PC-HELP.CZ

Na toto mě upozorňuje NOD32.Prosím o pomoc .Spybot-Search and Destroj to zatím nedokáže odstranit.

Logfile of HijackThis v1.99.1
Scan saved at 19:08:50, on 25.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\S\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [d06c0a3e] rundll32.exe "C:\WINDOWS\system32\wtkovxsm.dll",b
O4 - HKLM\..\Run: [BMd35f39a2] Rundll32.exe "C:\WINDOWS\system32\nraskwkw.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Před použitím ComboFix udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)

- zavři program
Restartuj PC.

#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Protože dlouho nikdo nereagoval, tak jsem se to pokusil odstranit sám pomocí SuperAntiSpyware,asi se podařilo,protože už to neotravuje,ale přesto jsem udělal ten ComboFix log.Prosím o zkouknutí zda je to v pořádku.

ComboFix 08-08-25.01 - S 2008-08-26 18:38:53.1 - NTFSx86
Running from: C:\Documents and Settings\S\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\#SharedObjects\C77XFUJU\bin.clearspring.com
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\#SharedObjects\C77XFUJU\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BMd35f39a2.txt
C:\WINDOWS\BMd35f39a2.xml
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\edjbbhdo.ini
C:\WINDOWS\system32\msxvoktw.ini
C:\WINDOWS\system32\NXIOqqru.ini
C:\WINDOWS\system32\NXIOqqru.ini2
C:\WINDOWS\system32\odhbbjde.dll
C:\WINDOWS\system32\wtkovxsm.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 19:58 . 2008-08-25 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-24 17:53 . 2008-08-24 17:53 126,976 --a------ C:\WINDOWS\winxml2a.dll
2008-08-10 18:28 . 2008-08-10 18:28 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-10 18:27 . 2008-08-10 18:27 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-05 19:28 . 2008-08-05 19:28 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2008-08-05 18:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 16:42 --------- d-----w C:\Program Files\SysMetrix
2008-08-26 16:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 17:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-29 16:12 --------- d-----w C:\Program Files\RocketDock
2008-07-27 09:29 --------- d-----w C:\Program Files\MediaMonkey
2008-07-25 18:23 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 18:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-23 18:46 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-23 16:10 --------- d-----w C:\Program Files\Common Files\Acronis
2008-07-17 05:20 --------- d-----w C:\Program Files\ATI Technologies
2008-07-16 18:17 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-14 07:23 --------- d-----w C:\Program Files\Ashampoo
2008-07-14 07:19 --------- d-----w C:\Program Files\GetRight
2008-07-14 07:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-14 07:15 --------- d-----w C:\Program Files\ESET
2008-07-14 07:06 --------- d-----w C:\Program Files\Canon
2008-07-14 07:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-30 20:30 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-09-20 18:05 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\system32\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\VistaMizer\old\wininet.dll

2002-09-20 18:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 16:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2002-09-20 18:17 1920512 e2a57a7b4182490dfe1ebade818146a2 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-17 16:45 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2002-09-20 17:12 1891840 bb405b214b5b49ab3f00196c10885611 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-17 16:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\VistaMizer\old\explorer.exe

2002-09-20 18:05 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 16:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe

2002-09-20 18:05 140288 fa4b5c09c730f2fee754e69264ea198d C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\system32\wuauclt.exe
2004-08-17 16:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E969B8B-8E8B-3A8D-B060-8B40F72CB668}]
2008-08-24 17:53 126976 --a------ C:\WINDOWS\winxml2a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-10 18:02 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 10:32 921600]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 14:43 1188152]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-09-10 14:46 1962216]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 12:59 148760]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 22:09 2637824]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp [2006-12-21 03:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-23 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
- - - - ORPHANS REMOVED - - - -

Notify-pmnKBRjk - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\S\Data aplikací\Mozilla\Firefox\Profiles\uthi8gj4.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 18:42:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\S\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-08-26 18:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 16:43:50

Pre-Run: Volných bajtů: 34,691,174,400
Post-Run: Volněch bajt…: 34,639,527,936

211

Všechno to ještě nebylo, něco tam zůstalo.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud jsi měl k tomuto Pc připojenou flešku/USB klíčenku/Mp3 přehrávač, tak ji připoj k Pc a proveď postup s Flash Disinfectorem.

Stáhni tento program: Flash Disinfector (by sUBs)
- Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
- po té můžeš výměnné zařízení odpojit.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tak jsem to snad udělal správně

ComboFix 08-08-25.01 - S 2008-08-26 20:26:57.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1520 [GMT 2:00]
Running from: C:\Documents and Settings\S\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\S\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winxml2a.dll
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 19:58 . 2008-08-25 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-10 18:28 . 2008-08-10 18:28 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-10 18:27 . 2008-08-10 18:27 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-05 19:28 . 2008-08-05 19:28 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2008-08-05 18:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:30 --------- d-----w C:\Program Files\SysMetrix
2008-08-26 16:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 17:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-29 16:12 --------- d-----w C:\Program Files\RocketDock
2008-07-27 09:29 --------- d-----w C:\Program Files\MediaMonkey
2008-07-25 18:23 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 18:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-23 18:46 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-23 16:10 --------- d-----w C:\Program Files\Common Files\Acronis
2008-07-17 05:20 --------- d-----w C:\Program Files\ATI Technologies
2008-07-16 18:17 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-14 07:23 --------- d-----w C:\Program Files\Ashampoo
2008-07-14 07:19 --------- d-----w C:\Program Files\GetRight
2008-07-14 07:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-14 07:15 --------- d-----w C:\Program Files\ESET
2008-07-14 07:06 --------- d-----w C:\Program Files\Canon
2008-07-14 07:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-30 20:30 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-09-20 18:05 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\system32\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\VistaMizer\old\wininet.dll

2002-09-20 18:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 16:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2002-09-20 18:17 1920512 e2a57a7b4182490dfe1ebade818146a2 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-17 16:45 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2002-09-20 17:12 1891840 bb405b214b5b49ab3f00196c10885611 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-17 16:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\VistaMizer\old\explorer.exe

2002-09-20 18:05 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 16:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe

2002-09-20 18:05 140288 fa4b5c09c730f2fee754e69264ea198d C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\system32\wuauclt.exe
2004-08-17 16:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_18.43.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 18:30:15 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_96c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-10 18:02 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 10:32 921600]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 14:43 1188152]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-09-10 14:46 1962216]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 12:59 148760]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 22:09 2637824]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp [2006-12-21 03:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-23 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 20:30:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\S\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-08-26 20:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 18:31:14
ComboFix2.txt 2008-08-26 16:43:54

Pre-Run: Volných bajtů: 34,621,423,616
Post-Run: Volněch bajt…: 34,608,091,136

193


A ještě log z HJT

Logfile of HijackThis v1.99.1
Scan saved at 20:35:21, on 26.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\S\LOCALS~1\Temp\Rar$EX00.796\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Můžeš vypnout spouštění SUPERAntiSpyware při startu:
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít

Používáš starší verzi HijackThis, pokud by sis někdy příště dával zkontrolovat log, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž.

Pokud nemáš žádné další problémy, tak by to bylo vše. Pokud jo tak dej vědět.

Vypadá to že už je to dobrý,VŘELÉ DÍKY fredikovi Jen jedna otázka,proč mám vypnout spouštění SuperAntiSpyware při startu.Mám verzi s rezidentní ochranou a chci ji mít funkční proti těm neřádům.

Podobně se spouští i free verze, což není potřeba. Pokud máš Profesional verzi jak říkáš tak si nech jeho spouštění zapnuté.