VIRTUMONDE.dll-Prosím o kontrolu logu Vyřešeno

[stan.]

Na toto mě upozorňuje NOD32.Prosím o pomoc .Spybot-Search and Destroj to zatím nedokáže odstranit.

Logfile of HijackThis v1.99.1
Scan saved at 19:08:50, on 25.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\S\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [d06c0a3e] rundll32.exe "C:\WINDOWS\system32\wtkovxsm.dll",b
O4 - HKLM\..\Run: [BMd35f39a2] Rundll32.exe "C:\WINDOWS\system32\nraskwkw.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Reklama]

[fredik]

Před použitím ComboFix udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)

- zavři program
Restartuj PC.

#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[stan.]

Protože dlouho nikdo nereagoval, tak jsem se to pokusil odstranit sám pomocí SuperAntiSpyware,asi se podařilo,protože už to neotravuje,ale přesto jsem udělal ten ComboFix log.Prosím o zkouknutí zda je to v pořádku.

ComboFix 08-08-25.01 - S 2008-08-26 18:38:53.1 - NTFSx86
Running from: C:\Documents and Settings\S\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\#SharedObjects\C77XFUJU\bin.clearspring.com
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\#SharedObjects\C77XFUJU\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\S\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BMd35f39a2.txt
C:\WINDOWS\BMd35f39a2.xml
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\edjbbhdo.ini
C:\WINDOWS\system32\msxvoktw.ini
C:\WINDOWS\system32\NXIOqqru.ini
C:\WINDOWS\system32\NXIOqqru.ini2
C:\WINDOWS\system32\odhbbjde.dll
C:\WINDOWS\system32\wtkovxsm.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 19:58 . 2008-08-25 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-24 17:53 . 2008-08-24 17:53 126,976 --a------ C:\WINDOWS\winxml2a.dll
2008-08-10 18:28 . 2008-08-10 18:28 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-10 18:27 . 2008-08-10 18:27 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-05 19:28 . 2008-08-05 19:28 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2008-08-05 18:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 16:42 --------- d-----w C:\Program Files\SysMetrix
2008-08-26 16:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 17:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-29 16:12 --------- d-----w C:\Program Files\RocketDock
2008-07-27 09:29 --------- d-----w C:\Program Files\MediaMonkey
2008-07-25 18:23 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 18:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-23 18:46 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-23 16:10 --------- d-----w C:\Program Files\Common Files\Acronis
2008-07-17 05:20 --------- d-----w C:\Program Files\ATI Technologies
2008-07-16 18:17 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-14 07:23 --------- d-----w C:\Program Files\Ashampoo
2008-07-14 07:19 --------- d-----w C:\Program Files\GetRight
2008-07-14 07:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-14 07:15 --------- d-----w C:\Program Files\ESET
2008-07-14 07:06 --------- d-----w C:\Program Files\Canon
2008-07-14 07:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-30 20:30 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-09-20 18:05 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\system32\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\VistaMizer\old\wininet.dll

2002-09-20 18:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 16:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2002-09-20 18:17 1920512 e2a57a7b4182490dfe1ebade818146a2 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-17 16:45 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2002-09-20 17:12 1891840 bb405b214b5b49ab3f00196c10885611 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-17 16:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\VistaMizer\old\explorer.exe

2002-09-20 18:05 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 16:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe

2002-09-20 18:05 140288 fa4b5c09c730f2fee754e69264ea198d C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\system32\wuauclt.exe
2004-08-17 16:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E969B8B-8E8B-3A8D-B060-8B40F72CB668}]
2008-08-24 17:53 126976 --a------ C:\WINDOWS\winxml2a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-10 18:02 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 10:32 921600]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 14:43 1188152]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-09-10 14:46 1962216]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 12:59 148760]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 22:09 2637824]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp [2006-12-21 03:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-23 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
- - - - ORPHANS REMOVED - - - -

Notify-pmnKBRjk - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\S\Data aplikací\Mozilla\Firefox\Profiles\uthi8gj4.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 18:42:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\S\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-08-26 18:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 16:43:50

Pre-Run: Volných bajtů: 34,691,174,400
Post-Run: Volněch bajt…: 34,639,527,936

211

[fredik]

Všechno to ještě nebylo, něco tam zůstalo.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud jsi měl k tomuto Pc připojenou flešku/USB klíčenku/Mp3 přehrávač, tak ji připoj k Pc a proveď postup s Flash Disinfectorem.

Stáhni tento program: Flash Disinfector (by sUBs)
- Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
- po té můžeš výměnné zařízení odpojit.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\winxml2a.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E969B8B-8E8B-3A8D-B060-8B40F72CB668}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[stan.]

Tak jsem to snad udělal správně

ComboFix 08-08-25.01 - S 2008-08-26 20:26:57.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1520 [GMT 2:00]
Running from: C:\Documents and Settings\S\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\S\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winxml2a.dll
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 19:58 . 2008-08-25 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-10 18:28 . 2008-08-10 18:28 <DIR> d-------- C:\Program Files\Avanquest update
2008-08-10 18:27 . 2008-08-10 18:27 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-05 19:28 . 2008-08-05 19:28 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2008-08-05 18:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:30 --------- d-----w C:\Program Files\SysMetrix
2008-08-26 16:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 17:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-29 16:12 --------- d-----w C:\Program Files\RocketDock
2008-07-27 09:29 --------- d-----w C:\Program Files\MediaMonkey
2008-07-25 18:23 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 18:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-23 18:46 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-23 16:10 --------- d-----w C:\Program Files\Common Files\Acronis
2008-07-17 05:20 --------- d-----w C:\Program Files\ATI Technologies
2008-07-16 18:17 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-14 07:23 --------- d-----w C:\Program Files\Ashampoo
2008-07-14 07:19 --------- d-----w C:\Program Files\GetRight
2008-07-14 07:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-14 07:15 --------- d-----w C:\Program Files\ESET
2008-07-14 07:06 --------- d-----w C:\Program Files\Canon
2008-07-14 07:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-30 20:30 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-09-20 18:05 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-17 16:49 802304 6ed57bdaad00043872dc45984da91096 C:\WINDOWS\system32\wininet.dll
2004-08-17 16:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\VistaMizer\old\wininet.dll

2002-09-20 18:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 16:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 16:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2002-09-20 18:17 1920512 e2a57a7b4182490dfe1ebade818146a2 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-17 16:45 2274816 8b9de3c360966a1f959b07ede7c56a72 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-17 16:45 2017280 7715eddd01edfef9ef335d29c6dfe212 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2002-09-20 17:12 1891840 bb405b214b5b49ab3f00196c10885611 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-17 16:45 2407936 3ac37cc753b2b1ac54803ebbdb9fd371 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-17 16:45 2150400 84fef6be553acc66729f5d4113f53310 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 16:49 1550848 52cf1beeccd26fac8b12a4310a5e47fe C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\VistaMizer\old\explorer.exe

2002-09-20 18:05 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 16:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 16:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe

2002-09-20 18:05 140288 fa4b5c09c730f2fee754e69264ea198d C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2004-08-17 16:49 111104 d236e3b128029d7a01eb50f778fff414 C:\WINDOWS\system32\wuauclt.exe
2004-08-17 16:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_18.43.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 18:30:15 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_96c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-10 18:02 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 10:32 921600]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 14:43 1188152]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-09-10 14:46 1962216]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 12:59 148760]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 03:10 3543552]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 22:09 2637824]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp [2006-12-21 03:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-23 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 20:30:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\S\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\S\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-08-26 20:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 18:31:14
ComboFix2.txt 2008-08-26 16:43:54

Pre-Run: Volných bajtů: 34,621,423,616
Post-Run: Volněch bajt…: 34,608,091,136

193


A ještě log z HJT

Logfile of HijackThis v1.99.1
Scan saved at 20:35:21, on 26.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\S\LOCALS~1\Temp\Rar$EX00.796\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Můžeš vypnout spouštění SUPERAntiSpyware při startu:
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít

Používáš starší verzi HijackThis, pokud by sis někdy příště dával zkontrolovat log, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž.

Pokud nemáš žádné další problémy, tak by to bylo vše. Pokud jo tak dej vědět.

[stan.]

Vypadá to že už je to dobrý,VŘELÉ DÍKY fredikovi Jen jedna otázka,proč mám vypnout spouštění SuperAntiSpyware při startu.Mám verzi s rezidentní ochranou a chci ji mít funkční proti těm neřádům.

[fredik]

Podobně se spouští i free verze, což není potřeba. Pokud máš Profesional verzi jak říkáš tak si nech jeho spouštění zapnuté.