Prosím o kontrolu LOGu Vyřešeno

[clouck]

Mám problém s Windows Vista (legální na notebooku HP Pavilion dv6319), chová se divně, ale při antivirové kontrole jsem nic nenašel. Při spuštění ovládacích panelů a někdy i jiných programů zmizí z plochy všechny ikony i hlavní panel, zůstane jen postranní panel a program se nespustí. Někdy se po chvíli vše vrátí do normálu, někdy je třeba restartovat notebook. Může to být nějakým virem? Nod 32 mi nic nenašel. Chtěl jsem např. odinstalovat jeden program, ale ovládací panely nelze spustit, nebo se spustí, ale po chvíli zase samy ukončí. Teď mi např. zase všechno zmizelo jen po najetí kursorem myši na hlavní panel. Měl jsem podezření na Suspenzor PC, ale ten jsem nikde na instalovaný nenašel.

Prosím o pomoc, přikládám log z HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:44, on 20.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Opera\Opera.exe
C:\Instalace\Antiviry, antispaware atd\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... entrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [66360576] rundll32.exe "C:\Windows\system32\gpelanlf.dll",b
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.mojebanka.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8620 bytes

[Reklama]

[Baron Prášil]

vítej na fóru

na rovinu-na takhle rozhrkanej komp bude třeba použít combofix,ale já bych rád,
kdyby si se předtim pokusil vypnout štít defendera a spyterminatora.

a odinstalil zbytky nortona tímto
http://service1.symantec.com/SUPPORT/ts ... 3108162039

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [66360576] rundll32.exe "C:\Windows\system32\gpelanlf.dll",b

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis+info o chování

[clouck]

Díky za odpověď!

Postupoval jsem takto:

- fixnul jsem řádek podle rady

- odinstaloval jsem podle rady zbytky nortona, popravdě jsem teda nevěděl o tom, že ho tam vůbec mám :-)

- spyware terminator jsem vypnul, defender jsem vypnout nemohl, protože mi nejdou spustit ovládací panely, vypnul jsem ho tedy ve správci úloh na kartě „Služby“ (volba „vypnout službu“) a pro jistotu i vypnul jeho automatické spuštění v msconfig

- po spuštění ComboFix opět zmizely z plochy všechny ikony i hl. panel, spuštění ComboFix probíhalo trochu jinak, nepotvrzoval jsem jedničkou, ale jen jsem klikal na OK, na začátku se objevila v jeho modrém okně hláška „Systém nemůže nalézt text zprávy číslo 0x8 v souboru pro System.“, ale pak se program rozběhl

- počkal jsem, až dokončí práci, na konci dal hlášku o dovolení ke rebootu systému, ale sám se nerebootoval, musel jsem ho restartovat ručně, natvrdo vypnutím a zapnutím počítače (jinak to ani nešlo), po restartu ComboFix pokračoval v činnosti

Mezitím, než jsem začal postupovat podle návodu se objevovaly různé hlášky vybízející k instalaci nějakého antispywareu nebo čeho, okno mělo nadpis "Windows explorer", ale raději jsem to stornoval.

Doufám, že nepopisuju zbytečné detaily, nevím totiž, co je důležité a co ne, to víš, amatér… :)


ComboFix log:


ComboFix 08-02-20.2 - Luke 2008-02-20 16:09:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.454 [GMT 1:00]
Running from: C:\Users\Luke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\awjfvraa.dllbox
C:\Windows\System32\btqfobxn.ini
C:\Windows\System32\cfkcbtkq.ini
C:\Windows\System32\eybsmyph.ini
C:\Windows\System32\fhiii.bak1
C:\Windows\System32\fhiii.ini
C:\Windows\system32\fldfpjmv.dll
C:\Windows\System32\flnalepg.ini
C:\Windows\System32\gjiii.bak1
C:\Windows\System32\gjiii.ini
C:\Windows\system32\glotcarx.dll
C:\Windows\system32\grkppdoh.dll
C:\Windows\system32\hpymsbye.dll
C:\Windows\system32\iiihf.dll
C:\Windows\system32\iiijg.dll
C:\Windows\System32\iikmp.bak1
C:\Windows\System32\iikmp.ini
C:\Windows\system32\iwsjnykm.dll
C:\Windows\System32\jkmoq.bak1
C:\Windows\System32\jkmoq.ini
C:\Windows\system32\kaswuxkr.dll
C:\Windows\System32\kmpoq.bak1
C:\Windows\System32\kmpoq.ini
C:\Windows\system32\lopthrxm.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\mloqr.bak1
C:\Windows\System32\mloqr.bak2
C:\Windows\System32\mloqr.ini
C:\Windows\system32\ogsmfgyx.dll
C:\Windows\System32\orsut.bak1
C:\Windows\System32\orsut.ini
C:\Windows\system32\ougjnqqd.dll
C:\Windows\system32\plvcfofg.dll
C:\Windows\system32\pmkii.dll
C:\Windows\system32\qktbckfc.dll
C:\Windows\System32\qqsru.bak1
C:\Windows\System32\qqsru.ini
C:\Windows\system32\qyqtmehv.dll
C:\Windows\System32\rcmfrfdw.ini
C:\Windows\System32\rkxuwsak.ini
C:\Windows\system32\rqolm.dll
C:\Windows\System32\sdpprmfb.ini
C:\Windows\System32\swojhfhw.ini
C:\Windows\System32\swyaibtu.ini
C:\Windows\system32\taggaaos.dll
C:\Windows\system32\tcjlmqbj.dllbox
C:\Windows\System32\ttwxx.bak2
C:\Windows\System32\ttwxx.ini
C:\Windows\System32\ttwxx.ini2
C:\Windows\System32\ttwxx.tmp
C:\Windows\system32\tusro.dll
C:\Windows\System32\umfajmfs.ini
C:\Windows\system32\unpgwduy.dll
C:\Windows\system32\ursqq.dll
C:\Windows\system32\utbiayws.dll
C:\Windows\System32\vmjpfdlf.ini
C:\Windows\system32\wdfrfmcr.dll
C:\Windows\system32\wglbialx.dll
C:\Windows\System32\wwotngpr.ini
C:\Windows\system32\xxwtt.dll
C:\Windows\system32\ynafloix.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:19 --------- d-----w C:\Program Files\ICQ6
2008-02-17 13:48 --------- d-----w C:\Program Files\CoolSMScz
2008-02-17 13:41 --------- d-----w C:\Users\Luke\AppData\Roaming\Skype
2008-02-17 13:40 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:40 32 ----a-w C:\PROGRA~2\ezsid.dat
2008-02-17 13:40 --------- d-----w C:\Users\Luke\AppData\Roaming\skypePM
2008-02-17 13:39 --------- d-----w C:\Program Files\Skype
2008-02-17 13:39 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 13:37 --------- d-----w C:\Users\Luke\AppData\Roaming\Zoner
2008-02-17 13:35 --------- d-----w C:\Program Files\Zoner
2008-02-17 13:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 13:31 --------- d-----w C:\Users\Luke\AppData\Roaming\ICQ
2008-02-17 13:29 --------- d-----w C:\Users\Luke\AppData\Roaming\InstallShield
2008-02-17 09:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-17 09:53 --------- d-----w C:\Program Files\Windows Mail
2008-02-17 01:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 01:25 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-17 01:25 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-17 01:25 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-17 01:24 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-17 01:24 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-17 01:24 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-17 01:24 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-17 01:24 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-17 01:20 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 01:20 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 01:20 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-17 01:20 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 01:20 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-17 01:20 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 01:20 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-17 01:20 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 01:20 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 01:20 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-17 01:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 01:19 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 01:19 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 01:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 01:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 00:56 --------- d-----w C:\Users\Luke\AppData\Roaming\XnView
2008-02-17 00:34 --------- d-----w C:\Program Files\Spyware Terminator
2008-02-16 23:30 --------- d-----w C:\Users\Luke\AppData\Roaming\ESET
2008-02-16 23:28 --------- d-----w C:\Program Files\ESET
2008-02-16 23:28 --------- d-----w C:\PROGRA~2\ESET
2008-02-16 23:05 --------- d-----w C:\PROGRA~2\Spyware Terminator
2008-01-06 02:34 --------- d-----w C:\Program Files\iradio
2008-01-06 01:54 35,166 ----a-w C:\Users\Luke\AppData\Roaming\nvModes.dat
2008-01-06 01:51 --------- d-----w C:\Program Files\Google
2008-01-06 01:17 --------- d-----w C:\Program Files\iNetRadio
2008-01-06 00:46 --------- d-----w C:\Program Files\DocReader
2008-01-05 23:20 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-01-05 23:17 --------- d-----w C:\Program Files\Crawler
2008-01-05 23:16 --------- d-----w C:\Users\Luke\AppData\Roaming\Application Data
2008-01-05 19:11 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-01-05 19:10 --------- d-----w C:\PROGRA~2\Lavasoft
2008-01-05 19:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 07:21 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-09-14 21:12 174 --sha-w C:\Program Files\desktop.ini
2007-05-30 17:17 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{224D425C-2758-42D2-83C8-B7D6759A1A96}]
C:\Windows\system32\qopmk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-17 02:18 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-01-15 21:46 172032]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\xxwtt.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\66360576]
C:\Windows\system32\hpymsbye.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-12-04 12:39 46704 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2007-12-17 16:12 172280 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2004-09-20 06:16 196608 C:\PROGRA~1\SCROLL~1\MouseElf.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-01-14 02:40 7766016 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-01-14 02:40 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-01-14 02:40 90191 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\VistaCodecPack\QT\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-01-06 00:18 2834432 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switchboard]
--a------ 2006-05-30 13:35 854016 C:\Program Files\Switchboard\Switchboard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-15 07:02 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-05-29 22:58 1006264 C:\Program Files\Windows Defender\MSASCui.exe

R3 genmcmnUSB;USB Scroll Mouse Driver;C:\Windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 06:01]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]
S3 NETw3v32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12cfb9d7-8645-11dc-b251-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e8e67-9d8f-11dc-a2ba-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8274a744-91fc-11dc-b8c7-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4db45c6-0e20-11dc-b671-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 15:15:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\kmd.exe
"2008-02-20 15:25:34 C:\Windows\Tasks\User_Feed_Synchronization-{5A34EDF3-4501-4A68-A3E3-4D00A9237472}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 16:23:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 16:27:02
ComboFix-quarantined-files.txt 2008-02-20 15:26:57
.
2008-02-19 20:19:33 --- E O F ---



Nový log HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:27, on 20.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\Instalace\Antiviry, antispaware atd\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... entrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {224D425C-2758-42D2-83C8-B7D6759A1A96} - C:\Windows\system32\qopmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.mojebanka.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8295 bytes


Chování popíšu hned, jen pro jistotu uložím tento příspěvek...

[clouck]

Zdá se, že se počítač chová normálně, ovládací panely se samy nevypínají a vše zatím šlape normálně.

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

potom
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\Windows\system32\qopmk.dll
C:\Windows\system32\hpymsbye.dll
C:\Windows\system32\xxwtt.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{224D425C-2758-42D2-83C8-B7D6759A1A96}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\66360576]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
a mělo by to bejt redy

[clouck]

ComboFix 08-02-20.2 - Luke 2008-02-20 17:21:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.442 [GMT 1:00]
Running from: C:\Users\Luke\Desktop\ComboFix.exe
Command switches used :: C:\Users\Luke\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\hpymsbye.dll
C:\Windows\system32\qopmk.dll
C:\Windows\system32\xxwtt.dll
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:19 --------- d-----w C:\Program Files\ICQ6
2008-02-17 13:48 --------- d-----w C:\Program Files\CoolSMScz
2008-02-17 13:41 --------- d-----w C:\Users\Luke\AppData\Roaming\Skype
2008-02-17 13:40 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:40 32 ----a-w C:\PROGRA~2\ezsid.dat
2008-02-17 13:40 --------- d-----w C:\Users\Luke\AppData\Roaming\skypePM
2008-02-17 13:39 --------- d-----w C:\Program Files\Skype
2008-02-17 13:39 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 13:37 --------- d-----w C:\Users\Luke\AppData\Roaming\Zoner
2008-02-17 13:35 --------- d-----w C:\Program Files\Zoner
2008-02-17 13:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 13:31 --------- d-----w C:\Users\Luke\AppData\Roaming\ICQ
2008-02-17 13:29 --------- d-----w C:\Users\Luke\AppData\Roaming\InstallShield
2008-02-17 09:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-17 09:53 --------- d-----w C:\Program Files\Windows Mail
2008-02-17 01:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 01:25 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-17 01:25 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-17 01:25 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-17 01:24 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-17 01:24 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-17 01:24 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-17 01:24 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-17 01:24 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-17 01:20 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 01:20 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 01:20 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-17 01:20 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 01:20 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-17 01:20 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 01:20 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-17 01:20 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 01:20 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 01:20 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-17 01:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 01:19 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 01:19 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 01:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 01:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 00:56 --------- d-----w C:\Users\Luke\AppData\Roaming\XnView
2008-02-17 00:34 --------- d-----w C:\Program Files\Spyware Terminator
2008-02-16 23:30 --------- d-----w C:\Users\Luke\AppData\Roaming\ESET
2008-02-16 23:28 --------- d-----w C:\Program Files\ESET
2008-02-16 23:28 --------- d-----w C:\PROGRA~2\ESET
2008-02-16 23:05 --------- d-----w C:\PROGRA~2\Spyware Terminator
2008-01-06 02:34 --------- d-----w C:\Program Files\iradio
2008-01-06 01:54 35,166 ----a-w C:\Users\Luke\AppData\Roaming\nvModes.dat
2008-01-06 01:51 --------- d-----w C:\Program Files\Google
2008-01-06 01:17 --------- d-----w C:\Program Files\iNetRadio
2008-01-06 00:46 --------- d-----w C:\Program Files\DocReader
2008-01-05 23:20 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-01-05 23:17 --------- d-----w C:\Program Files\Crawler
2008-01-05 23:16 --------- d-----w C:\Users\Luke\AppData\Roaming\Application Data
2008-01-05 19:11 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-01-05 19:10 --------- d-----w C:\PROGRA~2\Lavasoft
2008-01-05 19:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 07:21 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-09-14 21:12 174 --sha-w C:\Program Files\desktop.ini
2007-05-30 17:17 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-17 02:18 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-01-15 21:46 172032]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-12-04 12:39 46704 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2007-12-17 16:12 172280 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2004-09-20 06:16 196608 C:\PROGRA~1\SCROLL~1\MouseElf.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-01-14 02:40 7766016 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-01-14 02:40 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-01-14 02:40 90191 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\VistaCodecPack\QT\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-01-06 00:18 2834432 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switchboard]
--a------ 2006-05-30 13:35 854016 C:\Program Files\Switchboard\Switchboard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-15 07:02 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-05-29 22:58 1006264 C:\Program Files\Windows Defender\MSASCui.exe

R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-09-14 20:44]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-01-06 00:20]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\Windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 06:01]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]
S3 NETw3v32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12cfb9d7-8645-11dc-b251-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e8e67-9d8f-11dc-a2ba-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8274a744-91fc-11dc-b8c7-001b243408e0}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4db45c6-0e20-11dc-b671-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 15:15:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\kmd.exe
"2008-02-20 16:30:26 C:\Windows\Tasks\User_Feed_Synchronization-{5A34EDF3-4501-4A68-A3E3-4D00A9237472}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 17:28:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 17:33:02
ComboFix-quarantined-files.txt 2008-02-20 16:32:58
ComboFix2.txt 2008-02-20 15:27:03
.
2008-02-19 20:19:33 --- E O F ---



Je to v pořádku?
Co se souborem "fix.reg", můžu ho smazat?
Díky za odpověď.

[Baron Prášil]

log je v pořádku.ale jak se chová komp to víš jenom ty.

vyčisti systém CCleanerem a RegCleanerem

T-Cleaner smaže vše po Combu,SDFixu,Avengeru atd.

[clouck]

OK, snad už to bude v pořádku. Díky moc!

[Baron Prášil]

ok,snad jo.není zač