Pomoc - System Integrity Scan Wizard a Security System

happy-smile · Příspěvekod **happy-smile** » 22 dub 2008 19:55

Dobrý den, potřebovala bych poradit. Stále mi vyskakují okna System Integrity Scan Wizard a Security Sytem (Protection Control Panel), které mě nabádají, abych si stáhla nějaký "anti-spyware" program. A přestalo mi fungovat CTRL + ALT + DEL - po máčknutí mi to napíše "Správce tohoto systému zakázal Správce úloh".

Přidávám log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:32, on 22.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\system32\enivrfzh.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2865AEA6-4777-80A1-A2DB-0A31C4E947B7} - C:\WINDOWS\system32\najnudpa.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [enivrfzh] C:\WINDOWS\system32\enivrfzh.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [sotzvxRFWT] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 7083 bytes

Díky předem za radu

Reklama

happy-smile · Příspěvekod **happy-smile** » 22 dub 2008 20:39

Tak správce úloh už jde, spravila jsem si to podle návodu, co sem tu našla.
Ještě se zbavit virů a bude to OK.

CrasherKill · Příspěvekod **CrasherKill** » 22 dub 2008 20:41

S logem ti sice nepomůžu, ale jak si zprovoznila toho správce úloh?Párkrát jsem se s tím setkal tak by se to mohlo hodit

happy-smile · Příspěvekod **happy-smile** » 22 dub 2008 20:49

Návod je tady na tom odkazu :)

CrasherKill · Příspěvekod **CrasherKill** » 22 dub 2008 20:54

supr díky

Příspěvekod **fredik** » 22 dub 2008 20:57

Vítej na fóru

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

happy-smile · Příspěvekod **happy-smile** » 22 dub 2008 21:11

Tak tady to je:

ComboFix 08-04-20.5 - Věrka 2008-04-22 21:00:48.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.628 [GMT 2:00]
Running from: C:\Documents and Settings\Věrka\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 20:59 . 2008-04-22 20:59 <DIR> d-------- C:\327882R2FWJFW
2008-04-22 19:45 . 2008-04-22 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 19:15 . 2008-04-22 19:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-22 13:28 . 2008-04-22 13:28 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:27 . 2008-04-21 16:09 <DIR> d-------- C:\Program Files\HiDownload
2008-04-21 15:27 . 2003-07-17 15:53 468,480 --a------ C:\WINDOWS\system32\NMDll.dll
2008-04-21 15:27 . 2003-03-27 06:37 208,896 --a------ C:\WINDOWS\system32\HDBHO.dll
2008-04-21 15:27 . 2003-07-27 13:35 20,480 --a------ C:\WINDOWS\yhl.dll
2008-04-21 15:27 . 2003-06-09 00:20 7,168 --a------ C:\WINDOWS\lq.dll
2008-04-21 14:15 . 2008-04-21 14:15 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-04-21 14:05 . 2008-04-21 21:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 14:05 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-21 13:29 . 2008-04-21 13:29 126,976 --a------ C:\Documents and Settings\All Users\Data aplikací\tgnexqdg.dll
2008-04-20 22:06 . 2008-04-20 22:06 29,184 --a------ C:\WINDOWS\system32\winkve32.dll.ren
2008-04-20 22:06 . 2008-04-20 22:06 29,184 --a------ C:\WINDOWS\system32\winbug32.dll
2008-04-15 23:46 . 2008-04-22 00:34 <DIR> d-------- C:\Serialy
2008-04-14 21:40 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 21:36 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-14 21:26 . 2008-04-14 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-14 21:26 . 2008-04-14 21:27 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-14 21:26 . 2008-04-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-14 21:25 . 2008-04-14 21:25 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\MSBuild
2008-04-14 21:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-14 21:19 . 2008-04-14 21:19 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-01 13:53 . 2008-04-01 13:53 <DIR> d-------- C:\Program Files\QIP
2008-03-31 15:56 . 2008-04-19 21:28 <DIR> d-------- C:\Filmy
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-22 21:05 . 2008-04-15 19:15 860 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-22 21:05 . 2008-03-22 21:05 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-03-22 19:20 . 2008-03-22 19:20 <DIR> d-------- C:\Program Files\Ghostgum
2008-03-22 19:16 . 2008-03-22 19:16 <DIR> d-------- C:\Program Files\texmf-local
2008-03-22 19:15 . 2008-03-22 19:15 <DIR> d-------- C:\gs
2008-03-22 19:11 . 2008-03-22 19:16 <DIR> d-------- C:\Program Files\TeXLive2007
2008-03-22 19:02 . 2008-03-22 19:02 <DIR> d-------- C:\Program Files\Maple 7
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:41 . 2008-04-18 15:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 18:41 . 2008-03-22 18:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 18:27 . 2008-03-22 18:27 157 --a------ C:\WINDOWS\matlab.ini
2008-03-22 18:23 . 2002-02-14 11:26 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-03-22 18:23 . 2002-02-13 11:20 2,362 --a------ C:\WINDOWS\system32\mscomct2.dep
2008-03-22 18:21 . 1998-09-18 18:04 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-03-22 18:13 . 2008-03-22 18:26 <DIR> d-------- C:\MATLAB7
2008-03-22 15:55 . 2008-04-06 13:28 471 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-22 15:31 . 2008-03-22 15:31 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-22 15:31 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-22 15:31 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-03-22 14:35 . 2008-04-06 16:59 <DIR> d-------- C:\Program Files\Atheros
2008-03-22 14:34 . 2008-04-14 21:40 <DIR> d-------- C:\temp
2008-03-22 03:27 . 2008-03-22 03:27 24 --a------ C:\WINDOWS\ATKPF.ini
2008-03-22 03:22 . 2004-08-17 16:49 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-22 02:16 . 2008-03-22 02:16 <DIR> d-------- C:\Program Files\vso
2008-03-22 02:16 . 2008-03-22 02:16 39,488 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2008-03-22 02:14 . 2008-03-22 02:15 <DIR> d-------- C:\Program Files\QuickTime
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-22 02:12 . 2008-03-22 02:12 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-22 02:12 . 2008-03-22 02:12 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-22 02:12 . 2008-03-22 02:12 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-22 02:12 . 2008-03-22 02:12 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-22 02:12 . 2008-03-22 02:12 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-22 02:12 . 2008-03-22 02:12 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-22 02:12 . 2008-03-22 02:12 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-22 02:12 . 2008-04-21 20:20 0 --a------ C:\WINDOWS\XXLGSC
2008-03-22 02:11 . 2008-03-22 02:11 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-22 02:11 . 2008-03-22 02:11 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-22 02:10 . 2008-03-23 00:09 <DIR> d-------- C:\TRANSLAT
2008-03-22 02:10 . 2008-04-21 20:20 4,892 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-22 02:10 . 2008-04-22 18:29 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-22 02:10 . 2008-03-22 02:12 1,849 --a------ C:\WINDOWS\WDICT32.INI
2008-03-22 02:10 . 2008-04-22 18:28 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-22 02:06 . 2008-03-22 02:12 <DIR> d-------- C:\totalcmd
2008-03-22 02:06 . 2008-04-22 17:51 2,113 --a------ C:\WINDOWS\wincmd.ini
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\UC.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-22 02:05 . 2008-03-22 02:05 <DIR> d-------- C:\Program Files\Restoration
2008-03-22 02:03 . 2008-03-22 02:03 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-22 02:03 . 2008-03-22 02:02 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-22 02:02 . 2008-03-22 02:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-22 02:00 . 2008-03-22 02:00 <DIR> d-------- C:\Program Files\XnView
2008-03-22 01:46 . 2008-03-22 01:46 <DIR> d-------- C:\Program Files\mpegable
2008-03-22 01:46 . 2008-03-22 01:46 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-03-22 01:44 . 2008-03-22 01:45 <DIR> d-------- C:\Program Files\IrfanView
2008-03-22 01:22 . 2008-03-30 00:59 <DIR> d-------- C:\Program Files\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:20 . 2008-03-22 01:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-22 01:20 . 2008-03-22 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-03-22 01:07 . 2008-03-22 01:07 <DIR> d-------- C:\Program Files\CyberLink
2008-03-22 01:04 . 2008-03-22 01:04 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-22 01:03 . 2008-04-14 21:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-22 01:03 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-22 01:02 . 2008-03-22 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 15:11 --------- d-----w C:\Program Files\ASUS
2008-03-21 22:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 22:54 --------- d-----w C:\Program Files\Ahead
2008-03-21 22:51 --------- d-----w C:\Program Files\Realtek
2008-03-21 22:36 --------- d-----w C:\Program Files\Motorola
2008-03-21 22:29 --------- d-----w C:\Program Files\Toshiba
2008-03-21 22:26 --------- d-----w C:\Program Files\Synaptics
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:08 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 22:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 21:43 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2865AEA6-4777-80A1-A2DB-0A31C4E947B7}]
2008-04-21 13:29 126976 --a------ C:\WINDOWS\system32\najnudpa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 17:49 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-22 02:12 26624]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-01-16 15:11 843776]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 21:33 53248]
"enivrfzh"="C:\WINDOWS\system32\enivrfzh.exe" [2008-04-21 13:29 110592]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-21 14:05 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sotzvxRFWT"= C:\WINDOWS\system32\winver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]
winkve32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-21 14:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 18:44]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 12:41]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ccd25b-f790-11dc-a660-001bfcbf3d32}]
\Shell\AutoRun\command - G:\OnSpcLCK.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:03:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 21:05:43
ComboFix-quarantined-files.txt 2008-04-22 19:05:40

Adresářů: 13, Volných bajtů: 7,399,096,320
Adresářů: 16, Volných bajtů: 8,055,848,960

235

happy-smile · Příspěvekod **happy-smile** » 22 dub 2008 22:38

Při první kontrole ComboFixem jsem měla zapnutý rezidentní štít Spyware Terminátoru, takže sem ho teď vypla a posílám nový log:

ComboFix 08-04-20.5 - Věrka 2008-04-22 22:31:18.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.585 [GMT 2:00]
Running from: C:\Documents and Settings\Věrka\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\VŘrka\Plocha\DRIVERS\MultiFrame_XP_070410\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 19:45 . 2008-04-22 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 19:15 . 2008-04-22 19:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-22 13:28 . 2008-04-22 13:28 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:27 . 2008-04-21 16:09 <DIR> d-------- C:\Program Files\HiDownload
2008-04-21 15:27 . 2003-07-17 15:53 468,480 --a------ C:\WINDOWS\system32\NMDll.dll
2008-04-21 15:27 . 2003-03-27 06:37 208,896 --a------ C:\WINDOWS\system32\HDBHO.dll
2008-04-21 15:27 . 2003-07-27 13:35 20,480 --a------ C:\WINDOWS\yhl.dll
2008-04-21 15:27 . 2003-06-09 00:20 7,168 --a------ C:\WINDOWS\lq.dll
2008-04-21 14:15 . 2008-04-21 14:15 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-04-21 14:05 . 2008-04-21 21:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 14:05 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-21 13:29 . 2008-04-21 13:29 126,976 --a------ C:\Documents and Settings\All Users\Data aplikací\tgnexqdg.dll
2008-04-20 22:06 . 2008-04-20 22:06 29,184 --a------ C:\WINDOWS\system32\winkve32.dll.ren
2008-04-20 22:06 . 2008-04-20 22:06 29,184 --a------ C:\WINDOWS\system32\winbug32.dll
2008-04-15 23:46 . 2008-04-22 00:34 <DIR> d-------- C:\Serialy
2008-04-14 21:40 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 21:36 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-14 21:26 . 2008-04-14 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-14 21:26 . 2008-04-14 21:27 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-14 21:26 . 2008-04-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-14 21:25 . 2008-04-14 21:25 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\MSBuild
2008-04-14 21:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-14 21:19 . 2008-04-14 21:19 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-01 13:53 . 2008-04-01 13:53 <DIR> d-------- C:\Program Files\QIP
2008-03-31 15:56 . 2008-04-19 21:28 <DIR> d-------- C:\Filmy
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-22 21:05 . 2008-04-15 19:15 860 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-22 21:05 . 2008-03-22 21:05 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-03-22 19:20 . 2008-03-22 19:20 <DIR> d-------- C:\Program Files\Ghostgum
2008-03-22 19:16 . 2008-03-22 19:16 <DIR> d-------- C:\Program Files\texmf-local
2008-03-22 19:15 . 2008-03-22 19:15 <DIR> d-------- C:\gs
2008-03-22 19:11 . 2008-03-22 19:16 <DIR> d-------- C:\Program Files\TeXLive2007
2008-03-22 19:02 . 2008-03-22 19:02 <DIR> d-------- C:\Program Files\Maple 7
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:42 . 2008-03-22 18:42 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 18:41 . 2008-04-18 15:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 18:41 . 2008-03-22 18:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 18:27 . 2008-03-22 18:27 157 --a------ C:\WINDOWS\matlab.ini
2008-03-22 18:23 . 2002-02-14 11:26 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-03-22 18:23 . 2002-02-13 11:20 2,362 --a------ C:\WINDOWS\system32\mscomct2.dep
2008-03-22 18:21 . 1998-09-18 18:04 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-03-22 18:13 . 2008-03-22 18:26 <DIR> d-------- C:\MATLAB7
2008-03-22 15:55 . 2008-04-06 13:28 471 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-22 15:31 . 2008-03-22 15:31 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-22 15:31 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-22 15:31 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-03-22 14:35 . 2008-04-06 16:59 <DIR> d-------- C:\Program Files\Atheros
2008-03-22 14:34 . 2008-04-14 21:40 <DIR> d-------- C:\temp
2008-03-22 03:27 . 2008-03-22 03:27 24 --a------ C:\WINDOWS\ATKPF.ini
2008-03-22 03:22 . 2004-08-17 16:49 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-22 02:16 . 2008-03-22 02:16 <DIR> d-------- C:\Program Files\vso
2008-03-22 02:16 . 2008-03-22 02:16 39,488 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2008-03-22 02:14 . 2008-03-22 02:15 <DIR> d-------- C:\Program Files\QuickTime
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-22 02:14 . 2008-03-22 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-22 02:12 . 2008-03-22 02:12 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-22 02:12 . 2008-03-22 02:12 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-22 02:12 . 2008-03-22 02:12 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-22 02:12 . 2008-03-22 02:12 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-22 02:12 . 2008-03-22 02:12 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-22 02:12 . 2008-03-22 02:12 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-22 02:12 . 2008-03-22 02:12 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-22 02:12 . 2008-04-21 20:20 0 --a------ C:\WINDOWS\XXLGSC
2008-03-22 02:11 . 2008-03-22 02:11 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-22 02:11 . 2008-03-22 02:11 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-22 02:10 . 2008-03-23 00:09 <DIR> d-------- C:\TRANSLAT
2008-03-22 02:10 . 2008-04-21 20:20 4,892 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-22 02:10 . 2008-04-22 18:29 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-22 02:10 . 2008-03-22 02:12 1,849 --a------ C:\WINDOWS\WDICT32.INI
2008-03-22 02:10 . 2008-04-22 18:28 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-22 02:06 . 2008-03-22 02:12 <DIR> d-------- C:\totalcmd
2008-03-22 02:06 . 2008-04-22 17:51 2,113 --a------ C:\WINDOWS\wincmd.ini
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\UC.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-22 02:06 . 2007-09-05 08:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-22 02:05 . 2008-03-22 02:05 <DIR> d-------- C:\Program Files\Restoration
2008-03-22 02:03 . 2008-03-22 02:03 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-22 02:03 . 2008-03-22 02:02 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-22 02:02 . 2008-03-22 02:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-22 02:00 . 2008-03-22 02:00 <DIR> d-------- C:\Program Files\XnView
2008-03-22 01:46 . 2008-03-22 01:46 <DIR> d-------- C:\Program Files\mpegable
2008-03-22 01:46 . 2008-03-22 01:46 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-03-22 01:44 . 2008-03-22 01:45 <DIR> d-------- C:\Program Files\IrfanView
2008-03-22 01:22 . 2008-03-30 00:59 <DIR> d-------- C:\Program Files\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-22 01:20 . 2008-03-22 01:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-22 01:20 . 2008-03-22 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-03-22 01:07 . 2008-03-22 01:07 <DIR> d-------- C:\Program Files\CyberLink
2008-03-22 01:04 . 2008-03-22 01:04 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-22 01:03 . 2008-04-14 21:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-22 01:03 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-22 01:02 . 2008-03-22 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 15:11 --------- d-----w C:\Program Files\ASUS
2008-03-21 22:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 22:54 --------- d-----w C:\Program Files\Ahead
2008-03-21 22:51 --------- d-----w C:\Program Files\Realtek
2008-03-21 22:36 --------- d-----w C:\Program Files\Motorola
2008-03-21 22:29 --------- d-----w C:\Program Files\Toshiba
2008-03-21 22:26 --------- d-----w C:\Program Files\Synaptics
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:08 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 22:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 21:43 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2865AEA6-4777-80A1-A2DB-0A31C4E947B7}]
2008-04-21 13:29 126976 --a------ C:\WINDOWS\system32\najnudpa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 17:49 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-22 02:12 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-01-16 15:11 843776]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 21:33 53248]
"enivrfzh"="C:\WINDOWS\system32\enivrfzh.exe" [2008-04-21 13:29 110592]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-21 14:05 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sotzvxRFWT"= C:\WINDOWS\system32\winver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]
winkve32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-21 14:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 18:44]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 12:41]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ccd25b-f790-11dc-a660-001bfcbf3d32}]
\Shell\AutoRun\command - G:\OnSpcLCK.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:32:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 22:32:40
ComboFix-quarantined-files.txt 2008-04-22 20:32:35
ComboFix2.txt 2008-04-22 20:23:41
ComboFix3.txt 2008-04-22 19:05:44

Adresářů: 12, Volných bajtů: 8,060,383,232
Adresářů: 14, Volných bajtů: 8,050,499,584

214

Příspěvekod **fredik** » 23 dub 2008 19:03

Pokud máš zapnutý rez. štít ve Spyware Terminátoru, tak ho vypni.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\Documents and Settings\All Users\Data aplikací\tgnexqdg.dll
C:\WINDOWS\system32\winkve32.dll.ren
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\najnudpa.dll
C:\WINDOWS\system32\enivrfzh.exe

DirLook::
C:\temp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"enivrfzh"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sotzvxRFWT"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

happy-smile · Příspěvekod **happy-smile** » 23 dub 2008 19:20

Tak tady je nový výpis:

ComboFix 08-04-20.5 - Věrka 2008-04-23 19:10:04.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.621 [GMT 2:00]
Running from: C:\Documents and Settings\Věrka\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Věrka\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Data aplikací\tgnexqdg.dll
C:\WINDOWS\system32\enivrfzh.exe
C:\WINDOWS\system32\najnudpa.dll
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\winkve32.dll.ren
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\tgnexqdg.dll
C:\WINDOWS\system32\enivrfzh.exe
C:\WINDOWS\system32\najnudpa.dll
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\winkve32.dll.ren

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 19:45 . 2008-04-22 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 19:15 . 2008-04-22 19:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-22 13:28 . 2008-04-22 13:28 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:27 . 2008-04-21 16:09 <DIR> d-------- C:\Program Files\HiDownload
2008-04-21 15:27 . 2003-07-17 15:53 468,480 --a------ C:\WINDOWS\system32\NMDll.dll
2008-04-21 15:27 . 2003-03-27 06:37 208,896 --a------ C:\WINDOWS\system32\HDBHO.dll
2008-04-21 15:27 . 2003-07-27 13:35 20,480 --a------ C:\WINDOWS\yhl.dll
2008-04-21 15:27 . 2003-06-09 00:20 7,168 --a------ C:\WINDOWS\lq.dll
2008-04-21 14:15 . 2008-04-21 14:15 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-04-21 14:05 . 2008-04-21 21:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-22 19:38 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-21 14:05 . 2008-04-21 14:05 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-15 23:46 . 2008-04-22 00:34 <DIR> d-------- C:\Serialy
2008-04-14 21:40 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 21:36 . 2008-04-14 21:40 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-14 21:26 . 2008-04-14 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-14 21:26 . 2008-04-14 21:27 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-14 21:26 . 2008-04-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-14 21:25 . 2008-04-14 21:25 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-14 21:24 . 2008-04-14 21:24 <DIR> d-------- C:\Program Files\MSBuild
2008-04-14 21:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-14 21:19 . 2008-04-14 21:19 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-04 12:20 . 2008-04-04 12:20 <DIR> dr------- C:\Documents and Settings\Věrka\Data aplikací\Brother
2008-04-01 13:53 . 2008-04-01 13:53 <DIR> d-------- C:\Program Files\QIP
2008-03-31 15:56 . 2008-04-23 08:30 <DIR> d-------- C:\Filmy
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\Talkback
2008-03-29 14:47 . 2008-03-29 14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-26 18:56 . 2008-03-26 18:56 <DIR> d---s---- C:\Documents and Settings\Věrka\UserData
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView
2008-03-24 15:35 . 2008-04-06 18:35 <DIR> d-------- C:\Documents and Settings\Věrka\Data aplikací\XnView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 19:37 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-06 14:59 --------- d-----w C:\Program Files\Atheros
2008-03-29 22:59 --------- d-----w C:\Program Files\ICQLite
2008-03-22 17:20 --------- d-----w C:\Program Files\Ghostgum
2008-03-22 17:16 --------- d-----w C:\Program Files\texmf-local
2008-03-22 17:16 --------- d-----w C:\Program Files\TeXLive2007
2008-03-22 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 17:02 --------- d-----w C:\Program Files\Maple 7
2008-03-22 16:42 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 16:42 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 16:42 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\Apple Computer
2008-03-22 15:11 --------- d-----w C:\Program Files\ASUS
2008-03-22 13:31 --------- d-----w C:\Program Files\Alwil Software
2008-03-22 00:16 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2008-03-22 00:16 --------- d-----w C:\Program Files\vso
2008-03-22 00:15 --------- d-----w C:\Program Files\QuickTime
2008-03-22 00:14 --------- d-----w C:\Program Files\Apple Software Update
2008-03-22 00:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-22 00:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-22 00:12 491,520 ----a-w C:\WINDOWS\WebIE.dll
2008-03-22 00:12 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-03-22 00:12 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2008-03-22 00:12 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2008-03-22 00:12 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-03-22 00:12 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-03-22 00:11 516,096 ----a-w C:\WINDOWS\UN32.EXE
2008-03-22 00:05 --------- d-----w C:\Program Files\Restoration
2008-03-22 00:03 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-22 00:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-22 00:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 00:00 --------- d-----w C:\Program Files\XnView
2008-03-21 23:46 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-03-21 23:46 --------- d-----w C:\Program Files\mpegable
2008-03-21 23:45 --------- d-----w C:\Program Files\IrfanView
2008-03-21 23:22 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-21 23:22 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-21 23:22 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\ICQLite
2008-03-21 23:20 --------- d-----w C:\Program Files\DVD Shrink
2008-03-21 23:20 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-03-21 23:07 --------- d-----w C:\Program Files\CyberLink
2008-03-21 22:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 22:54 --------- d-----w C:\Program Files\Ahead
2008-03-21 22:51 --------- d-----w C:\Program Files\Realtek
2008-03-21 22:36 --------- d-----w C:\Program Files\Motorola
2008-03-21 22:29 --------- d-----w C:\Program Files\Toshiba
2008-03-21 22:26 --------- d-----w C:\Program Files\Synaptics
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:21 --------- d-----w C:\Documents and Settings\Věrka\Data aplikací\InstallShield
2008-03-21 22:08 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 22:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 21:43 --------- d-----w C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\temp ----

2008-04-06 17:00 19277 --a------ C:\temp\atheros_installer.log
2008-04-06 16:59 538 --a------ C:\temp\helperLogs.txt

((((((((((((((((((((((((((((( snapshot@2008-04-22_21.05.34,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 17:29:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 17:05:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 17:05:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 17:49 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-22 02:12 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-01-16 15:11 843776]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 21:33 53248]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-21 14:05 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-21 14:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 18:44]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 12:41]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ccd25b-f790-11dc-a660-001bfcbf3d32}]
\Shell\AutoRun\command - G:\OnSpcLCK.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 19:11:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-23 19:15:00
ComboFix-quarantined-files.txt 2008-04-23 17:14:58
ComboFix2.txt 2008-04-22 20:32:41
ComboFix3.txt 2008-04-22 20:23:41
ComboFix4.txt 2008-04-22 19:05:44

Adresářů: 12, Volných bajtů: 7,356,043,264
Adresářů: 14, Volných bajtů: 7,423,062,016

191

Příspěvekod **fredik** » 23 dub 2008 20:20

Vlož sem ještě nový log z HJT. Máš ještě problémy?

happy-smile · Příspěvekod **happy-smile** » 23 dub 2008 20:42

V téhle chvíli to ještě nedokážu stoprocentně říct, protože ty okna nevyskakovaly v pravidelným intervalu, takže nevím. Ale každopádně od té doby, co jsem udělala, cos mi říkal, nic nevyskočilo, takže myslím, že by to už mohlo být v pořádku! :) Děkuju mnohokrát za pomoc a ochotu!

A tady je ještě log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:16, on 23.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 6847 bytes

Pomoc - System Integrity Scan Wizard a Security System Vyřešeno

Pomoc - System Integrity Scan Wizard a Security System Vyřešeno

Re: Pomoc - System Integrity Scan Wizard a nejde ctrl+alt+del

Re: Pomoc - System Integrity Scan Wizard a nejde ctrl+alt+del

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Re: Pomoc - System Integrity Scan Wizard a Security System

Kdo je online