Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

Baron Prášil

já myslim,že už jsem ti na toto odpověděl

takže čekám na log z dobře zabezpečenýho kompu.

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 20:25

mensi problem....teda vetsi,me se ty SP2 nechcou instalnout....jsem na mrtvem bode a to tu :

http://img217.imageshack.us/my.php?imag ... aaala9.jpg

Dal to nejde,uz tak dobru hodinu,kde je problem ?

mista mam dost tak nevim co temu zas je,uz zas chytam nervy

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 20:28

Ked instalujes SP2,mal by si mat vypnute vsetky aplikacie z dovodu, aby ti pc nezamrzlo. Vypni vsetky aplikacie a cakaj, kym ti to doinstaluje. Pokial ti to nepojde, tak instalaciu ukonci a SP2 nainstaluj znova.

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 21:48

nepomaha nic....proste se to sekne jakoby na tom obrazku co sem dal predtim....do pici to uz neni mozne s tim kompem

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 21:50

Skusal si iny balik?

solda1 · Příspěvek od **solda1** » ned 10. úno 2008, 21:56

Jiny balik ? Co tim myslis ?

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 22:11

http://www.softwarepatch.com/windows/xpsp2.html
http://www.soft32.com/Download/Free/Win ... 992-1.html
http://www.microsoft.com/downloads/deta ... laylang=en

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 17:58

furt ten stejnej problem....nevim kde je chyba...nestaci kdyz budu met jen to comodo a servis pack 1ky ?

Me ten komp jednou dostane do hrobu do pic* uz

Tu je ten proces a zere to velmi malo pameti

http://img223.imageshack.us/my.php?image=loloey7.jpg

BUBINO · Příspěvek od **BUBINO** » pon 11. úno 2008, 18:00

A su s nim este problemy co sa tyka virov? Daj sem log z comba.

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 18:15

zatim ne :

ComboFix 08-02.05.3 - Administrator 2008-02-11 18:11:10.14 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.839 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 17:45 . 2008-02-11 17:51 <DIR> d-------- C:\f58fdaaf31c1f1b335eb02f71b6d
2008-02-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 16:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 16:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 16:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 16:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 16:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 16:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-10 12:13 . 2002-09-20 18:05 135,680 --a------ C:\WINDOWS\R.COM
2008-02-10 12:13 . 2002-09-20 18:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-02-10 12:13 . 2008-02-10 12:16 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-10 11:53 . 2008-02-10 11:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-09 18:35 . 2008-02-11 17:53 <DIR> d-------- C:\WINDOWS\EHome
2008-02-09 18:08 . 2008-02-09 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 17:33 . 2008-02-09 17:33 <DIR> d-------- C:\Program Files\Zamykatko
2008-02-09 17:33 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-09 12:40 . 2008-02-09 13:30 126 --a------ C:\WINDOWS\system32\wurefyu.bat
2008-02-08 19:41 . 2008-02-08 19:41 122 --a------ C:\WINDOWS\system32\wvgpme.bat
2008-02-08 16:16 . 2008-02-08 16:16 <DIR> d-------- C:\WINDOWS\pchealth
2008-02-08 12:28 . 2008-02-08 12:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 12:23 . 2008-02-08 12:34 <DIR> d-------- C:\SDFix
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-10 21:54 <DIR> d-------- C:\Downloads
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-08 16:43 <DIR> d-------- C:\Program Files\QIP
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-10 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-04 15:43 . 2008-02-10 18:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-04 15:21 . 2008-02-04 15:21 <DIR> d-------- C:\Program Files\Lavalys
2008-02-04 15:12 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 15:12 . 2008-02-09 10:36 <DIR> d-------- C:\Program Files\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:09 . 2008-02-04 15:09 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-04 15:08 . 2008-02-04 15:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d-------- C:\Program Files\Webteh
2008-02-04 15:05 . 2008-02-06 11:01 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 16:10 42,496 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-08 16:10 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-08 16:07 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 18:11:36
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 18:12:06
ComboFix-quarantined-files.txt 2008-02-11 17:11:59
ComboFix2.txt 2008-02-10 15:31:09
ComboFix3.txt 2008-02-08 15:17:46
ComboFix4.txt 2008-02-08 14:53:20
ComboFix5.txt 2008-02-08 14:43:34
.
2008-02-10 21:25:15 --- E O F ---

BUBINO · Příspěvek od **BUBINO** » pon 11. úno 2008, 18:49

Do avengera vloz tieto riadky dole :

Files to delete:
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\Lic.xxx
C:\WINDOWS\system32\wurefyu.bat
C:\WINDOWS\system32\wvgpme.bat

Folders to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe

Done >> semafor >> ok
Log, ktory vyskoci po vstupu do win, daj sem.

Toto otestuj na virustotal.com:
C:\WINDOWS\system32\drivers\mprifl.sys

Pri instalovani uplne vypni Spyware Terminatora.

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:04

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ajdmutgu

*******************

Script file located at: \??\C:\Documents and Settings\hyeobnsu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
File C:\WINDOWS\Lic.xxx deleted successfully.
File C:\WINDOWS\system32\wurefyu.bat deleted successfully.
File C:\WINDOWS\system32\wvgpme.bat deleted successfully.
Folder C:\WINDOWS\zts2.exe deleted successfully.
Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully.
Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully.
Folder C:\WINDOWS\rundl132.dll deleted successfully.
Folder C:\WINDOWS\logo1_.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:05

myslis vypnut toho terminatora pri instalaci SP2 ?

BUBINO · Příspěvek od **BUBINO** » pon 11. úno 2008, 19:07

Ano .Ma totiz Rezidentny stit.

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:09

aha, toz to mam teda dobre stity v pocitaci

Du na to...jinak ten C:\WINDOWS\system32\drivers\mprifl.sys je OK

BUBINO · Příspěvek od **BUBINO** » pon 11. úno 2008, 19:13

Dobre

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:28

porad stejnej problem....proste to nejde dal...je to jakesi pojebane...mozu jebat.

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:36

tu este combo,zmenilo se neco ?

ComboFix 08-02.05.3 - Administrator 2008-02-11 19:31:10.15 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.846 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 19:09 . 2008-02-11 19:10 <DIR> d-------- C:\eb530c673101fa0353c3becd
2008-02-11 19:02 . 2008-02-11 19:02 60,416 --a------ C:\WINDOWS\system32\drivers\dl^cbhkp.sys
2008-02-11 18:25 . 2008-02-11 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Comodo
2008-02-11 18:25 . 2008-02-11 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Comodo
2008-02-11 18:22 . 2008-02-11 18:22 <DIR> d-------- C:\Program Files\Comodo
2008-02-11 18:11 . 2001-10-25 13:00 376,832 --a------ C:\kmd.exe
2008-02-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 16:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 16:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 16:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 16:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 16:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 16:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-10 11:53 . 2008-02-10 11:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-09 18:35 . 2008-02-11 19:11 <DIR> d-------- C:\WINDOWS\EHome
2008-02-09 18:08 . 2008-02-09 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 17:33 . 2008-02-09 17:33 <DIR> d-------- C:\Program Files\Zamykatko
2008-02-09 17:33 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-08 16:16 . 2008-02-08 16:16 <DIR> d-------- C:\WINDOWS\pchealth
2008-02-08 12:28 . 2008-02-08 12:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 12:23 . 2008-02-08 12:34 <DIR> d-------- C:\SDFix
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-08 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-10 21:54 <DIR> d-------- C:\Downloads
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet
2008-02-04 18:18 . 2008-02-04 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-02-04 17:54 . 2008-02-08 16:43 <DIR> d-------- C:\Program Files\QIP
2008-02-04 15:47 . 2008-02-04 15:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-04 15:44 . 2008-02-04 15:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-04 15:44 . 2008-02-10 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-04 15:43 . 2008-02-10 18:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-04 15:21 . 2008-02-04 15:21 <DIR> d-------- C:\Program Files\Lavalys
2008-02-04 15:12 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 15:12 . 2008-02-09 10:36 <DIR> d-------- C:\Program Files\ICQLite
2008-02-04 15:12 . 2008-02-04 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
2008-02-04 15:09 . 2008-02-04 15:09 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-04 15:08 . 2008-02-04 15:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d-------- C:\Program Files\Webteh
2008-02-04 15:05 . 2008-02-06 11:01 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 16:10 42,496 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-08 16:10 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-08 16:07 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-02-11 18:22 1115728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:32:28
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 19:32:56
ComboFix-quarantined-files.txt 2008-02-11 18:32:54
ComboFix2.txt 2008-02-11 17:12:07
ComboFix3.txt 2008-02-10 15:31:09
ComboFix4.txt 2008-02-08 15:17:46
ComboFix5.txt 2008-02-08 14:53:20
.
2008-02-10 21:25:15 --- E O F ---

BUBINO · Příspěvek od **BUBINO** » pon 11. úno 2008, 19:47

Do avengeru :

Files to delete:
C:\WINDOWS\system32\drivers\dl^cbhkp.sys

Co je tu ? :
C:\eb530c673101fa0353c3becd

Mas este neaky rezidentny stit?

solda1 · Příspěvek od **solda1** » pon 11. úno 2008, 19:47

to je rozbalenej ten SP2,zkratka pri instalaci nez to najede se to extrahuje,tedy rozbaluje nekam.