PROSÍM POMOC - Suspenzor PC

[Leuša]

Ahoj všichni, moc vás prosím o pomoc nějak se mi do pc dostal prográmek Suspenzor PC, když jsem na něj klikla, tak hned avast řval, že je to zavirovaný, tak jsem to hned šoupla do truhly a pak pryč, ale stačil se mi potvora už uhnízdit. Zjistila jsem že se implantoval do Spyware Terminator, kterého jsem kvůli tomu odinstalovala, ale zůstali mi tam 3 soubory, který za žádnou cenu nejdou smazat. Dokud to nebude pryč, tak si Terminátora instalovat nechci, akorát mi v tom dělá bordel. Zkoušela jsem už snad vše a nic.
Nepomohl ani ComboFix a Ewido Micro. Ani nevím co vše jsem ještě zkoušela - jsem co se týče compu dost laik. Prosím poraďte mi co s tím. Předem děkuji.
Pro jistotu posílám log na kontrolu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:52, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NI.UGDCCZ_0001_N122M1712] "C:\documents and settings\roman\data aplikací\installer_cz[1].exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8002 bytes

[Reklama]

[Baron Prášil]

suspenzorpc.com Nevíte někdo, co to vlastně je??

Jedná se o podvodný bezpečnostní produkt. Je to jeden ze stovek klonů/variant AVSystemcare...
(např. takové známější jsou Pcprivacytool, Winpcdoctor atd.)

ale v logu vidět není,kromě toho,že tam straší ten SpyTerminator.
na jejich stránkách by měl bejt soft na úplnou odinstalaci.
odinstaluj i CrawlerToolbar

//a málem bych zapoměl,já hlava děravá Vítám na fóru PC-HELP !

[Bretal]

Mám taky problém s PC suspenzorem - Dostal se mi do úplně nového kompu a pěkně mně se... štve. Poradíte někdo jak to odstranit?
Díky moc

[VěraŠ]

Postihlo mne to taky, nedal se uložit do truhly a tak jsem použila obnovení systému a je pryč. Ale je tu víc povolanějších.
Je to už několik dnů a je od něj pokoj, antivir už nic nenašel.

[Bretal]

A jaks e dělá ta obnova systému?

Já o tom vůbec nic nevím.

Mám několik antiviráků a i firewaly, ale je docela možné že jsou špatně nastavené.

Díky za odpověď

[Baron Prášil]

takže,vítám Bretala na fóru a poprosím ho aby si založil vlastní téma a do něho vložil log z
hijackthis a log z Combofixu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Leušo:ty pošli log z combofixu také

budeme zde pokračovat,doufám, již bez přerušování

[Leuša]

Ahoj, omlouvám se za opožděnou reakci a děkuji za přivítání.
Asi jsem trošku natvrdlá, protože jsem na stránkách Spyware Terminator žádný soft na úplnou odinstalaci nenašla. Taky to s anglinou zrovna nemám a o to hůř se mi pak hledá.
To druhé je odinstalované jen mi tam ten Spyware Term. stále straší.

Tady posílám log z ComboFixu:

ComboFix 08-01-31.5 - roman 2008-01-31 16:41:02.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.583 [GMT 1:00]
Running from: C:\Documents and Settings\roman\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 10:25 . 2008-01-30 10:25 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-29 23:09 . 2008-01-29 23:09 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-28 20:54 . 2008-01-29 17:00 0 --a------ C:\23990098.$$$
2008-01-28 15:29 . 2008-01-28 15:38 <DIR> d-------- C:\Program Files\avenger
2008-01-28 14:36 . 2008-01-29 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-01-28 13:46 . 2008-01-28 13:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 11:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 11:14 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 11:14 . 2008-01-28 11:14 3,076 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-28 11:01 . 2008-01-29 16:56 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-27 20:02 . 2008-01-27 20:02 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-27 09:38 . 2008-01-29 23:18 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-27 09:34 . 2008-01-27 09:34 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-27 09:33 . 2008-01-29 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-01-27 01:55 . 2008-01-27 13:55 132 --a------ C:\WINDOWS\wininit.ini
2008-01-27 01:16 . 2008-01-27 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-01-27 01:15 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-01-27 01:09 . 2008-01-28 10:14 253,448 --a------ C:\Documents and Settings\roman\Data aplikací\installer_cz[1].exe
2008-01-26 16:14 . 2008-01-26 16:14 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 14:55 . 2008-01-26 11:22 81,920 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-26 14:51 . 2008-01-26 14:51 <DIR> d-------- C:\Program Files\SlySoft.AnyDVD.v6.3.0.3.Multilanguage.WinALL.Regged-VDOWN
2008-01-25 21:07 . 2008-01-25 21:12 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Nokia Multimedia Player
2008-01-25 21:01 . 2008-01-25 21:01 <DIR> d-------- C:\Documents and Settings\roman\Phone Browser
2008-01-25 21:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-25 20:59 . 2008-01-25 20:59 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\AdobeAUM
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Nokia
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\PC Suite
2008-01-25 20:44 . 2008-01-25 20:51 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Nokia
2008-01-25 20:44 . 2008-01-25 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-01-25 20:44 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-25 20:44 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-25 20:44 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-25 20:44 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-25 20:42 . 2008-01-25 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Installations
2008-01-24 15:08 . 2008-01-24 15:09 <DIR> d-------- C:\Program Files\Google
2008-01-22 15:41 . 2008-01-22 16:54 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2008-01-22 15:41 . 2008-01-26 14:29 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Vso
2008-01-22 15:41 . 2008-01-22 15:41 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-22 15:41 . 2008-01-22 15:41 47,360 --a------ C:\Documents and Settings\roman\Data aplikací\pcouffin.sys
2008-01-18 13:47 . 2008-01-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-01-10 18:41 . 2008-01-10 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2008-01-10 18:18 . 2008-01-10 18:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-01-10 18:17 . 2008-01-10 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SlySoft
2008-01-10 18:16 . 2008-01-26 15:57 <DIR> d-------- C:\Program Files\SlySoft
2008-01-10 18:16 . 2008-01-26 16:00 48 ---hs---- C:\WINDOWS\S9236D345.tmp
2008-01-10 13:48 . 2008-01-22 18:58 <DIR> d-------- C:\Program Files\CyberLink
2008-01-10 09:59 . 2008-01-10 10:03 <DIR> d-------- C:\Program Files\Winamp
2008-01-10 09:59 . 2008-01-10 10:05 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Winamp
2008-01-09 10:25 . 2008-01-25 16:15 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\ICQ Toolbar
2008-01-09 10:23 . 2008-01-28 19:53 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-09 10:23 . 2008-01-09 16:21 <DIR> d-------- C:\Program Files\ICQ6
2008-01-09 10:23 . 2008-01-09 16:22 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\ICQ
2008-01-09 10:20 . 2008-01-31 16:04 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\skypePM
2008-01-09 10:20 . 2008-01-09 10:20 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Program Files\Skype
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-09 10:18 . 2008-01-31 16:39 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Skype
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-01-08 17:07 . 2008-01-08 17:07 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-01-08 17:07 . 2008-01-10 14:32 <DIR> d-------- C:\Program Files\AVSMedia
2008-01-08 16:44 . 2008-01-08 23:37 <DIR> d-------- C:\WINDOWS\system32\languages
2008-01-08 16:38 . 2008-01-10 13:27 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Real
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-08 14:52 . 2008-01-10 13:39 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-08 14:52 . 2008-01-10 13:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-08 09:48 . 2008-01-08 09:48 <DIR> d-------- C:\Documents and Settings\roman\UserData
2008-01-08 06:23 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-07 21:51 . 2008-01-09 17:17 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-01-07 19:28 . 2008-01-07 19:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-07 19:28 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-07 19:28 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-07 19:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-07 19:28 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-07 19:28 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-07 19:28 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-07 19:28 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-07 19:28 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-07 19:28 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-07 19:16 . 2008-01-29 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-07 16:01 . 2006-10-18 01:31 363,008 -ra------ C:\WINDOWS\system32\idecoiins.dll
2008-01-07 16:01 . 2006-10-18 01:31 363,008 -ra------ C:\WINDOWS\system32\idecoi.dll
2008-01-07 16:01 . 2006-10-05 01:35 356,352 --------- C:\WINDOWS\system32\nvuide.exe
2008-01-07 16:01 . 2006-10-18 01:31 105,472 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2008-01-07 16:01 . 2006-10-05 01:35 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2008-01-07 16:01 . 2006-09-11 00:14 1,570 --------- C:\WINDOWS\system32\nvide.nvu
2008-01-07 16:00 . 2008-01-07 16:00 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\InstallShield
2008-01-07 15:59 . 2008-01-25 20:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-07 15:59 . 2008-01-07 15:59 <DIR> d-------- C:\Program Files\DIFX
2008-01-07 15:59 . 2006-07-01 22:42 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-07 15:58 . 2008-01-07 18:22 14,731 --a------ C:\WINDOWS\Ascd_log.ini
2008-01-07 14:31 . 2005-11-01 04:34 78,720 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-01-07 11:48 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-06 21:55 . 2008-01-06 21:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 21:55 . 2008-01-06 21:55 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 12:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 19:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-07 15:14 --------- d-----w C:\Documents and Settings\roman\Data aplikací\MSN6
2008-01-06 17:29 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MSN6
2008-01-06 17:16 --------- d-----w C:\Documents and Settings\roman\Data aplikací\Ahead
2008-01-06 17:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-06 17:15 --------- d-----w C:\Program Files\Ahead
2008-01-06 17:13 104 ----a-w C:\Program Files\Internet.lnk
2008-01-06 17:04 --------- d-----w C:\Program Files\Realtek
2008-01-06 16:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-06 16:47 --------- d-----w C:\Program Files\My Company Name
2008-01-06 16:45 --------- d-----w C:\Program Files\ASUS
2008-01-06 16:41 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-06 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 15:58 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 16:44 81920]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-08 16:37 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NI.UGDCCZ_0001_N122M1712"="C:\documents and settings\roman\data aplikací\installer_cz[1].exe" [2008-01-28 10:14 253448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-27 09:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 16:44:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 16:45:44
.
2008-01-11 12:20:11 --- E O F ---

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\fvqkfsp.exe

Folder::
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+info o chování kompu

[Leuša]

log z ComboFix:

ComboFix 08-02.01.1 - roman 2008-01-31 21:39:15.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.574 [GMT 1:00]
Running from: C:\Documents and Settings\roman\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\roman\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\fvqkfsp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\Abbr
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\ProdCode
C:\WINDOWS\fvqkfsp.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02.01 )))))))))))))))))))))))))))))))
.

2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-31 17:53 . 2008-01-31 17:53 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-31 17:52 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-01-31 17:52 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-30 10:25 . 2008-01-30 10:25 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-29 23:09 . 2008-01-29 23:09 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-28 20:54 . 2008-01-29 17:00 0 --a------ C:\23990098.$$$
2008-01-28 15:29 . 2008-01-28 15:38 <DIR> d-------- C:\Program Files\avenger
2008-01-28 14:36 . 2008-01-29 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-01-28 13:46 . 2008-01-28 13:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 11:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 11:14 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 11:14 . 2008-01-28 11:14 3,076 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-28 11:01 . 2008-01-31 17:52 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-27 20:02 . 2008-01-27 20:02 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-27 09:38 . 2008-01-29 23:18 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-27 09:34 . 2008-01-27 09:34 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-27 09:33 . 2008-01-29 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-01-27 01:55 . 2008-01-27 13:55 132 --a------ C:\WINDOWS\wininit.ini
2008-01-27 01:15 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-01-27 01:09 . 2008-01-28 10:14 253,448 --a------ C:\Documents and Settings\roman\Data aplikací\installer_cz[1].exe
2008-01-26 16:14 . 2008-01-26 16:14 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 14:51 . 2008-01-26 14:51 <DIR> d-------- C:\Program Files\SlySoft.AnyDVD.v6.3.0.3.Multilanguage.WinALL.Regged-VDOWN
2008-01-25 21:07 . 2008-01-25 21:12 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Nokia Multimedia Player
2008-01-25 21:01 . 2008-01-25 21:01 <DIR> d-------- C:\Documents and Settings\roman\Phone Browser
2008-01-25 21:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-25 20:59 . 2008-01-25 20:59 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\AdobeAUM
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Nokia
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-25 20:44 . 2008-01-25 20:44 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\PC Suite
2008-01-25 20:44 . 2008-01-25 20:51 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Nokia
2008-01-25 20:44 . 2008-01-25 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-01-25 20:44 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-25 20:44 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-25 20:44 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-25 20:44 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-25 20:42 . 2008-01-25 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Installations
2008-01-24 15:08 . 2008-01-24 15:09 <DIR> d-------- C:\Program Files\Google
2008-01-22 15:41 . 2008-01-22 16:54 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2008-01-22 15:41 . 2008-01-26 14:29 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Vso
2008-01-22 15:41 . 2008-01-22 15:41 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-22 15:41 . 2008-01-22 15:41 47,360 --a------ C:\Documents and Settings\roman\Data aplikací\pcouffin.sys
2008-01-18 13:47 . 2008-01-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-01-10 18:41 . 2008-01-10 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2008-01-10 18:18 . 2008-01-10 18:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-01-10 18:17 . 2008-01-10 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SlySoft
2008-01-10 18:16 . 2008-01-26 15:57 <DIR> d-------- C:\Program Files\SlySoft
2008-01-10 18:16 . 2008-01-26 16:00 48 ---hs---- C:\WINDOWS\S9236D345.tmp
2008-01-10 13:48 . 2008-01-22 18:58 <DIR> d-------- C:\Program Files\CyberLink
2008-01-10 09:59 . 2008-01-10 10:03 <DIR> d-------- C:\Program Files\Winamp
2008-01-10 09:59 . 2008-01-10 10:05 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Winamp
2008-01-09 10:25 . 2008-01-25 16:15 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\ICQ Toolbar
2008-01-09 10:23 . 2008-01-28 19:53 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-09 10:23 . 2008-01-09 16:21 <DIR> d-------- C:\Program Files\ICQ6
2008-01-09 10:23 . 2008-01-09 16:22 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\ICQ
2008-01-09 10:20 . 2008-02-01 21:40 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\skypePM
2008-01-09 10:20 . 2008-01-09 10:20 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Program Files\Skype
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-09 10:18 . 2008-02-01 21:42 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\Skype
2008-01-09 10:18 . 2008-01-09 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-01-08 17:07 . 2008-01-08 17:07 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-01-08 17:07 . 2008-01-10 14:32 <DIR> d-------- C:\Program Files\AVSMedia
2008-01-08 16:44 . 2008-01-08 23:37 <DIR> d-------- C:\WINDOWS\system32\languages
2008-01-08 16:38 . 2008-01-10 13:27 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Real
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-08 16:37 . 2008-01-08 16:37 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-08 14:52 . 2008-01-10 13:39 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-08 14:52 . 2008-01-10 13:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-08 09:48 . 2008-01-08 09:48 <DIR> d-------- C:\Documents and Settings\roman\UserData
2008-01-08 06:23 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-07 21:51 . 2008-01-09 17:17 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-01-07 19:28 . 2008-01-07 19:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-07 19:28 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-07 19:28 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-07 19:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-07 19:28 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-07 19:28 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-07 19:28 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-07 19:28 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-07 19:28 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-07 19:28 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-07 19:16 . 2008-01-29 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-07 16:01 . 2006-10-18 01:31 363,008 -ra------ C:\WINDOWS\system32\idecoiins.dll
2008-01-07 16:01 . 2006-10-18 01:31 363,008 -ra------ C:\WINDOWS\system32\idecoi.dll
2008-01-07 16:01 . 2006-10-05 01:35 356,352 --------- C:\WINDOWS\system32\nvuide.exe
2008-01-07 16:01 . 2006-10-18 01:31 105,472 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2008-01-07 16:01 . 2006-10-05 01:35 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2008-01-07 16:01 . 2006-09-11 00:14 1,570 --------- C:\WINDOWS\system32\nvide.nvu
2008-01-07 16:00 . 2008-01-07 16:00 <DIR> d-------- C:\Documents and Settings\roman\Data aplikací\InstallShield
2008-01-07 15:59 . 2008-01-25 20:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-07 15:59 . 2008-01-07 15:59 <DIR> d-------- C:\Program Files\DIFX
2008-01-07 15:59 . 2006-07-01 22:42 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 12:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 19:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-07 15:14 --------- d-----w C:\Documents and Settings\roman\Data aplikací\MSN6
2008-01-06 17:29 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MSN6
2008-01-06 17:16 --------- d-----w C:\Documents and Settings\roman\Data aplikací\Ahead
2008-01-06 17:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-06 17:15 --------- d-----w C:\Program Files\Ahead
2008-01-06 17:13 104 ----a-w C:\Program Files\Internet.lnk
2008-01-06 17:04 --------- d-----w C:\Program Files\Realtek
2008-01-06 16:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-06 16:47 --------- d-----w C:\Program Files\My Company Name
2008-01-06 16:45 --------- d-----w C:\Program Files\ASUS
2008-01-06 16:41 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-06 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 15:58 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 16:44 81920]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-08 16:37 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NI.UGDCCZ_0001_N122M1712"="C:\documents and settings\roman\data aplikací\installer_cz[1].exe" [2008-01-28 10:14 253448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-27 09:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 21:42:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 21:44:05
ComboFix-quarantined-files.txt 2008-02-01 20:43:59
.
2008-01-11 12:20:11 --- E O F ---


Log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:33, on 1.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NI.UGDCCZ_0001_N122M1712] "C:\documents and settings\roman\data aplikací\installer_cz[1].exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7794 bytes

[Baron Prášil]

- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+info o chování kompu

a proto,že logy se mi zdaj v pohodě,tak ta poslední informace je podstatná

[Leuša]

Přiznám se že chová divně, je nějak pomalej, při restartu se ani restartovat nechtěl a při zapnutí tam opět naskočil rámeček s instalací Suspenzora PC.
Asi mě z něj hrábne

Moc děkuju za ochotu

[Baron Prášil]

divné

vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit

vyčisti systém CCleanerem a RegCleanerem

použij také toto T-Cleaner - stahni spust

potom restartuj a udělej znova log z combofixu.budeš ho muset znova stahnout

a projeď a log pošli i z programu SDFix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by se ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt