Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

Baron Prášil

a nebo když chvilku počkáš tak udělam skript pro avengera
použiješ ho z nouzáku.ale ten kaspersky by byl lepší.

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 14:39

musel sem ho odinstalovat....pak si ho zas naistaluju,ten kaspersky je co vubec ? Taky nejaky antivir jak avast ?

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 14:42

uz scanuju ....ale je to AJ takze se v tem nevyznam,az to dojede tak na me hukne nejak tabulka bo jak.. ?

Baron Prášil

to nevím,ještě jsem kašperskýho neměl.řekl bych že po skenu to bude intuitivní a nabídne smazání.
odinstal avasta pro tuto spešl situaci jsem ti chtěl navrhnout.

a omlouvám se BUBINOvi za atack tohoto tématu.přišlo mi divný,proč tak dlouho řešíte jeden trabl.

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 15:01

Kaspersky ti bude vyhadzovat tabulky a bude po tebe zjapat svinsky zvuk.Potom sa nelakaj, alebo radsej vypni reprak

Ak to nepomoze, tak vidim idealne riesenie format.

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 16:15

uz to mam,co ted sem mam hodit ? Format ne,byla by skoda tej snahy...Combofix mam udelat ?

Baron Prášil

ty si viděl co to smazalo.mohl si dát nějakej log.
ale neva.dej log z hijackthis a combofixu taky.už sem si nezacombofixoval ani nepamatuju

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 16:35

Tu HijackThis v2.0.2 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:50, on 10.2.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05DD93D2-FB60-41E3-83C9-6658F4241DAF}: NameServer = 62.240.178.250,10.0.0.1
O18 - Protocol: bw+0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {26F4FFDB-6B71-4912-B66C-2E94D7847C63} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 18408 bytes

Tu combofix:

ComboFix 08-02.05.3 - Administrator 2008-02-10 16:29:31.11 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.846 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 16:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 16:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 16:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 16:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 16:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 16:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 14:10 . 2008-02-10 14:10 <DIR> d-------- C:\kav
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-10 12:13 . 2002-09-20 18:05 135,680 --a------ C:\WINDOWS\R.COM
2008-02-10 12:13 . 2002-09-20 18:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-02-10 12:13 . 2008-02-10 12:16 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-10 11:53 . 2008-02-10 11:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-10 00:17 . 2008-02-10 00:17 <DIR> d-------- C:\Temp
2008-02-09 18:35 . 2008-02-10 11:45 <DIR> d-------- C:\WINDOWS\EHome
2008-02-09 18:08 . 2008-02-09 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 17:33 . 2008-02-09 17:33 <DIR> d-------- C:\Program Files\Zamykatko
2008-02-09 17:33 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-09 14:26 . 2008-02-09 14:44 12,288 --ah----- C:\WINDOWS\system32\eciqzl.exe
2008-02-09 13:10 . 2008-02-09 13:10 16,896 --ah----- C:\WINDOWS\system32\yilc.exe
2008-02-09 12:40 . 2008-02-09 13:30 126 --a------ C:\WINDOWS\system32\wurefyu.bat
2008-02-09 11:04 . 2008-02-09 11:07 23,552 --ah----- C:\WINDOWS\system32\dzkml.exe
2008-02-09 10:01 . 2008-02-09 10:02 20,992 --ah----- C:\WINDOWS\system32\frtheq.exe
2008-02-08 19:41 . 2008-02-08 19:41 122 --a------ C:\WINDOWS\system32\wvgpme.bat
2008-02-08 16:16 . 2008-02-08 16:16 <DIR> d-------- C:\WINDOWS\pchealth
2008-02-08 12:28 . 2008-02-08 12:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 12:23 . 2008-02-08 12:34 <DIR> d-------- C:\SDFix
2008-02-05 17:26 . 2008-02-05 17:26 <DIR> d-------- C:\Documents and Settings\Guest\Data aplikací\Logitech
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d-------- C:\Documents and Settings\Guest\Plocha
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní tiskárny
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní síť
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Oblíbené položky
2008-02-05 17:25 . 2008-02-04 13:11 <DIR> d-------- C:\Documents and Settings\Guest\Šablony
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> dr------- C:\Documents and Settings\Guest\Nabídka Start
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Dokumenty
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr-h----- C:\Documents and Settings\Guest\Data aplikací
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-09 11:15 <DIR> d-------- C:\Downloads
2008-02-04 18:27 . 2008-02-04 18:27 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-08 16:43 <DIR> d-------- C:\Program Files\QIP
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-09 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 16:10 42,496 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-08 16:10 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-08 16:07 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S4 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 16:30:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 16:31:08
ComboFix-quarantined-files.txt 2008-02-10 15:31:07
ComboFix2.txt 2008-02-08 15:17:46
ComboFix3.txt 2008-02-08 14:53:20
ComboFix4.txt 2008-02-08 14:43:34
ComboFix5.txt 2008-02-06 14:28:32
.
2008-02-09 16:50:48 --- E O F ---

Baron Prášil

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\eciqzl.exe 
C:\WINDOWS\system32\yilc.exe 
C:\WINDOWS\system32\dzkml.exe 
C:\WINDOWS\system32\frtheq.exe 
C:\WINDOWS\system32\bitcometres.dll 
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 
C:\WINDOWS\svchost.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu a info o chování kompu,pls

zkus smazat tu službu Generic Host Process for Win-32 Service
hájdžekem podle návodu tady
http://www.jaknato.com/index.php?clanek ... hijackthis
po kliku na open misc tool klikneš na Delete an NT service
a vložíš tučnej text a dáš ok

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 18:26

http://img222.imageshack.us/my.php?image=scdscsbd6.jpg (co to znamena ?)

Du na ten combofix

Baron Prášil

neřeš,byl to jen pokus.combo sem!

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 18:34

oka šéfe...tu je :

ComboFix 08-02.05.3 - Administrator 2008-02-10 18:30:15.12 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.845 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\bitcometres.dll
C:\WINDOWS\system32\dzkml.exe
C:\WINDOWS\system32\eciqzl.exe
C:\WINDOWS\system32\frtheq.exe
C:\WINDOWS\system32\yilc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
C:\WINDOWS\system32\bitcometres.dll
C:\WINDOWS\system32\dzkml.exe
C:\WINDOWS\system32\eciqzl.exe
C:\WINDOWS\system32\frtheq.exe
C:\WINDOWS\system32\yilc.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 16:29 . 2001-10-25 13:00 376,832 --a------ C:\kmd.exe
2008-02-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 16:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 16:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 16:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 16:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 16:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 16:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 14:10 . 2008-02-10 14:10 <DIR> d-------- C:\kav
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-10 12:13 . 2002-09-20 18:05 135,680 --a------ C:\WINDOWS\R.COM
2008-02-10 12:13 . 2002-09-20 18:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-02-10 12:13 . 2008-02-10 12:16 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-10 11:53 . 2008-02-10 11:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-10 00:17 . 2008-02-10 00:17 <DIR> d-------- C:\Temp
2008-02-09 18:35 . 2008-02-10 11:45 <DIR> d-------- C:\WINDOWS\EHome
2008-02-09 18:08 . 2008-02-09 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 17:33 . 2008-02-09 17:33 <DIR> d-------- C:\Program Files\Zamykatko
2008-02-09 17:33 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-09 12:40 . 2008-02-09 13:30 126 --a------ C:\WINDOWS\system32\wurefyu.bat
2008-02-08 19:41 . 2008-02-08 19:41 122 --a------ C:\WINDOWS\system32\wvgpme.bat
2008-02-08 16:16 . 2008-02-08 16:16 <DIR> d-------- C:\WINDOWS\pchealth
2008-02-08 12:28 . 2008-02-08 12:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 12:23 . 2008-02-08 12:34 <DIR> d-------- C:\SDFix
2008-02-05 17:26 . 2008-02-05 17:26 <DIR> d-------- C:\Documents and Settings\Guest\Data aplikací\Logitech
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d-------- C:\Documents and Settings\Guest\Plocha
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní tiskárny
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní síť
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Oblíbené položky
2008-02-05 17:25 . 2008-02-04 13:11 <DIR> d-------- C:\Documents and Settings\Guest\Šablony
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> dr------- C:\Documents and Settings\Guest\Nabídka Start
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Dokumenty
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr-h----- C:\Documents and Settings\Guest\Data aplikací
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-09 11:15 <DIR> d-------- C:\Downloads
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-08 16:43 <DIR> d-------- C:\Program Files\QIP
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-10 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-04 15:43 . 2008-02-10 18:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-04 15:21 . 2008-02-04 15:21 <DIR> d-------- C:\Program Files\Lavalys
2008-02-04 15:12 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 15:12 . 2008-02-09 10:36 <DIR> d-------- C:\Program Files\ICQLite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 16:10 42,496 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-08 16:10 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-08 16:07 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:31:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 18:31:50
ComboFix-quarantined-files.txt 2008-02-10 17:31:48
ComboFix2.txt 2008-02-10 15:31:09
ComboFix3.txt 2008-02-08 15:17:46
ComboFix4.txt 2008-02-08 14:53:20
ComboFix5.txt 2008-02-08 14:43:34
.
2008-02-09 16:50:48 --- E O F ---

Baron Prášil

fajn.chování kompu?
(upozorňuju,že bez SP2 a firewallu je to právě takhle drsný.systém je zcela otevřenej)
//hele jak se za ten den zvýšila návštěvnost tvýho problému.
všichni čekaj a těšej se jak na tom Baron pohoří

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 18:40

chovani zatim velmi dobre,co doporucujes abych mel ? SP2 a Kerio nebo co ?

Baron Prášil

samozřejmě že nezbytně potřebuješ SP2
http://www.microsoft.com/downloads/deta ... laylang=cs
hned teď ho tam nainstal.
firewall hned potom
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

pak pošli log z hijackthis pro kontrolu

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 18:44

dobre,asi vemu to comodo a jinak,muzu met avast,terminatora a i to comodo naraz ?

Baron Prášil

né že můžeš,ty a speciálně ty,musíš

stolička o třech nohách-antivir+antispyware+firewall
vše aktualizované a běžící-proto ten kontrolní log z hjt
ale hlavně SP2

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 18:55

dobre...uz sosam sp2 , ale stahuju jen 150kb/s je na netu moc lidi,tak to jede pomalu..Budu to met stahle za 20 min ,pak naistaluju pak comodo a pak log..

Jinak ja za to nemuzu a dost to nechapu proc me ty viry tak napadli...proste smula nebo osud

Kazdopadne diky moc obom kluci,nebyt vas tak to fakt prohodím oknem.

Baron Prášil

je to proto že nemáš sp2 a firewall-žádná ochrana,žádná imunita.
proč myslíš,že microsoft každej měsíc vydává bezpečnostní záplaty?
protože měsíc co měsíc,chytrý,zlý,všehoschopný živli přemejšlej jak se ti tam dostat a vydělat na tom nějaký prachy.

což je vlastně tak trochu dobře,nedochází k destrukci dat nebo systému.
v tvém případě,právě díky absenci sp2 a fw se rozlezli po kompu,natahali bratříčky a sestřičky a takto to dopadlo

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 19:05

nj a automaticke aktualizace mam met zaple nebo ee ? Nebo to je jedno ? Ja su spis proti..