-05-28 18:53 . 2008-05-28 19:25 <DIR> d-------- C:\Program Files\RSDemon
2008-05-27 16:48 . 2008-05-28 18:39 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-27 16:48 . 2008-05-27 16:48 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-27 16:17 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-26 18:53 . 2008-05-26 18:53 <DIR> d-------- C:\Logs
2008-05-25 20:06 . 2008-05-25 20:06 <DIR> d-------- C:\Program Files\Hamachi
2008-05-24 18:57 . 2008-05-24 18:57 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-20 14:54 . 2008-05-20 14:54 <DIR> d-------- C:\Program Files\ScreenShots
2008-05-19 19:43 . 2008-05-19 19:43 <DIR> d-------- C:\Program Files\Activision
2008-05-16 14:34 . 2008-05-19 14:28 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-15 08:38 . 2008-05-16 14:43 <DIR> d-------- C:\vcs5BGEffects
2008-05-15 08:37 . 2008-05-15 08:37 <DIR> d-------- C:\Program Files\AV Music Morpher Gold
2008-05-15 08:35 . 2008-05-19 14:28 <DIR> d-------- C:\Program Files\AV Vcs 6.0
2008-05-13 19:56 . 2008-05-13 19:56 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-13 19:54 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-13 19:54 . 2008-05-14 13:56 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-13 19:53 . 2008-05-19 14:11 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-13 19:31 . 2008-05-13 19:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 19:22 . 2008-06-01 15:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-13 18:20 . 2008-05-13 18:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-13 14:42 . 2008-05-13 14:42 <DIR> d-------- C:\Program Files\alaplaya
2008-05-11 14:09 . 2008-05-11 14:09 <DIR> d-------- C:\Program Files\PremiumSoft
2008-05-11 14:05 . 2008-05-11 14:05 <DIR> d-------- C:\Program Files\MySQL
2008-05-11 12:46 . 2008-05-11 12:46 <DIR> d-------- C:\WINDOWS\Sun
2008-05-11 12:46 . 2008-05-11 12:58 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-11 12:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 12:44 . 2008-05-11 12:45 <DIR> d-------- C:\Program Files\Java
2008-05-11 12:43 . 2008-05-11 12:43 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-09 13:04 . 2008-05-25 20:06 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-06 15:02 . 2008-05-06 15:02 <DIR> d-------- C:\Program Files\MobMapUpdater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 14:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 09:08 --------- d-----w C:\Program Files\totalcmd
2008-04-27 13:13 --------- d-----w C:\Program Files\Winamp
2008-04-25 18:26 --------- d-----w C:\Program Files\Kodek CZ
2008-04-25 12:00 --------- d-----w C:\Program Files\Tibia
2008-04-22 15:51 --------- d-----w C:\Program Files\Skype
2008-04-22 15:31 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-04-22 15:24 --------- d-----w C:\Program Files\CCleaner
2008-04-03 17:23 --------- d-----w C:\Program Files\World of Warcraft
2008-04-03 13:43 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-03 13:24 --------- d-----w C:\Program Files\Warcraft III Frozen Throne
2008-04-03 08:08 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-04-03 08:08 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-03 08:08 368,736 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-03 08:08 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-04-03 08:08 --------- d-----w C:\Program Files\Common Files\Acronis
2008-04-03 08:07 --------- d-----w C:\Program Files\Acronis
2008-04-03 07:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-03 07:39 --------- d-----w C:\Program Files\Bezstrátové otáčení JPG
2008-04-03 07:37 --------- d-----w C:\Program Files\IrfanView
2008-04-03 07:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 07:32 --------- d-----w C:\Program Files\Ulead Systems
2008-04-03 07:32 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-03 07:24 --------- d-----w C:\Program Files\ffdshow
2008-04-03 07:23 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-04-03 07:22 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-03 07:10 --------- d-----w C:\Program Files\DVD Shrink
2008-04-03 07:08 --------- d-----w C:\Program Files\CloneDVD
2008-04-03 07:03 --------- d-----w C:\Program Files\SlySoft
2008-04-03 07:00 --------- d-----w C:\Program Files\CDex_150
2008-04-03 06:58 --------- d-----w C:\Program Files\Kolor
2008-04-03 06:49 --------- d-----w C:\Program Files\RAXCO
2008-04-03 06:49 --------- d-----w C:\Program Files\Common Files\Raxco
2008-04-03 06:45 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-04-03 06:45 --------- d-----w C:\Program Files\Advanced WindowsCare
2008-04-03 06:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-03 06:39 --------- d-----w C:\Program Files\Nero
2008-04-03 06:08 --------- d-----w C:\Program Files\ToniArts
2008-04-03 05:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-02 19:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-13 19:56 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-05-13 19:56 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 16:05 2615624]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 17:58 906648]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 16:10 140568]
"AtiPTA"="atiptaxx.exe" [2001-09-27 01:39 245760 C:\WINDOWS\system32\atiptaxx.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 15:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 15:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 15:07 86016]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.div4"= DivXc32f.dll
"vidc.div3"= DivXc32.dll
"vidc.xvid"= xvid.dll
"msacm.l3radius"= l3codecp.acm
"msacm.divxa"= divxa32.acm
"msacm.a3d"= a3d.dll
"msacm.ogg"= ogg.dll
"msacm.vorbisenc"= vorbisenc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\MaNGOS\\realmd.exe"=
"D:\\MaNGOS\\mangosd.exe"=
"C:\\Program Files\\alaplaya\\ComeOnBaby\\ComeOnBaby.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3307:TCP"= 3307:TCP:MySQL Server
"3308:TCP"= 3308:TCP:MySQL Server
"3309:TCP"= 3309:TCP:MySQL Server
"3306:TCP"= 3306:TCP:MySQL Server

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-03 10:08]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-23 19:41]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-12-04 16:44]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:20:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-03 14:22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 12:22:29

Adresářů: 9, Volných bajtů: 17,706,205,184
Adres ý…: 11, Volněch bajt…: 17,695,756,288

204 --- E O F --- 2008-05-23 18:32:39

[Nodon]

Nikdo nevi co stim??Už me začala vyskakovat dalši chyba která vyskočí hned potom co chyba explorer.exe

[zlobyl]

Tady je ten combofix, ale jestě jsem se chtěl zaptat jestli je normalni že mi combofix vypnul avast,rezidentní spybot,hodil na plochu 2x internet explorer a odnastavil mi firefox jako výchozí prohlížeč a jestě buhví co

Jsi na fóru už docela dlouho, a tak bych čekal, že si všimneš, že ComboFix se používá až po výzvě na základě kontroly HJT.Je to nástroj na ty nejtěžší druhy infekce a podle toho se také chová.


Jinak k problému:

Odinstaluj Yahoo toolbar (občas způsobuje tyto problémy).

Jinak by se hodily třeba screeny těch hlášek.

[Nodon]

Ok, zkusim udělat sreny tědka mě to dokonce začalo prechazovat ikony na ploše.

[Nodon]

Tady je sreen te jedne hlasky ta druha se mi jeste neporadirala sreenout.

[zlobyl]

Zkus si spustit Start-Spustit-cmd a zadej SFC/SCANNOW ,ale ještě asi to nepomůže.

Jinak mám ještě teorii-co když za to mohou kodeky?
Zkus odinstalovat všechny kodeky a znovu je nainstalovat.Dej si však pozor, abys nenainstaloval více kodeků ,,přes sebe".

[Nodon]

TAk ten scan moc nefungoval jelikoz to jaksi porad chtelo Windos xp professional a ja mam CD jen od home codeky zkusim tedka a tady je prehlednej sreen kde je všechno rozklikany do podrobností.

[Nodon]

Reinstal kodeku taky nepomohl odinstaloval jsem všechny kodeky vyčistil jsem registry Ccleanerem a reset PC a nainstaloval CCCP.

[zyx]

windows explorer has stopped working a nasledne restartovani windows exploreru nevi nekdo co s tim prosim dela to nonstop nemuzu ani nic odinstalovat protoze nemam pristup kdyz se to porad restartuje

[Nodon]

udělej si svuj topic a ten tvůj přispěvěk moc nachapu Asi pomuze opravna instalace windows nebo reinstal

[zlobyl]

Tak já už bohužel nevím , ale mohl bys zkusit ještě toto.