Spyware nebo Virus... POMOC prosím (Vyřešeno) Vyřešeno

[LifeRoma]

Mám stejný problém jako tady http://www.pc-help.cz/viewtopic.php?t=17836.
Dělal jsem přesně to, co je tam popsané. Udělal jsem log z SmitFraudFix a poté log z HijackThis.
oba dva Vám tady hodím. Jen doufám že mi poradíte. už mě to štve když mi tady lítají okna.
SmitFraudFix v2.253

Scan done at 22:08:18,54, po 19.11.2007
Run from C:\Documents and Settings\Olsa\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 http://www.drivecleaner.com ## added by CiD
127.0.0.1 http://www.errorprotector.com ## added by CiD
127.0.0.1 http://www.errorsafe.com ## added by CiD
127.0.0.1 http://www.systemdoctor.com ## added by CiD
127.0.0.1 http://www.utils.winfixer.com ## added by CiD
127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 http://www.win-virus-pro.com ## added by CiD
127.0.0.1 http://www.winantispam.com ## added by CiD
127.0.0.1 http://www.winantispy.com ## added by CiD
127.0.0.1 http://www.winantispyware.com ## added by CiD
127.0.0.1 http://www.winantivirus.com ## added by CiD
127.0.0.1 http://www.winantiviruspro.com ## added by CiD
127.0.0.1 http://www.windrivecleaner.com ## added by CiD
127.0.0.1 http://www.windrivesafe.com ## added by CiD
127.0.0.1 http://www.winfixer.com ## added by CiD
127.0.0.1 http://www.winfixer2006.com ## added by CiD
127.0.0.1 http://www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5647B2F1-9FEF-4665-BC5D-E70F0DF1323C}: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5647B2F1-9FEF-4665-BC5D-E70F0DF1323C}: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5647B2F1-9FEF-4665-BC5D-E70F0DF1323C}: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5647B2F1-9FEF-4665-BC5D-E70F0DF1323C}: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.4.16
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.4.16


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:21, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\WINCMD32.EXE
D:\stahnute\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O21 - SSODL: nopctrl - {7103E9B6-7B54-4F9A-9345-7AADC99949C0} - C:\WINDOWS\nopctrl.dll
O21 - SSODL: ddkret - {4FC44227-13DB-4FB7-84E2-0FE0DF4DC9A8} - C:\WINDOWS\ddkret.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\hry\MOH-AA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

--
End of file - 1992 bytes


Prosím pomoc.

[Reklama]

[fredik]

Vítej na fóru

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT.

PS: nemusíš zakládat nové téma, stačí když se ti nedostane odpověď se připomenout ve stávajícím tématu.

[LifeRoma]

Díky za radu za chvíli to tady máš. Ale musíš vydržet žere mi to 100procent výkonu procáku.

[LifeRoma]

Tak tady to máš

SDFix: Version 1.115

Run by Administrator on Łt 20.11.2007 at 18:57

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\QTWMCI32.DLL - Deleted
C:\WINDOWS\bonsws.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ddkret.dll - Deleted
C:\WINDOWS\nopctrl.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sawkip.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\OPREVGKX.DLL - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-20 19:01:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272c8d9df]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c8d9df]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\1\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272c8d9df]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,1b,50,00,00,00,00,2a,f8,50,0e,c0,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tiny-Tropico v 1.2Final Cz "
"UninstallString"="D:\hry\tropic\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B57A79B9-8239-BECD-D9F9-CB4FB9453D36}]
"ianlidhefdpkjlabjd"=hex:6a,61,69,6e,69,6e,6b,69,69,65,66,6b,63,6b,6e,61,6a,65,6b,6d,00,..
"hadoocendhmokccl"=hex:6a,61,6a,6e,6e,6e,70,66,62,68,65,62,61,70,66,6f,6d,6b,6e,6d,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\hry\\terminator\\T3.exe"="D:\\hry\\terminator\\T3.exe:*:Disabled:T3"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\hry\\MOH-AA\\UnrealEngine3\\Binaries\\MOHA.exe"="D:\\hry\\MOH-AA\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\\hry\\Call of Duty\\CoDMP.exe"="D:\\hry\\Call of Duty\\CoDMP.exe:*:Disabled:CoDMP"
"D:\\hry\\MOHA-AA\\MOHAA.exe"="D:\\hry\\MOHA-AA\\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 17 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 17 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 27 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 9 Oct 2007 478,208 ...H. --- "C:\Documents and Settings\Olsa\Plocha\~WRL1423.tmp"
Sat 27 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT1.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT1681.tmp"
Tue 20 Nov 2007 0 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT1693.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT1A89.tmp"
Sat 13 Oct 2007 366,808 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT1C7.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT2.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT3.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT4.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT5.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT6.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT7.tmp"
Tue 20 Nov 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BIT8.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BITE.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Olsa\Local Settings\Temp\BITF.tmp"
Sun 18 Nov 2007 8,646,776 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67c8fc01100a7555e3d40c5e21ad4a52\BIT1EE.tmp"
Mon 19 Nov 2007 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\89b70ceab9c1882c80e33e4e8d6798ba\BIT1D0.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\733424ccee980bc90e7b33193acd7716\download\BITEB59.tmp"
Sun 18 Nov 2007 53,194 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\download\BIT2B5.tmp"
Mon 19 Nov 2007 7,156,596 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\af770a0c38c69bf096093d1dd1aca268\download\BIT2B4.tmp"

Finished!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:28, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\WINCMD32.EXE
D:\stahnute\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\hry\MOH-AA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

--
End of file - 1899 bytes

[LifeRoma]

Prosím pošli další instrukce.

[fredik]

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

Smaž adresář/složku co vytvořil SDFix:
C:\SDFix

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Logy jinak vypadají dobře, máš ještě nějaké problémy?

[LifeRoma]

ale který řádek??? Píšeš mi že mám zaškrknout okénko PŘEDřádky
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll (file missing)
ale před nimi zž žádný jiný nemám. První řádek je již zminovaný
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2

[fredik]

Zatrhneš okénka před (vlevo) uvedenými řádky. Viz návod: HijackThis tam to je podrobně napsáno i s obrázkem.

[LifeRoma]

jo díky prozatím to vypadá v pohodě, snad se to už nevrátí. Jen jednu otázku bych ještě měl. KDyž použiji printscreen a "vyfotím " si aktuální obraz, kde se mi to uloží. Vím že do schránky, ale kde to nejdu, když ten obrázek chci třeba hodit na net nebo vytisknout?? Předm díky

[fredik]

Ze schránky ho vložíš do nějakého grafického editoru např. malováni a v něm si ho uložíš, případně upravíš.

Jinak klávesová zkratka pro vložení je Ctrl + V kde + znamená že zmáčkneš klávesu Ctrl držíš zmáčknutu a pak zmáčkneš ještě klávesu V

[LifeRoma]

j j zas taky chuj nejsem díky za všechno. Jste nej forům

[fredik]

Nemáš za co