PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Prosím pomoc - YOUR PRIVACY IS IN DANGER

https://pc-help.cnews.cz/viewtopic.php?f=47&t=27541

Stránka 1 z 1

Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 14:02
od ma3nka
Prosim vas nemohli by ste mi poradit.
Mam tento isty problem.
Urobila som ako radili predtym.

Tvůj dotaz oddělen a vložen jako samostatný s úpravou názvu. Na původním místě by jej nikdo nenašel. Pic
Tu je
SDFix: Version 1.183
Run by jaroslav zelenak on ne 18.05.2008 at 12:03

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\jaroslav zelenak\Plocha\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\rs.txt - Deleted



Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 13:48:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

a tiez

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:05, on 18.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [64d3023d] rundll32.exe "C:\WINDOWS\system32\ortmxkdv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dreamweaver Interface Improver.lnk = C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: pxgdslro - {BD3B3058-4AC9-474C-BFED-1E4813AEB25B} - C:\WINDOWS\pxgdslro.dll
O21 - SSODL: gnowmebk - {20FD79DC-38C1-459D-96DD-012C0FF9421E} - C:\WINDOWS\gnowmebk.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4772 bytes


Budem Vam velmi vdacna za kazdu radu.

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 14:58
od fredik
Vítej na fóru

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 15:35
od ma3nka
ComboFix 08-05-15.3 - jaroslav zelenak 2008-05-18 15:14:46.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.88 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Error Cleaner.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Privacy Protector.url
C:\Documents and Settings\jaroslav zelenak\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\fccdbBUL.dll
C:\WINDOWS\system32\LUBbdccf.ini
C:\WINDOWS\system32\LUBbdccf.ini2
C:\WINDOWS\system32\pknudjke.ini
C:\WINDOWS\system32\vdkxmtro.ini
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-18 15:22 . 2008-05-18 15:22 74 ---hs---- C:\WINDOWS\system32\vdkxmtro.ini
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-18 10:13 . 2008-05-18 11:56 <DIR> d-------- C:\Program Files\SystemErrorFixer
2008-05-18 09:31 . 2008-05-18 09:31 91,264 --a------ C:\WINDOWS\system32\ortmxkdv.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-17 18:29 . 2008-05-17 18:29 91,264 --------- C:\WINDOWS\system32\ekjdunkp.dll
2008-05-17 18:23 . 2008-05-17 18:23 29,824 --a------ C:\WINDOWS\system32\byXRjjKC.dll
2008-05-17 18:22 . 2008-05-17 13:59 217,088 --a------ C:\WINDOWS\nldfmtapgpv.dll
2008-05-17 18:22 . 2008-05-17 13:59 212,992 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-17 18:22 . 2008-05-17 13:59 176,128 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-17 18:22 . 2008-05-17 13:59 155,648 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-17 18:22 . 2008-05-17 13:59 94,208 --a------ C:\WINDOWS\eova.exe
2008-05-17 18:22 . 2008-05-17 13:59 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 15:18 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort
2008-05-16 10:00 . 2008-05-18 15:20 21 --a------ C:\qpmd8376.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
2008-05-17 18:23 29824 --a------ C:\WINDOWS\system32\byXRjjKC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
2008-05-17 13:59 217088 --a------ C:\WINDOWS\nldfmtapgpv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-17 13:59 155648]

[HKEY_CLASSES_ROOT\clsid\{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib\{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"64d3023d"="C:\WINDOWS\system32\ortmxkdv.dll" [2008-05-18 09:31 91264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"= C:\WINDOWS\system32\byXRjjKC.dll [2008-05-17 18:23 29824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"= {BD3B3058-4AC9-474C-BFED-1E4813AEB25B} - C:\WINDOWS\pxgdslro.dll [2008-05-17 13:59 212992]
"gnowmebk"= {20FD79DC-38C1-459D-96DD-012C0FF9421E} - C:\WINDOWS\gnowmebk.dll [2008-05-17 13:59 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjjKC]
byXRjjKC.dll 2008-05-17 18:23 29824 C:\WINDOWS\system32\byXRjjKC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 15:20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRjjKC.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ortmxkdv.dll
-> C:\WINDOWS\system32\xxyayAPF.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-18 15:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 13:25:17

Adresářů: 10, Volných bajtů: 16,495,939,584
Adres ý…: 12, Volněch bajt…: 16,487,481,344

209

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 17:57
od fredik
Odinstaluj přes Přidat nebo odebrat programy pokud tam bude:
SystemErrorFixer

Spusť znovu HijackThis a zaškrtni v něm okéno před řádkem:
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\system32\vdkxmtro.ini
C:\WINDOWS\system32\ortmxkdv.dll
C:\WINDOWS\system32\ekjdunkp.dll
C:\WINDOWS\system32\byXRjjKC.dll
C:\WINDOWS\nldfmtapgpv.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\eova.exe
C:\WINDOWS\mdtgkswr.exe
C:\qpmd8376.bin
C:\WINDOWS\system32\xxyayAPF.dll

Folder::
C:\Program Files\SystemErrorFixer
C:\Program Files\Common Files\SystemErrorFixer
C:\Documents and Settings\All Users\Data aplikací\Adsl Software Limited\WinSpywareProtect

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
[-HKEY_CLASSES_ROOT\clsid\{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[-HKEY_CLASSES_ROOT\gktxaspm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[-HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect (ver. 5.1)"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"64d3023d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pxgdslro"=-
"gnowmebk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjjKC]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek
- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 18:31
od ma3nka
ComboFix 08-05-15.3 - jaroslav zelenak 2008-05-18 18:14:36.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.99 [GMT 2:00]
Running from: C:\Documents and Settings\jaroslav zelenak\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\jaroslav zelenak\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\qpmd8376.bin
C:\WINDOWS\eova.exe
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapgpv.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\byXRjjKC.dll
C:\WINDOWS\system32\ekjdunkp.dll
C:\WINDOWS\system32\ortmxkdv.dll
C:\WINDOWS\system32\vdkxmtro.ini
C:\WINDOWS\system32\xxyayAPF.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\qpmd8376.bin

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-18 15:27 . 2008-05-18 15:27 90,752 --a------ C:\WINDOWS\system32\wtptjetj.dll
2008-05-18 10:17 . 2008-05-18 10:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 10:14 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-17 22:54 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 22:37 . 2008-05-18 13:49 <DIR> d-------- C:\SDFix
2008-05-17 22:20 . 2008-05-17 22:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-16 23:18 . 2008-05-16 23:18 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:51 . 2008-05-16 19:51 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-16 18:48 . 2008-05-16 18:50 3,260 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-16 18:47 . 2003-03-27 09:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-16 18:35 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-05-16 18:35 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-05-16 18:34 . 2008-05-18 09:51 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-16 18:34 . 2008-05-16 18:35 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-16 18:34 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-16 18:34 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-16 18:34 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-16 18:34 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-16 18:34 . 2008-05-16 18:36 22,993 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-05-16 18:34 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-05-16 18:33 . 2005-07-27 18:42 1,583 -ra------ C:\WINDOWS\system32\lxcc.loc
2008-05-16 18:31 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-16 18:31 . 2001-10-24 12:25 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-16 18:31 . 2005-04-28 08:07 65,536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 18:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 15:14 . 2008-05-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-16 14:53 . 2008-05-16 14:53 <DIR> d---s---- C:\Documents and Settings\jaroslav zelenak\UserData
2008-05-16 13:37 . 2008-05-16 13:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 12:40 . 2008-05-16 12:40 <DIR> d-------- C:\Program Files\ESET
2008-05-16 10:49 . 2008-05-16 10:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\Program Files\Opera
2008-05-16 10:45 . 2008-05-18 18:14 <DIR> d-------- C:\Documents and Settings\jaroslav zelenak\Plocha
2008-05-16 10:37 . 2008-05-16 10:37 <DIR> d-------- C:\icons
2008-05-16 10:21 . 2008-05-16 10:21 <DIR> d-------- C:\Program Files\Dreamweaver Interface Improver
2008-05-16 10:20 . 2003-07-30 18:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-16 10:20 . 2003-07-30 18:28 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:20 . 2003-07-30 18:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 10:07 . 2004-08-17 17:49 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-16 10:06 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-16 10:05 . 2008-05-16 08:51 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-16 10:05 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-16 10:05 . 2008-05-16 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-16 10:05 . 2008-05-16 23:04 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-16 10:05 . 2008-05-16 23:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-16 10:04 . 2008-05-16 10:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:55 <DIR> d--h----- C:\Documents and Settings\Default User
2008-05-16 10:04 . 2008-05-17 22:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-16 10:04 . 2008-05-16 08:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-05-16 10:04 . 2008-05-16 09:13 <DIR> d-------- C:\Documents and Settings
2008-05-16 10:03 . 2008-05-16 08:58 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-16 10:01 . 2008-05-16 10:01 1 --a------ C:\WINDOWS\system32\FlashPaperPrinterPort

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 17:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 08:20 --------- d-----w C:\Program Files\Macromedia
2008-05-16 08:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 07:56 --------- d-----w C:\Program Files\Common Files\InstallShield
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_18.08.56.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 16:03:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 16:17:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-17 14:49:22 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.EXE /AUTORUN
\Shell\configure\command - F:\setup.EXE
\Shell\install\command - F:\setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 18:17:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2008-05-18 18:23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 16:22:29
ComboFix2.txt 2008-05-18 16:10:00
ComboFix3.txt 2008-05-18 13:26:17

Adresářů: 10, Volných bajtů: 16,490,586,112
Adres ý…: 11, Volněch bajt…: 16,453,709,824

172


......................................................................................................................................


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:48, on 18.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dreamweaver Interface Improver.lnk = C:\Program Files\Dreamweaver Interface Improver\MdImpr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 4472 bytes


Som ti hrozne vdacna, ze si taky ochotny :D

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 19:26
od ma3nka
Asi to pomohlo, lebo uz nic nevyskakuje a vyzera to ako predtym.

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 18 kvě 2008 20:37
od fredik
Stáhni si program OTMoveIt2 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste List Of Files/Folders to Move) zkopíruj tyto cesty:

Kód: Vybrat vše

[kill explorer]
C:\WINDOWS\system32\wtptjetj.dll
EmptyTemp
[start explorer]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 20 kvě 2008 21:35
od ma3nka
Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtptjetj.dll
C:\WINDOWS\system32\wtptjetj.dll NOT unregistered.
C:\WINDOWS\system32\wtptjetj.dll moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05202008_212902


Dakujem za pomoc :D

Re: Prosím pomoc - YOUR PRIVACY IS IN DANGER

Napsal: 22 kvě 2008 21:34
od fredik
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Fixni v HJT tuto položku jestli tam ještě bude:

Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu OTMoveIT a klikni na tlačítko CleanUp!. Načte se ti seznam a objeví se ti hláška tak dej Yes. Po proběhnutí se tě zeptá na restart tak ho opět povol přes volbu Yes.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner

Nemáš za co, kdyby byl nějaký problém tak dej vědet.
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/