kontrola logu

[Baron Prášil]

to je takovej,s prominutím,hajzlhnusnej

fixni
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

vypni štíty avastu a spybotu a natrvalo v ZA Spyblock a udělej znovu combofix.
pošli log z combofixu

[Reklama]

[Honza Petrásek]

takže předem hlavně děkuji za trpělivost a teď k věci

fixnout to co jsi napsal nebyl problém

nevím ale jak splnit další tvé pokyny

ani v avast, ani v spy bot natož v ZA jsem nenašel něco co by mě navedlo na to čemu ty říkáš "vypni štíty avastu a spybotu a natrvalo v ZA Spyblock"

takže opět prosím o podrobnější návod (pokud se se mnou chceš vůbec zahazovat )

k poslední části tvé rady - udělat combo atd. - samozřejmě není problém, v tomhle směru jsem v obraze

díky Honza P.

[Honza Petrásek]

takže jsem se trochu unáhlil

v avastu jsem štíty vypnul - bylo to celkem jasné


ale stejně to celé asi necháme na zítřek


honza p.

[Baron Prášil]

ano,je to snadné.
proto doporučuji se alespoň minimálně seznámit s bezp.softem který si instaluji do systému.
jeho lepší znalost,zvýší i bezpečí.

[Honza Petrásek]

je mi to trapné, ale můžu jen slíbit, že na tom zapracuju

stále však nevím jak splnit tvůj pokyn v části týkající se Spy bot a ZA

každopádně už teď se počítač (alespoň vizuálně) tváří jako, že je v pořádku

Honza P.

[Baron Prášil]

stejně jako avast i spybot má ikonu v tray a po kliknutí nabídne ukončení štítu.
(upozorňuju,že toto jsou ode mne preventivně-paranoidní opatření,protože privacy_danger
by se měl po sdfixu a combofixu,pustit a umřít

se ZA nevím,tento nový neznám,takže kdo čte-ať poradí. hlavně combofix udělej s vyplím avastem a spybotem

[Honza Petrásek]

ComboFix 08-03-03.6 - honzík 2008-03-04 0:32:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.681 [GMT 1:00]
Running from: C:\Documents and Settings\honzík\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-03 22:54 . 2008-03-03 22:54 <DIR> d-------- C:\Program Files\backups
2008-03-03 18:37 . 2008-03-04 00:33 317,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-03 18:37 . 2008-03-03 23:47 3,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 18:35 . 2008-03-03 18:35 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\MailFrontier
2008-03-03 18:31 . 2008-03-04 00:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-03 18:29 . 2008-03-03 18:29 210,416 --a------ C:\Program Files\zaSetup_en.exe
2008-03-03 07:34 . 2004-08-18 21:00 389,632 --a------ C:\CF4617.exe
2008-03-03 07:18 . 2008-03-03 07:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-03 06:59 . 2008-03-03 19:00 <DIR> d-------- C:\SDFix
2008-03-03 06:58 . 2008-03-03 06:58 1,312,273 --a------ C:\Program Files\SDFix.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-03-03 00:30 . 2004-08-18 21:00 147,968 --a------ C:\WINDOWS\R.COM
2008-03-03 00:30 . 2004-08-18 21:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-03-03 00:30 . 2008-03-03 00:30 26 --a------ C:\WINDOWS\Lic.xxx
2008-03-03 00:29 . 2008-03-03 00:29 23,838,472 --a------ C:\Program Files\mwav.exe
2008-03-03 00:22 . 2008-03-03 00:22 <DIR> d-------- C:\Program Files\CCleaner
2008-03-03 00:21 . 2008-03-03 00:21 2,733,520 --a------ C:\Program Files\ccsetup205.exe
2008-03-02 22:41 . 2008-03-02 22:41 401,720 --a------ C:\Program Files\HiJackThis.exe
2008-03-02 19:06 . 2008-03-02 19:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-02 19:06 . 2008-03-02 19:06 2,554 --a------ C:\WINDOWS\unins000.dat
2008-03-02 18:54 . 2008-03-02 18:54 85 --a------ C:\WINDOWS\wininit.ini
2008-02-23 19:21 . 2008-02-23 19:21 <DIR> d-------- C:\Program Files\Winamp
2008-02-23 19:21 . 2008-03-03 23:38 <DIR> d-------- C:\Documents and Settings\honzík\Data aplikací\Winamp
2008-02-23 19:19 . 2008-02-23 19:19 11,724,688 --a------ C:\Program Files\winamp552_full_emusic-7plus_all.exe
2008-02-13 07:17 . 2008-02-13 07:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 23:30 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\Skype
2008-03-03 23:05 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\skypePM
2008-03-03 22:54 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\OpenOffice.org2
2008-03-03 18:03 10,507 ----a-w C:\Program Files\hijackthis.log
2008-03-03 17:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2008-03-02 18:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 12:43 32 ----a-w C:\DOCUME~1\ALLUSE~1\DATAAP~1\ezsid.dat
2007-12-17 17:55 111,957,043 ----a-w C:\Program Files\OOo_2.3.1_071115_Win32Intel_install_cs.exe
2007-12-10 16:06 18,337,152 ----a-w C:\Program Files\setupcze.exe
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-06 22:39 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-03 18:51 13,411,824 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2007-10-03 18:39 330 ----a-w C:\Program Files\3D_Warehouse.kmz
2007-09-12 18:49 16,976,376 ----a-w C:\Program Files\setupczepro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F7CAFA7-9AB3-4198-A8B4-671DD6A73153}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-03 18:35 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-03 18:35 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 11:35 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-11 23:19 7626752]
"nwiz"="nwiz.exe" [2006-07-11 23:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 01:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 16:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 21:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 21:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 21:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 21:00 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-11 23:19 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 18:54 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 14:00 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 13:40 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 12:08 61440]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-08-11 15:14 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-07-06 11:03 425984]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-07-26 20:42 143360]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 21:00 15360]

C:\Documents and Settings\honzˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2006-05-16 11:04]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 00:33:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 0:34:30
ComboFix-quarantined-files.txt 2008-03-03 23:34:27
ComboFix2.txt 2008-03-03 23:22:34
ComboFix3.txt 2008-03-03 16:43:42
ComboFix4.txt 2008-03-03 06:40:03
.
2008-02-13 22:31:44 --- E O F ---

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F7CAFA7-9AB3-4198-A8B4-671DD6A73153}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

a i novej log z hijackthis a info o chování kompu

[Honza Petrásek]

ComboFix 08-03-03.6 - honzík 2008-03-04 0:50:51.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.659 [GMT 1:00]
Running from: C:\Documents and Settings\honzík\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\honzík\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-03 22:54 . 2008-03-03 22:54 <DIR> d-------- C:\Program Files\backups
2008-03-03 18:37 . 2008-03-04 00:52 376,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-03 18:37 . 2008-03-03 23:47 3,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 18:35 . 2008-03-03 18:35 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\MailFrontier
2008-03-03 18:31 . 2008-03-04 00:43 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-03 18:29 . 2008-03-03 18:29 210,416 --a------ C:\Program Files\zaSetup_en.exe
2008-03-03 07:34 . 2004-08-18 21:00 389,632 --a------ C:\CF4617.exe
2008-03-03 07:18 . 2008-03-03 07:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-03 06:59 . 2008-03-03 19:00 <DIR> d-------- C:\SDFix
2008-03-03 06:58 . 2008-03-03 06:58 1,312,273 --a------ C:\Program Files\SDFix.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-03-03 00:33 . 2008-03-03 00:33 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-03-03 00:30 . 2004-08-18 21:00 147,968 --a------ C:\WINDOWS\R.COM
2008-03-03 00:30 . 2004-08-18 21:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-03-03 00:30 . 2008-03-03 00:30 26 --a------ C:\WINDOWS\Lic.xxx
2008-03-03 00:29 . 2008-03-03 00:29 23,838,472 --a------ C:\Program Files\mwav.exe
2008-03-03 00:22 . 2008-03-03 00:22 <DIR> d-------- C:\Program Files\CCleaner
2008-03-03 00:21 . 2008-03-03 00:21 2,733,520 --a------ C:\Program Files\ccsetup205.exe
2008-03-02 22:41 . 2008-03-02 22:41 401,720 --a------ C:\Program Files\HiJackThis.exe
2008-03-02 19:06 . 2008-03-02 19:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-02 19:06 . 2008-03-02 19:06 2,554 --a------ C:\WINDOWS\unins000.dat
2008-03-02 18:54 . 2008-03-02 18:54 85 --a------ C:\WINDOWS\wininit.ini
2008-02-23 19:21 . 2008-02-23 19:21 <DIR> d-------- C:\Program Files\Winamp
2008-02-23 19:21 . 2008-03-03 23:38 <DIR> d-------- C:\Documents and Settings\honzík\Data aplikací\Winamp
2008-02-23 19:19 . 2008-02-23 19:19 11,724,688 --a------ C:\Program Files\winamp552_full_emusic-7plus_all.exe
2008-02-13 07:17 . 2008-02-13 07:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 23:35 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\Skype
2008-03-03 23:05 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\skypePM
2008-03-03 22:54 --------- d-----w C:\Documents and Settings\honzík\Data aplikací\OpenOffice.org2
2008-03-03 18:03 10,507 ----a-w C:\Program Files\hijackthis.log
2008-03-03 17:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2008-03-02 18:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 12:43 32 ----a-w C:\DOCUME~1\ALLUSE~1\DATAAP~1\ezsid.dat
2007-12-17 17:55 111,957,043 ----a-w C:\Program Files\OOo_2.3.1_071115_Win32Intel_install_cs.exe
2007-12-10 16:06 18,337,152 ----a-w C:\Program Files\setupcze.exe
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-06 22:39 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-03 18:51 13,411,824 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2007-10-03 18:39 330 ----a-w C:\Program Files\3D_Warehouse.kmz
2007-09-12 18:49 16,976,376 ----a-w C:\Program Files\setupczepro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-03 18:35 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-03 18:35 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 11:35 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-11 23:19 7626752]
"nwiz"="nwiz.exe" [2006-07-11 23:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 01:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 16:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 21:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 21:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 21:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 21:00 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-11 23:19 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 18:54 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 14:00 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 13:40 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 12:08 61440]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-08-11 15:14 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-07-06 11:03 425984]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-07-26 20:42 143360]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 21:00 15360]

C:\Documents and Settings\honzˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2006-05-16 11:04]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 00:52:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 0:52:41
ComboFix-quarantined-files.txt 2008-03-03 23:52:38
ComboFix2.txt 2008-03-03 23:34:31
ComboFix3.txt 2008-03-03 23:22:34
ComboFix4.txt 2008-03-03 16:43:42
ComboFix5.txt 2008-03-03 06:40:03
.
2008-02-13 22:31:44 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:54:02, on 4.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F7CAFA7-9AB3-4198-A8B4-671DD6A73153} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10334 bytes



jinak počítač se chová normálně, jen se mi zdá krapet pomalejší, ale nevylučuju, že jen to jen dojem po tom všem

Honza P.

[Baron Prášil]

no,hurá. ještě to vyčisti
CCleanerem a RegCleanerem

T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

[Honza Petrásek]

pokyny splněny

zřejmě je vše OK

jsem velkým dlužníkem (takže snad jen napiš kam poslat dárcovské SMS )

jediné co mě ještě trápí je to, že na mě chvilku vyskakovalo chybové hlášení o to, že program eData Security was not properly installed

koukal jsem se proto v ovládacích panelech co všechno mám v počítači od Aceru a kdy to bylo naposled v provozu a rozhodl jsem se (po zralé úvaze) něco odebrat (tedy konkrétně zatím lištu Acer a ten eData Security)

to se mi ale u eData nepodařilo

mám to zkusit odebrat nějak jinak ? (ono to chybové hlášení už mezitím přestalo)


dík

Honza P.

[Baron Prášil]

tyhle notebuťácký utilitky považuju za zbytečný všechny (z hlediska bezpečnosti samozřejmě)
asi proto že můj fujsiemens nic
takovýho nemá a normálně žije. pofackuj to v msconfig
http://www.extra-pc.cz/otravne_programy ... ra_pc_1207