Jak na SDfix ..???

Baron Prášil · Příspěvekod **Baron Prášil** » 06 úno 2008 19:06

vyber si tady,doporučuju ZoneAlarm nebo Comodo
proč by neměli jít nainstalit na sp1 nevím. a proč ti nejde nainstalovat sp2 protože ti to rozhodí.. HomeSite 4.5.2
tak to už netuším vůbec :smile:

Reklama

RomanP · Příspěvekod **RomanP** » 07 úno 2008 02:40

nyní nevím o čem píšeš ... Comodo mi psalo, že pro instalaci musim mit SP2 nevo Win. Vista, Homesite pod SP2 nejede ...na 100%, Edit (normal) Browser (normal) a Design nejede ... vyskočí mi hláška musim použit Ctrk+Alt+Delete abych to vypnul ...

Baron Prášil · Příspěvekod **Baron Prášil** » 07 úno 2008 16:54

s tím druhým ti fakt neporadím,to si tady nejdi vhodnější sekci.
jestli nejde nainstalovat comodo nainstaluj ZA nebo Kerio
nebo se chovej na netu jako matka Tereza :lol:

Super Master Level 10
Obrázek

RomanP · Příspěvekod **RomanP** » 09 úno 2008 14:54

zasilam Log z ComboFix a Hitjak This

ComboFix 08-02.05.3 - Honza 2008-02-09 14:45:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.583 [GMT 1:00]
Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\Honza\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Honza\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Honza\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Honza\Plocha\Error Cleaner.url
C:\Documents and Settings\Honza\Plocha\Privacy Protector.url
C:\Documents and Settings\Honza\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Jaryn\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\Jaryn\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Jaryn\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Jaryn\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Jaryn\Plocha\Error Cleaner.url
C:\Documents and Settings\Jaryn\Plocha\Privacy Protector.url
C:\Documents and Settings\Jaryn\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\.protected
C:\WINDOWS\dat.txt
C:\WINDOWS\dpvtporldn.dll
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\etc\.protected

----- BITS: Possible infected sites -----

hxxp://77.91.228.186
hxxp://onsafepro.com
hxxp://77.91.227.194
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
2008-02-03 11:51 . 2008-02-03 11:56 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-02-03 11:49 . 2008-02-03 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-02-03 08:02 . 2008-02-03 08:02 <DIR> d-------- C:\WINDOWS\system32\roman
2008-02-03 07:43 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-03 07:43 . 2006-11-13 18:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-03 07:43 . 2006-11-13 18:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-02-03 07:43 . 2006-11-13 10:37 <DIR> dr------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-02-03 07:43 . 2006-11-13 10:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-02-03 07:43 . 2007-04-09 19:50 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-02-03 07:43 . 2006-11-30 22:53 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-03 07:43 . 2007-04-09 19:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-02-03 07:34 . 2008-02-03 07:50 <DIR> d-------- C:\SDFix
2008-02-03 07:33 . 2008-02-03 07:19 1,218,381 --a------ C:\SDFix.exe
2008-02-03 02:29 . 2008-02-03 02:30 <DIR> d-------- C:\Program Files\RFA Platinum
2008-02-03 02:09 . 2008-02-03 02:10 <DIR> d-------- C:\WINDOWS\system32\_avast4_
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\LocalService\_avast4_
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\SystemDefender
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Lavasoft
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-02-03 02:08 . 2008-02-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-03 01:13 . 2008-02-03 02:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 01:13 . 2008-02-03 01:13 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Lavasoft
2008-02-03 01:04 . 2008-02-03 02:05 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-02-03 01:04 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-31 11:54 . 2008-01-31 11:54 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Talkback
2008-01-26 18:55 . 2008-01-26 18:55 <DIR> d---s---- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-01-22 23:57 . 2006-12-15 13:00 211 --a------ C:\boot.ini.comodofirewall
2008-01-22 21:46 . 2008-01-22 21:46 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-22 21:42 . 2008-02-09 11:29 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-22 21:42 . 2008-02-03 02:09 <DIR> d-------- C:\Program Files\Crawler
2008-01-22 11:28 . 2008-01-22 11:27 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-22 11:28 . 2008-01-22 11:27 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-22 11:28 . 2008-01-22 11:27 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-22 11:27 . 2008-02-09 14:38 <DIR> d-------- C:\Program Files\ESET
2008-01-22 11:20 . 2008-01-22 11:20 0 --a------ C:\Program Filesxpa.exe.tmp
2008-01-22 09:55 . 2008-01-22 09:55 253,968 --a------ C:\Documents and Settings\Honza\Data aplikací\installer_ch[1].exe
2008-01-22 09:18 . 2008-01-22 09:18 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\SuspenzorPC
2008-01-22 08:43 . 2008-01-22 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-01-21 16:42 . 2008-01-21 13:11 229,376 --a------ C:\WINDOWS\bqxomdo.dll
2008-01-21 16:42 . 2008-01-21 13:11 196,608 --a------ C:\WINDOWS\aswmklt.dll
2008-01-21 16:42 . 2008-01-21 13:11 90,112 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Program Files\MediaRoverCodec
2008-01-17 18:57 . 2008-01-17 18:57 <DIR> d-------- C:\WINDOWS\Start Menu
2008-01-17 18:57 . 2008-02-03 00:21 <DIR> d-------- C:\Program Files\HEAT
2008-01-17 18:57 . 1998-12-07 16:20 1,020,416 --a------ C:\WINDOWS\system32\WebPro32.ocx
2008-01-17 18:57 . 1999-01-22 17:08 34,665 --a------ C:\WINDOWS\system32\ripx.vxd
2008-01-16 09:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-16 09:52 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 01:16 . 2008-01-16 01:16 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-13 10:51 . 2008-01-13 10:51 <DIR> d-------- C:\Documents and Settings\Honza\.jpi_cache
2008-01-13 10:51 . 2008-01-13 10:51 <DIR> d-------- C:\Documents and Settings\Honza\.java
2008-01-13 00:13 . 2008-01-13 00:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-13 00:07 . 2008-01-13 00:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 00:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-12 15:49 . 2005-12-21 03:16 470,048 -ra------ C:\WINDOWS\system32\drivers\ar5211.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 15:06 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\OpenOffice.org2
2008-02-03 01:09 --------- d-----w C:\Program Files\Window Gadgets
2008-02-03 01:09 --------- d-----w C:\Program Files\Sports Interactive
2008-02-03 01:09 --------- d-----w C:\Program Files\Green Forest
2008-02-03 01:08 --------- d-----w C:\Program Files\Alwil Software
2008-02-03 01:07 --------- d-----w C:\Program Files\PVD15
2008-02-03 01:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 23:20 --------- d-----w C:\Program Files\EA SPORTS
2008-02-02 23:18 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-22 11:05 --------- d-----w C:\Program Files\Winamp
2008-01-21 14:12 --------- d-----w C:\Program Files\GamePark
2008-01-21 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 00:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-15 12:33 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-13 18:23 --------- d-----w C:\Program Files\Google
2007-12-30 19:16 --------- d--h--r C:\Documents and Settings\Honza\Data aplikací\SecuROM
2007-12-30 19:00 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\XnView
2007-12-30 18:55 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\ImgBurn
2007-12-30 18:49 --------- d-----w C:\Program Files\Java
2007-12-30 18:48 --------- d-----w C:\Program Files\Easypano
2007-12-30 18:44 --------- d-----w C:\Program Files\Scratch Mast'a
2007-12-30 18:35 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\URSE Games
2007-12-30 18:14 --------- d-----w C:\Program Files\GameTop.com
2007-12-30 11:56 --------- d-----w C:\Program Files\Scorpions WinCheater
2007-12-30 11:37 --------- d-----w C:\Program Files\Dema Virtual Notes
2007-12-30 11:35 --------- d-----w C:\Program Files\iTV
2007-12-30 11:32 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 11:21 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Virtual Notes cache
2007-12-30 11:18 --------- d-----w C:\Program Files\Rainlendar2
2007-12-30 11:10 --------- d-----w C:\Program Files\Pal Games
2007-12-30 11:03 --------- d-----w C:\Program Files\Losuj!
2007-12-26 18:16 --------- d-----w C:\Program Files\Rally Championship Xtreme
2007-12-22 19:35 --------- d-----w C:\Program Files\IconTweaker
2007-12-22 19:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\IconTweaker
2007-12-22 19:04 --------- d-----w C:\Program Files\Zoner
2007-11-01 15:59 75,145 ----a-w C:\Program Files\Uninstal.exe
2007-05-04 19:09 284,718 ----a-w C:\Program Files\palm fond.tga
2007-05-04 18:55 1,428 ----a-w C:\Program Files\133.jpg
2007-05-04 18:46 1,568 ----a-w C:\Program Files\mt-blu-t.jpg
2007-05-04 18:44 14,922 ----a-w C:\Program Files\mt-blu-r.jpg
2007-05-04 18:05 196,626 ----a-w C:\Program Files\185.tga
2007-05-04 12:00 324 ----a-w C:\Program Files\035.jpg
2007-05-04 11:55 24,594 ----a-w C:\Program Files\034.tga
2007-05-04 11:54 49,170 ----a-w C:\Program Files\030.tga
2007-05-04 11:54 24,594 ----a-w C:\Program Files\032.tga
2007-05-03 20:58 33,554 ----a-w C:\Program Files\297.tga
2007-05-03 20:57 33,554 ----a-w C:\Program Files\296.tga
2007-04-30 11:47 27,219 ----a-w C:\Program Files\front_pump.jpg
2007-04-30 11:43 173,414 ----a-w C:\Program Files\front_pump_top.bmp
2007-04-30 11:38 23,692 ----a-w C:\Program Files\wh3.jpg
2007-04-30 07:59 53,142 ----a-w C:\Program Files\no_smoking.bmp
2007-04-30 07:56 786,486 ----a-w C:\Program Files\Gmc_grey_512.bmp
2007-04-30 07:56 786,486 ----a-w C:\Program Files\Gmc_grey.bmp
2007-04-30 07:44 10,889 ----a-w C:\Program Files\017.jpg
2007-04-30 07:26 16,161 ----a-w C:\Program Files\lang.jpg
2007-04-29 22:22 5,257 ----a-w C:\Program Files\main_ger.sim
2007-04-29 22:22 5,257 ----a-w C:\Program Files\main_fre.sim
2007-04-29 22:21 5,257 ----a-w C:\Program Files\main_eng.sim
2005-02-18 20:37 589,824 ----a-w C:\Program Files\SimTractor.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2000-11-02 08:24 90,774 ----a-w C:\Program Files\front_roof_1_2.bmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 14:46 679936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-24 08:18 35328]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 09:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-22 11:27 949376]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-22 21:43 2776576]
"rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2006-08-26 09:33 365056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bqxomdo"= {D3D16397-4393-433E-B335-A8E1258D7358} - C:\WINDOWS\bqxomdo.dll [2008-01-21 13:11 229376]
"aswmklt"= {1C5F453E-FA67-49CD-9E52-3B5AF808FB18} - C:\WINDOWS\aswmklt.dll [2008-01-21 13:11 196608]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-13 17:52 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Antivirus]

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-22 21:46]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2006-03-02 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys []
S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 13:35]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:16:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 14:48:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-02-09 14:49:04
ComboFix-quarantined-files.txt 2008-02-09 13:48:56
.
2008-01-16 00:16:17 --- E O F ---

------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:54, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\RFA Platinum\rfagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Honza\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0401855046
O17 - HKLM\System\CCS\Services\Tcpip\..\{31A0E763-E7C9-4668-BACD-EDEBF78C1F3F}: NameServer = 192.168.1.253,194.228.41.113
O21 - SSODL: bqxomdo - {D3D16397-4393-433E-B335-A8E1258D7358} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {1C5F453E-FA67-49CD-9E52-3B5AF808FB18} - C:\WINDOWS\aswmklt.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6371 bytes

děkuji za brzskou odpověď

Baron Prášil · Příspěvekod **Baron Prášil** » 09 úno 2008 15:18

fixni
O21 - SSODL: bqxomdo - {D3D16397-4393-433E-B335-A8E1258D7358} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {1C5F453E-FA67-49CD-9E52-3B5AF808FB18} - C:\WINDOWS\aswmklt.dll

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\bqxomdo.dll
C:\WINDOWS\aswmklt.dll 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
"bqxomdo"=-
"aswmklt"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis

RomanP · Příspěvekod **RomanP** » 09 úno 2008 21:37

ahoj ... chci se jen zeptat ... jde o vir .. nebo spyware ...??? Rád bych co jsem to chytnul. děkuji.

Baron Prášil · Příspěvekod **Baron Prášil** » 09 úno 2008 21:39

http://www.prevx.com/filenames/20105782 ... T.DLL.html
http://www.prevx.com/filenames/19305300 ... O.DLL.html

hele,pokecat si můžem potom,teď bych to rád měl odškrtnutý,oki?!

RomanP · Příspěvekod **RomanP** » 12 úno 2008 08:15

zasilam Log z Combofixu ..
ComboFix 08-02.05.3 - Honza 2008-02-12 8:08:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.611 [GMT 1:00]
Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Honza\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\aswmklt.dll
C:\WINDOWS\bqxomdo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Honza\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Honza\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Honza\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Honza\Plocha\Error Cleaner.url
C:\Documents and Settings\Honza\Plocha\Privacy Protector.url
C:\Documents and Settings\Honza\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Jaryn\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Jaryn\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Jaryn\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Jaryn\Plocha\Error Cleaner.url
C:\Documents and Settings\Jaryn\Plocha\Privacy Protector.url
C:\Documents and Settings\Jaryn\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\aswmklt.dll
C:\WINDOWS\bqxomdo.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
2008-02-03 11:51 . 2008-02-03 11:56 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-02-03 11:49 . 2008-02-03 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-02-03 08:02 . 2008-02-03 08:02 <DIR> d-------- C:\WINDOWS\system32\roman
2008-02-03 07:43 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-03 07:43 . 2006-11-13 18:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-03 07:43 . 2006-11-13 18:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-02-03 07:43 . 2006-11-13 10:37 <DIR> dr------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-02-03 07:43 . 2006-11-13 10:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-02-03 07:43 . 2007-04-09 19:50 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-02-03 07:43 . 2006-11-30 22:53 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-03 07:43 . 2007-04-09 19:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-02-03 07:34 . 2008-02-03 07:50 <DIR> d-------- C:\SDFix
2008-02-03 07:33 . 2008-02-03 07:19 1,218,381 --a------ C:\SDFix.exe
2008-02-03 02:29 . 2008-02-03 02:30 <DIR> d-------- C:\Program Files\RFA Platinum
2008-02-03 02:09 . 2008-02-03 02:10 <DIR> d-------- C:\WINDOWS\system32\_avast4_
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\LocalService\_avast4_
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\SystemDefender
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Lavasoft
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Comodo
2008-02-03 02:09 . 2008-02-03 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-02-03 02:08 . 2008-02-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-03 01:13 . 2008-02-03 02:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 01:13 . 2008-02-03 01:13 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Lavasoft
2008-02-03 01:04 . 2008-02-03 02:05 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-02-03 01:04 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-31 11:54 . 2008-01-31 11:54 <DIR> d-------- C:\Documents and Settings\Jaryn\Data aplikací\Talkback
2008-01-26 18:55 . 2008-01-26 18:55 <DIR> d---s---- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-01-22 23:57 . 2006-12-15 13:00 211 --a------ C:\boot.ini.comodofirewall
2008-01-22 21:46 . 2008-01-22 21:46 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-22 21:42 . 2008-02-10 14:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-22 21:42 . 2008-02-03 02:09 <DIR> d-------- C:\Program Files\Crawler
2008-01-22 11:28 . 2008-01-22 11:27 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-22 11:28 . 2008-01-22 11:27 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-22 11:28 . 2008-01-22 11:27 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-22 11:27 . 2008-02-09 14:38 <DIR> d-------- C:\Program Files\ESET
2008-01-22 11:20 . 2008-01-22 11:20 0 --a------ C:\Program Filesxpa.exe.tmp
2008-01-22 09:55 . 2008-01-22 09:55 253,968 --a------ C:\Documents and Settings\Honza\Data aplikací\installer_ch[1].exe
2008-01-22 09:18 . 2008-01-22 09:18 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\SuspenzorPC
2008-01-22 08:43 . 2008-01-22 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-01-21 16:42 . 2008-01-21 13:11 90,112 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Program Files\MediaRoverCodec
2008-01-17 18:57 . 2008-01-17 18:57 <DIR> d-------- C:\WINDOWS\Start Menu
2008-01-17 18:57 . 2008-02-03 00:21 <DIR> d-------- C:\Program Files\HEAT
2008-01-17 18:57 . 1998-12-07 16:20 1,020,416 --a------ C:\WINDOWS\system32\WebPro32.ocx
2008-01-17 18:57 . 1999-01-22 17:08 34,665 --a------ C:\WINDOWS\system32\ripx.vxd
2008-01-16 09:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-16 09:52 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 01:16 . 2008-01-16 01:16 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-13 10:51 . 2008-01-13 10:51 <DIR> d-------- C:\Documents and Settings\Honza\.jpi_cache
2008-01-13 10:51 . 2008-01-13 10:51 <DIR> d-------- C:\Documents and Settings\Honza\.java
2008-01-13 00:13 . 2008-01-13 00:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-13 00:07 . 2008-01-13 00:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 00:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-12 15:49 . 2005-12-21 03:16 470,048 -ra------ C:\WINDOWS\system32\drivers\ar5211.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 15:06 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\OpenOffice.org2
2008-02-03 01:09 --------- d-----w C:\Program Files\Window Gadgets
2008-02-03 01:09 --------- d-----w C:\Program Files\Sports Interactive
2008-02-03 01:09 --------- d-----w C:\Program Files\Green Forest
2008-02-03 01:08 --------- d-----w C:\Program Files\Alwil Software
2008-02-03 01:07 --------- d-----w C:\Program Files\PVD15
2008-02-03 01:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 23:20 --------- d-----w C:\Program Files\EA SPORTS
2008-02-02 23:18 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-22 11:05 --------- d-----w C:\Program Files\Winamp
2008-01-21 14:12 --------- d-----w C:\Program Files\GamePark
2008-01-21 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 00:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-15 12:33 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-13 18:23 --------- d-----w C:\Program Files\Google
2007-12-30 19:16 --------- d--h--r C:\Documents and Settings\Honza\Data aplikací\SecuROM
2007-12-30 19:00 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\XnView
2007-12-30 18:55 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\ImgBurn
2007-12-30 18:49 --------- d-----w C:\Program Files\Java
2007-12-30 18:48 --------- d-----w C:\Program Files\Easypano
2007-12-30 18:44 --------- d-----w C:\Program Files\Scratch Mast'a
2007-12-30 18:35 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\URSE Games
2007-12-30 18:14 --------- d-----w C:\Program Files\GameTop.com
2007-12-30 11:56 --------- d-----w C:\Program Files\Scorpions WinCheater
2007-12-30 11:37 --------- d-----w C:\Program Files\Dema Virtual Notes
2007-12-30 11:35 --------- d-----w C:\Program Files\iTV
2007-12-30 11:32 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 11:21 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Virtual Notes cache
2007-12-30 11:18 --------- d-----w C:\Program Files\Rainlendar2
2007-12-30 11:10 --------- d-----w C:\Program Files\Pal Games
2007-12-30 11:03 --------- d-----w C:\Program Files\Losuj!
2007-12-26 18:16 --------- d-----w C:\Program Files\Rally Championship Xtreme
2007-12-22 19:35 --------- d-----w C:\Program Files\IconTweaker
2007-12-22 19:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\IconTweaker
2007-12-22 19:04 --------- d-----w C:\Program Files\Zoner
2007-11-01 15:59 75,145 ----a-w C:\Program Files\Uninstal.exe
2007-05-04 19:09 284,718 ----a-w C:\Program Files\palm fond.tga
2007-05-04 18:55 1,428 ----a-w C:\Program Files\133.jpg
2007-05-04 18:46 1,568 ----a-w C:\Program Files\mt-blu-t.jpg
2007-05-04 18:44 14,922 ----a-w C:\Program Files\mt-blu-r.jpg
2007-05-04 18:05 196,626 ----a-w C:\Program Files\185.tga
2007-05-04 12:00 324 ----a-w C:\Program Files\035.jpg
2007-05-04 11:55 24,594 ----a-w C:\Program Files\034.tga
2007-05-04 11:54 49,170 ----a-w C:\Program Files\030.tga
2007-05-04 11:54 24,594 ----a-w C:\Program Files\032.tga
2007-05-03 20:58 33,554 ----a-w C:\Program Files\297.tga
2007-05-03 20:57 33,554 ----a-w C:\Program Files\296.tga
2007-04-30 11:47 27,219 ----a-w C:\Program Files\front_pump.jpg
2007-04-30 11:43 173,414 ----a-w C:\Program Files\front_pump_top.bmp
2007-04-30 11:38 23,692 ----a-w C:\Program Files\wh3.jpg
2007-04-30 07:59 53,142 ----a-w C:\Program Files\no_smoking.bmp
2007-04-30 07:56 786,486 ----a-w C:\Program Files\Gmc_grey_512.bmp
2007-04-30 07:56 786,486 ----a-w C:\Program Files\Gmc_grey.bmp
2007-04-30 07:44 10,889 ----a-w C:\Program Files\017.jpg
2007-04-30 07:26 16,161 ----a-w C:\Program Files\lang.jpg
2007-04-29 22:22 5,257 ----a-w C:\Program Files\main_ger.sim
2007-04-29 22:22 5,257 ----a-w C:\Program Files\main_fre.sim
2007-04-29 22:21 5,257 ----a-w C:\Program Files\main_eng.sim
2005-02-18 20:37 589,824 ----a-w C:\Program Files\SimTractor.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2000-11-02 08:24 90,774 ----a-w C:\Program Files\front_roof_1_2.bmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 14:46 679936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-24 08:18 35328]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 09:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-22 11:27 949376]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-22 21:43 2776576]
"rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2006-08-26 09:33 365056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-13 17:52 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Antivirus]

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-22 21:46]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2006-03-02 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys []
S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 13:35]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:16:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 08:10:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-02-12 8:11:14
ComboFix-quarantined-files.txt 2008-02-12 07:11:12
ComboFix2.txt 2008-02-09 13:49:05
.
2008-01-16 00:16:17 --- E O F ---

Z Hitjak This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:56, on 12.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\RFA Platinum\rfagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Honza\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0401855046
O17 - HKLM\System\CCS\Services\Tcpip\..\{31A0E763-E7C9-4668-BACD-EDEBF78C1F3F}: NameServer = 192.168.1.253,194.228.41.113
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6130 bytes

Baron Prášil · Příspěvekod **Baron Prášil** » 12 úno 2008 11:25

log je v pořádku.ale pořád mi tam chybí ten firewall :wink:

použij T-Cleaner smaže vše po Combu,SDFixu,Avengeru atd.

RomanP · Příspěvekod **RomanP** » 12 úno 2008 17:53

děkuji za pomoc... mam Ccleaner a Tune Up 2007, mužu to tím, nebo jen T-cleaner ..?? .. prosím ještě co jednu odpověď, zezačátku jsem chtěl zformatovat HDD, ale nešlo to...postupoval jsem jako vždy nabutoval jsem z orig. cd Win. XP, stahlo to soubory a potom mi vyskočila modra plocha s napisama, že se dal nedostanu .. to se mi ještě nikdy nestalo ... nešlo to ... při normalnim startu mi hned na začatku mi vyskakuje ... žlutě napsana věta ..."If you want to install Linux default partition RAID driver please do not use OPROM creation operation"..myslím si, že je něco špatně a proto ani ten format nešel ... pokud víš, prosímtě poraď. Mam Partition Magic 8, už jsem v něm rozděloval disk(ne tenhle) a vše bylo... ok..., pokud by to v tomhle pomohlo není co řešit ... jen mam strach bez tveho nazoru tam vlest a něco měnit. předem děkuji

Baron Prášil · Příspěvekod **Baron Prášil** » 12 úno 2008 17:59

t-cleaner je na to,co sem psal.ccleanerem můžeš čistit kdy chceš.
ale s tím systémem ti neporadím,budeš muset oslovit hochy ze sekce Windows...
a zde tedy hotovo a není zač :wink:

RomanP · Příspěvekod **RomanP** » 12 úno 2008 18:20

děkuji mockrát .... a přeji hodně zdaru při pomáhání druhým ...

Jak na SDfix ..???

Kdo je online