System integrity scan wizard

Taran. · Příspěvekod **Taran.** » 27 dub 2008 17:23

Zdravim,
do compu se mi nedavno vloudil nepřijemenj spyware který mi cc každých 7 - 10 min hází okno s názvem System integrity scan wizard. Jako antivir používám avast a jako spyware mam Spybot. Ani jeden z uvedených programu nic nenašel přesto se mi furt vyhazuje to okno. skoušel jsem tu výše popsanej návod s Combo fix ale nic se k lepšímu nezměnilo. Nevim možná sem udělal něco špatně. Dík za hlp.

Reklama

CrasherKill · Příspěvekod **CrasherKill** » 27 dub 2008 17:50

Udělej log z HijackThis tak jak je to popsané tady viewtopic.php?f=70&t=5119 a vlož ho sem.

Taran. · Příspěvekod **Taran.** » 27 dub 2008 17:58

Tady to je^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:56, on 27.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ajwxkxgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\SALAM2\SALAMAND.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: wxdbpfvo - {DDA28099-DACF-415D-A5A8-BB134FCA3D6A} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /reboot{54C0D94A-F467-4ABC-9D02-6E58748668D4} /z
O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /reboot{54C0D94A-F467-4ABC-9D02-6E58748668D4} /z
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [zefqxsvh] C:\WINDOWS\system32\ajwxkxgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [tANAbjsK69] C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: bw+0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 19436 bytes

Taran. · Příspěvekod **Taran.** » 27 dub 2008 18:05

Jo a taky mi to hazi okno nejen se System integrity scan wizard ale taky Security system - Protection control panel a este jedno.....

Příspěvekod **fredik** » 27 dub 2008 18:30

Vítej na fóru

Vítej na fóru

Před použitím vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
Obrázek

- zavři program
Restartuj PC.

Po té si stáhni ResetTeaTimer.bat a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Taran. · Příspěvekod **Taran.** » 27 dub 2008 18:59

Tady to je:

ComboFix 08-04-26.3 - Marin Velčev 2008-04-27 18:51:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.670 [GMT 2:00]
Running from: C:\Documents and Settings\Marin Velčev\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 17:53 . 2008-04-27 17:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 17:37 . 2008-04-27 17:38 <DIR> d-------- C:\Program Files\iTunes
2008-04-27 17:37 . 2008-04-27 17:37 102,400 --a------ C:\WINDOWS\system32\lkdabkpa.exe
2008-04-27 16:52 . 2008-04-27 18:49 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\WTablet
2008-04-27 16:21 . 2008-04-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Šablony
2008-04-27 15:03 . 2008-04-27 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací
2008-04-27 15:03 . 2008-04-27 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-27 14:44 . 2008-04-27 14:44 <DIR> d-------- C:\Program Files\Pmcc
2008-04-27 14:44 . 2008-04-27 14:44 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Pmcc
2008-04-27 10:53 . 2008-04-27 10:53 94,208 --a------ C:\WINDOWS\system32\rclwdmbi.exe
2008-04-26 21:26 . 2008-04-26 21:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-26 21:26 . 2008-04-27 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-26 18:14 . 2008-04-26 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\onipkder
2008-04-25 15:18 . 2008-04-25 15:18 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-21 20:47 . 2008-04-21 20:47 8 --a------ C:\WINDOWS\atomhex.lic
2008-04-15 15:27 . 2008-04-15 15:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-15 15:09 . 2008-04-15 15:09 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Nvu
2008-04-13 19:34 . 2008-04-13 19:34 <DIR> d-------- C:\WTablet
2008-04-04 22:34 . 2008-04-24 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\WTablet
2008-04-03 21:01 . 2008-04-03 21:01 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Ambient Design
2008-04-03 20:59 . 2008-04-03 20:59 <DIR> d-------- C:\Program Files\Ambient Design
2008-04-03 20:39 . 2007-09-07 20:04 1,380,680 --------- C:\WINDOWS\system32\PenTablet.znc
2008-04-03 20:38 . 2008-04-03 20:38 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-04-03 20:38 . 2008-04-03 20:38 <DIR> d-------- C:\Program Files\Tablet
2008-04-03 20:38 . 2007-09-07 20:07 2,684,200 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-04-03 20:38 . 2007-09-07 20:16 1,373,480 --------- C:\WINDOWS\system32\Pen_Tablet.exe
2008-04-03 20:38 . 2007-09-07 19:55 181,544 --------- C:\WINDOWS\system32\Wintab32.dll
2008-04-03 20:38 . 2007-09-07 20:09 128,296 --------- C:\WINDOWS\system32\Pen_Tablet.dll
2008-04-03 20:38 . 2007-02-16 20:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-04-03 20:38 . 2007-02-16 02:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-04-03 20:38 . 2007-02-16 21:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-04-03 19:43 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-03 19:43 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-04-27 15:25 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-27 14:28 --------- d-----w C:\Program Files\Common Files\soft602
2008-04-27 14:28 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Software602
2008-04-27 14:27 --------- d-----w C:\Program Files\VentSrv
2008-04-27 14:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 14:23 --------- d-----w C:\Program Files\GTRAN
2008-04-27 12:51 --------- d-----w C:\Program Files\7-Zip
2008-04-27 12:47 --------- d-----w C:\Program Files\QuickTime
2008-04-27 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 12:46 --------- d-----w C:\Program Files\DivX
2008-04-27 12:46 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Ventrilo
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Nokia
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Bioshock
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Apple Computer
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-04-03 19:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 22:34 --------- d-----w C:\Program Files\Tale of Tales
2008-03-04 19:11 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\SUPERAntiSpyware.com
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-15 14:51 22,328 ----a-w C:\Documents and Settings\Marin Velčev\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_17.06.00,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 14:29:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 16:49:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ARPPRODUCTICON.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ARPPRODUCTICON.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut3_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut3_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
- 2008-04-27 14:29:45 116,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 15:37:07 114,968 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 16:49:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DDA28099-DACF-415D-A5A8-BB134FCA3D6A}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{dda28099-dacf-415d-a5a8-bb134fca3d6a}]
[HKEY_CLASSES_ROOT\TypeLib\{9A65BAD2-D2C5-4BF9-B2F1-72F3302CC4B4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49 860160]
"zefqxsvh"="C:\WINDOWS\system32\ajwxkxgr.exe" [2008-04-26 18:14 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45 820736]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2006-01-10 14:20:16 262144]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-04-28 15:59:11 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tANAbjsK69"= C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.dv25"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\HRY\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\HRY\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\HRY\\Microsoft Games\\Age of Empires II\\empires2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 13:09]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 02:11]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 12:23]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 18:52:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 18:54:15
ComboFix-quarantined-files.txt 2008-04-27 16:54:13
ComboFix2.txt 2008-04-27 15:09:16
ComboFix3.txt 2008-04-27 15:06:09

Adresářů: 20, Volných bajtů: 198,681,702,400
Adresářů: 22, Volných bajtů: 198,678,667,264

210 --- E O F --- 2008-04-12 23:25:59

Příspěvekod **fredik** » 27 dub 2008 20:28

Kolikrát jsi ten ComboFix spouštěl Obrázek

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\lkdabkpa.exe
C:\WINDOWS\system32\rclwdmbi.exe
C:\WINDOWS\atomhex.lic
C:\WINDOWS\ativpsrm.bin
C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DDA28099-DACF-415D-A5A8-BB134FCA3D6A}"=-
[-HKEY_CLASSES_ROOT\clsid\{dda28099-dacf-415d-a5a8-bb134fca3d6a}]
[-HKEY_CLASSES_ROOT\TypeLib\{9A65BAD2-D2C5-4BF9-B2F1-72F3302CC4B4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zefqxsvh"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tANAbjsK69"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.

Taran. · Příspěvekod **Taran.** » 27 dub 2008 20:37

Spouštěl jsem ho 2x :) to je to tam fakt poznat jo? Jsem tu projížděl forum nejdřív a narazil jsem na někoho kdo řešil stejnej problém tak jsem to udělal podle toho navodu, páč jsem mylel, že je to pro všechny stejný ale jak tak koukam tak ne^^

tady je ten log:

ComboFix 08-04-26.3 - Marin Velčev 2008-04-27 20:27:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.648 [GMT 2:00]
Running from: C:\Documents and Settings\Marin Velčev\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marin Velčev\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\atomhex.lic
C:\WINDOWS\system32\lkdabkpa.exe
C:\WINDOWS\system32\rclwdmbi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\onipkder\uzgbklmr.exe
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\atomhex.lic
C:\WINDOWS\system32\lkdabkpa.exe
C:\WINDOWS\system32\rclwdmbi.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 17:53 . 2008-04-27 17:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 16:52 . 2008-04-27 18:49 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\WTablet
2008-04-27 16:21 . 2008-04-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Šablony
2008-04-27 15:03 . 2008-04-27 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací
2008-04-27 14:44 . 2008-04-27 14:44 <DIR> d-------- C:\Program Files\Pmcc
2008-04-27 14:44 . 2008-04-27 14:44 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Pmcc
2008-04-26 21:26 . 2008-04-26 21:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-26 21:26 . 2008-04-27 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-26 18:14 . 2008-04-27 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\onipkder
2008-04-26 18:14 . 2008-04-26 18:14 114,688 --a------ C:\WINDOWS\system32\ajwxkxgr.exe
2008-04-25 15:18 . 2008-04-25 15:18 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-15 15:27 . 2008-04-15 15:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-15 15:09 . 2008-04-15 15:09 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Nvu
2008-04-13 19:34 . 2008-04-13 19:34 <DIR> d-------- C:\WTablet
2008-04-04 22:34 . 2008-04-24 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\WTablet
2008-04-03 21:01 . 2008-04-03 21:01 <DIR> d-------- C:\Documents and Settings\Marin Velčev\Data aplikací\Ambient Design
2008-04-03 20:59 . 2008-04-03 20:59 <DIR> d-------- C:\Program Files\Ambient Design
2008-04-03 20:39 . 2007-09-07 20:04 1,380,680 --------- C:\WINDOWS\system32\PenTablet.znc
2008-04-03 20:38 . 2008-04-03 20:38 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-04-03 20:38 . 2008-04-03 20:38 <DIR> d-------- C:\Program Files\Tablet
2008-04-03 20:38 . 2007-09-07 20:07 2,684,200 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-04-03 20:38 . 2007-09-07 20:16 1,373,480 --------- C:\WINDOWS\system32\Pen_Tablet.exe
2008-04-03 20:38 . 2007-09-07 19:55 181,544 --------- C:\WINDOWS\system32\Wintab32.dll
2008-04-03 20:38 . 2007-09-07 20:09 128,296 --------- C:\WINDOWS\system32\Pen_Tablet.dll
2008-04-03 20:38 . 2007-02-16 20:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-04-03 20:38 . 2007-02-16 02:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-04-03 20:38 . 2007-02-16 21:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-04-03 19:43 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-03 19:43 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-04-27 15:25 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-27 14:28 --------- d-----w C:\Program Files\Common Files\soft602
2008-04-27 14:28 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Software602
2008-04-27 14:27 --------- d-----w C:\Program Files\VentSrv
2008-04-27 14:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 14:23 --------- d-----w C:\Program Files\GTRAN
2008-04-27 12:51 --------- d-----w C:\Program Files\7-Zip
2008-04-27 12:47 --------- d-----w C:\Program Files\QuickTime
2008-04-27 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 12:46 --------- d-----w C:\Program Files\DivX
2008-04-27 12:46 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Ventrilo
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Nokia
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Bioshock
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\Apple Computer
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-04-03 19:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 22:34 --------- d-----w C:\Program Files\Tale of Tales
2008-03-04 19:11 --------- d-----w C:\Documents and Settings\Marin Velčev\Data aplikací\SUPERAntiSpyware.com
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-15 14:51 22,328 ----a-w C:\Documents and Settings\Marin Velčev\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_17.06.00,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 14:29:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 16:49:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ARPPRODUCTICON.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ARPPRODUCTICON.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut3_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut3_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
- 2006-07-08 22:26:55 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
+ 2008-04-27 15:38:05 131,072 ----a-r C:\WINDOWS\Installer\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
- 2008-04-27 14:29:45 116,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 15:37:07 114,968 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 16:49:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49 860160]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45 820736]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2006-01-10 14:20:16 262144]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-04-28 15:59:11 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.dv25"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\HRY\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\HRY\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\HRY\\Microsoft Games\\Age of Empires II\\empires2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 13:09]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 02:11]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 12:23]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 20:28:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 20:30:19
ComboFix-quarantined-files.txt 2008-04-27 18:30:17
ComboFix2.txt 2008-04-27 16:54:17
ComboFix3.txt 2008-04-27 15:09:16
ComboFix4.txt 2008-04-27 15:06:09

Adresářů: 20, Volných bajtů: 198,619,402,240
Adresářů: 21, Volných bajtů: 198,666,092,544

218 --- E O F --- 2008-04-12 23:25:59

Taran. · Příspěvekod **Taran.** » 27 dub 2008 20:38

a tady je novej log z hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:20, on 27.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ajwxkxgr.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: bw+0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {411DB09B-ADF6-4786-A899-84520E0854FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 18662 bytes

Taran. · Příspěvekod **Taran.** » 27 dub 2008 21:24

Wow, vypadá to že je vše vyřešeno, už hodnou chvíli se žádné okno neobjevilo. SUPER!!! vážně dík moc za rychlou a účinnou pomoc

Taran. · Příspěvekod **Taran.** » 27 dub 2008 21:30

err.....tak sem se unahlil....zrovna tet my to zas vyhodilo to okno se system integrity..... :-(

Příspěvekod **fredik** » 27 dub 2008 21:39

Dá se to poznat :wink:

I když je stejný problém tak se logy liší. Proto není dobré používat postup s ComboFix, který byl použitý v jiném tématu.

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale tentokrát tam vlož do něho toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\ajwxkxgr.exe

Folder::
C:\Documents and Settings\All Users\Data aplikací\onipkder

Vlož sem pak log z ComboFix + nový log z HJT.

System integrity scan wizard

System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Re: System integrity scan wizard

Kdo je online