Prosím o kontrolu logu

[noego]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:35, on 2.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
D:\wek\Zdenek DATA\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://software.seznam.cz/listicka/toolbar.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3043446984
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2d4978850f651709.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A67E8D9B-6A13-4049-B088-A3B8872DCA32}: NameServer = 213.158.128.2,212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqnlji - urqnlji.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 10370 bytes

[Reklama]

[Baron Prášil]

v pořádku.

fixni zbytečnosti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O20 - Winlogon Notify: urqnlji - urqnlji.dll (file missing)

problém nebo prevence?

[noego]

Pc pracuje pomalu , a docela často zamrzne IE - pak lze zavřít jen přes zprávce úloh, mám pocit , že se to stalo po aktualizaci právě na IE - záložky atp.
Díky.

[Baron Prášil]

je vidět že jsi měl vundo infekci,tak pošli ještě log z combofixu.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[noego]

vše ok , jenom:
"combofix is preparing to run"

a na to win hláška "SWREG.CFEXE - chyba aplikace
instrukce na adrese 0x7c9111de odkazovala na adresu paměti 0x4f444e49 s pamětí nelze provést operaci: read"

pak na vše ok a tady je log:

ComboFix 08-02.02.5 - Evule 2008-02-02 15:11:49.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.178 [GMT 1:00]
Running from: C:\Documents and Settings\Evule\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 12:40 . 2008-02-01 12:40 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-29 00:55 . 2008-01-29 00:55 38 --a------ C:\WINDOWS\avisplitter.INI
2008-01-27 11:11 . 2004-08-17 15:49 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-27 11:08 . 2008-01-27 11:08 <DIR> d-------- C:\Program Files\Common Files\Labtec
2008-01-27 11:08 . 2007-03-06 17:54 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-27 11:08 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-01-27 11:08 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-01-27 11:08 . 2007-03-06 17:50 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-27 11:08 . 2007-03-06 17:54 215,840 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-01-27 11:08 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-01-27 11:08 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-27 11:08 . 2007-03-06 17:54 41,376 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-27 11:08 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-01-27 11:07 . 2008-01-27 11:07 <DIR> d-------- C:\Program Files\Labtec
2008-01-27 11:07 . 2008-01-27 11:07 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-01-22 23:26 . 2008-01-22 23:26 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-22 23:16 . 2008-01-22 23:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-19 13:38 . 2008-01-19 13:52 3,120 --a------ C:\WINDOWS\MF_C425.lfa
2008-01-19 13:38 . 2008-01-19 13:52 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2008-01-19 13:38 . 2008-01-19 13:52 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-01-19 13:37 . 2008-01-19 13:38 <DIR> d-------- C:\Program Files\IncrediMail
2008-01-19 13:10 . 2008-01-19 13:10 <DIR> d-------- C:\Program Files\Foxmail
2008-01-13 16:49 . 2008-01-13 16:49 <DIR> d-------- C:\Program Files\Disney Interactive
2008-01-06 22:55 . 2008-02-01 10:54 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\Program Files\Nero
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-05 17:25 . 2008-01-05 17:25 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-01-05 17:19 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-01-05 17:19 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-01-05 17:19 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-01-05 17:19 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-01-05 17:19 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-01-05 17:19 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-01-05 17:19 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-01-05 17:19 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-01-05 17:19 . 2008-01-05 17:19 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-01-05 17:19 . 2008-01-05 17:19 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-01-05 17:18 . 2008-01-13 16:52 1,032 --a------ C:\WINDOWS\disney.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 08:01 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 21:08 --------- d-----w C:\Program Files\Freeze.com
2007-12-14 22:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-27 22:34 333,408 ----a-w C:\WINDOWS\system32\jkklm.VIR
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 19:30 292152]
"Task Catcher"="C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe" [2005-11-14 13:05 136760]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 20:00 59392]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:38 458752]
"LaunchApp"="Alaunch" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 20:00 208952]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-17 19:09 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-17 19:10 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-17 19:06 77824]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 20:00 15360]

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 20:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 15:17:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-02-02 15:19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 14:19:20
.
2008-01-09 08:02:50 --- E O F ---

[Baron Prášil]

no,dost toho smazal.jsou tam nějaký zbytky i po warezovu

takže použij avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

Zvol možnost "Load script from internet URL"
a do řádku pod tím zkopíruj

Kód: Vybrat vše

http://ne-e.eu/stration/script.txt

potom semafor,restart a log z avengeru neposílej!
napiš jak se chová komp.