SuspensorPC

[EMILzatopek]

Zdarvim, do Pc se mi tady ten šmejd taky nějakým způsobem dostal - respektive mění mi to bannery - z klasických např z Českého Internetového obchodu na americké porno. Dále se mi otevírají okna s informacemi ze si to mám nainstalovat atd, coz jsem neudelal ani neudelam. Kazdopadne sem zatim postupoval podle http://pc-help.cz/viewtopic.php?t=5119 a tedka mi to vyjelo tohle to:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:20, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [004aabba] rundll32.exe "C:\WINDOWS\system32\keyfoybn.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM03799826] Rundll32.exe "C:\WINDOWS\system32\rqdajmer.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/ ... loader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6938 bytes


Je schopen někdo poradit jak se toho šmejdu mám definitivně zbavit?

//Téma rozděleno. Příště si založ prosím tě vlastní téma, i kdyby si měl stejný problém jak už se v tom tématu řešil. dík
fredik

[Reklama]

[paul27]

Zdravím.

Stáhněte a uložte na plochu ComboFix:

Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy (webový prohlížeč, messenger ap.) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup

VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.

[EMILzatopek]

výsledek combofixu:

ComboFix 08-03-22.3 - Petr 2008-03-23 14:21:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.891 [GMT 1:00]
Running from: C:\Install\Antiviry\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM03799826.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\cbxvwxy.dll
C:\WINDOWS\system32\hxqbfyre.dll
C:\WINDOWS\system32\keyfoybn.dll
C:\WINDOWS\system32\lxgubfar.dll
C:\WINDOWS\system32\nbyofyek.ini
C:\WINDOWS\system32\ntfofqdx.dll
C:\WINDOWS\system32\ras\hhlmken.scp
C:\WINDOWS\system32\rqdajmer.dll
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\update.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hhlmken


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 14:09 . 2008-03-23 14:29 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-23 10:32 . 2008-03-23 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 09:55 . 2008-03-23 09:55 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-23 09:55 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-23 09:55 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-23 09:55 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-23 09:55 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-23 09:55 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-23 09:55 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-23 09:55 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-23 09:55 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-21 21:24 . 2008-03-22 17:35 1,543,888 ---hs---- C:\WINDOWS\system32\gtjsdyry.ini
2008-03-21 21:16 . 2008-03-21 21:16 58,368 --a------ C:\axmfr.exe
2008-03-21 21:16 . 2008-03-23 14:29 26,496 --a------ C:\WINDOWS\system32\drivers\Nvd75.sys
2008-03-21 21:16 . 2008-03-23 14:29 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-19 16:41 . 2008-03-20 16:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 16:41 . 2008-03-19 16:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 17:09 . 2008-03-17 17:11 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-03-09 18:48 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-09 18:48 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-09 18:47 . 2008-03-09 18:47 <DIR> d-------- C:\Program Files\Ahead
2008-03-09 18:47 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-09 18:47 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-09 18:47 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-09 18:47 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-09 18:47 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-09 18:47 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-08 16:20 . 2008-03-08 16:24 <DIR> d-------- C:\Program Files\Torrent Master
2008-03-06 20:56 . 2008-03-06 20:56 23,011 --a------ C:\acadminidump.dmp
2008-03-06 20:56 . 2008-03-06 20:56 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-02-27 16:18 . 2008-02-27 16:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-24 13:03 . 2008-02-24 13:03 55,210 --a------ C:\cc_20080224_1303.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 16:12 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-17 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-03-15 20:23 --------- d-----w C:\Program Files\Autodesk Student Community Download Tool
2008-03-09 17:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-08 14:40 --------- d-----w C:\Program Files\ICQToolbar
2008-03-07 11:45 --------- d-----w C:\Program Files\StrongDC++
2008-03-02 16:20 --------- d-----w C:\Program Files\Opera
2008-02-13 19:12 --------- d-----w C:\Program Files\Autodesk
2008-02-01 10:21 39,668 ----a-w C:\cc_20080201_1121.reg
2008-01-29 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 18:25 --------- d-----w C:\Program Files\DivX
2008-01-29 16:55 --------- d-----w C:\Program Files\Zoner
2008-01-26 15:31 --------- d-----w C:\Program Files\Winamp
2008-01-24 09:05 60,714 ----a-w C:\cc_20080124_1005.reg
2008-01-09 15:01 24,476 ----a-w C:\cc_20080109_1600.reg
2008-01-02 14:57 54,992 ----a-w C:\cc_20080102_1557.reg
2008-01-01 10:26 43,750 ----a-w C:\cc_20080101_1125.reg
2008-01-01 09:58 284,664 ----a-w C:\cc_20080101_1058.reg
2005-10-24 14:39 24,284 ---ha-w C:\Program Files\im11.GID
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 18:52 68856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 16:12 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-09 20:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 20:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-12-09 20:06 86016]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 19:22 282624]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvwxy]
cbxvwxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaaby]
fccaaby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-23 14:29 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Documents and Settings\\Radim.BRNO.001\\Plocha\\Skype.exe"=
"C:\\Documents and Settings\\Radim.BRNO\\Plocha\\Skype.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 Nvd75;Nvd75;C:\WINDOWS\system32\Drivers\Nvd75.sys [2008-03-23 14:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homer.fa.vutbr.cz#share_stud]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 14:30:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-23 14:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 13:34:01
ComboFix2.txt 2007-12-28 11:43:27

díky za pomoc.)

[paul27]

Tak teď tohle:

Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\gtjsdyry.ini
C:\axmfr.exe
C:\WINDOWS\system32\drivers\Nvd75.sys
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\drivers\riode32.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvwxy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaaby]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

Driver::
Nvd75
riode32

Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady

[EMILzatopek]

ComboFix 08-03-22.3 - Radim 2008-03-23 18:45:45.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.915 [GMT 1:00]
Running from: C:\Install\Antiviry\ComboFix.exe
Command switches used :: C:\Documents and Settings\Radim.BRNO.000\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\axmfr.exe
C:\WINDOWS\system32\drivers\Nvd75.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\gtjsdyry.ini
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.
-- Other TimeOuts --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF11737.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF11737.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\axmfr.exe
C:\WINDOWS\system32\drivers\Nvd75.sys
C:\WINDOWS\system32\gtjsdyry.ini
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NVD75
-------\Service_Nvd75
-------\Service_riode32


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 10:32 . 2008-03-23 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 09:55 . 2008-03-23 09:55 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-23 09:55 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-23 09:55 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-23 09:55 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-23 09:55 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-23 09:55 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-23 09:55 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-23 09:55 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-23 09:55 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-17 17:09 . 2008-03-17 17:11 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-03-09 18:48 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-09 18:48 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-09 18:47 . 2008-03-09 18:47 <DIR> d-------- C:\Program Files\Ahead
2008-03-09 18:47 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-09 18:47 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-09 18:47 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-09 18:47 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-09 18:47 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-09 18:47 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-08 16:20 . 2008-03-08 16:24 <DIR> d-------- C:\Program Files\Torrent Master
2008-03-06 20:56 . 2008-03-06 20:56 23,011 --a------ C:\acadminidump.dmp
2008-03-06 20:56 . 2008-03-06 20:56 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-02-27 16:18 . 2008-02-27 16:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-24 13:03 . 2008-02-24 13:03 55,210 --a------ C:\cc_20080224_1303.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 16:12 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-17 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-03-15 20:23 --------- d-----w C:\Program Files\Autodesk Student Community Download Tool
2008-03-09 17:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-08 14:40 --------- d-----w C:\Program Files\ICQToolbar
2008-03-07 11:45 --------- d-----w C:\Program Files\StrongDC++
2008-03-02 16:20 --------- d-----w C:\Program Files\Opera
2008-02-13 19:12 --------- d-----w C:\Program Files\Autodesk
2008-02-01 10:21 39,668 ----a-w C:\cc_20080201_1121.reg
2008-01-29 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 18:25 --------- d-----w C:\Program Files\DivX
2008-01-29 16:55 --------- d-----w C:\Program Files\Zoner
2008-01-26 15:31 --------- d-----w C:\Program Files\Winamp
2008-01-24 09:05 60,714 ----a-w C:\cc_20080124_1005.reg
2008-01-09 15:01 24,476 ----a-w C:\cc_20080109_1600.reg
2008-01-02 14:57 54,992 ----a-w C:\cc_20080102_1557.reg
2008-01-01 10:26 43,750 ----a-w C:\cc_20080101_1125.reg
2008-01-01 09:58 284,664 ----a-w C:\cc_20080101_1058.reg
2005-10-24 14:39 24,284 ---ha-w C:\Program Files\im11.GID
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_14.33.29.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 13:29:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-23 17:50:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-23 13:29:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-23 17:50:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-23 13:29:28 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 17:50:56 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 17:50:59 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-09 20:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 20:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-12-09 20:06 86016]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 19:22 282624]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Documents and Settings\\Radim.BRNO.001\\Plocha\\Skype.exe"=
"C:\\Documents and Settings\\Radim.BRNO\\Plocha\\Skype.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:53:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-03-23 18:56:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 17:56:51
ComboFix2.txt 2008-03-23 13:34:05
ComboFix3.txt 2007-12-28 11:43:27


Posílam dalši text z Combofixu.

[paul27]

Jak se chová počítač?

[EMILzatopek]

Už to vypadá že vše klape jak má být, ještě během odpoledne sem to projel avastem a nějaký ty viry jsem vychytal a ted se zdá že by mělo vše jet bez problémů. díky za pomoc.

[paul27]

Nemáš zač. Kdyby něco napiš.