PC-HELP.CZ

ahoj, prosim o kontrolu logu, nešlape mi internet...

Logfile of HijackThis v1.99.1
Scan saved at 20:30:12, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sarbyx TrayClock\trayclock.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
G:\Martin\Internet\hiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PasswordOrganizer] C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Program Files\Sarbyx TrayClock\trayclock.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Analyzovat LeechGetem - file://C:\Program Files\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Download LeechGetem - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download s průvodcem LeechGetu - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {11239DD1-7F13-4114-AFD7-6FD638C1B1FF} (ICASign Class) - https://download.ica.cz/ICARenewal.dll
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {702B8921-6171-4375-A8DA-474D4054B8CA} (ICAEnroll Class) - https://download.ica.cz/ICAEnroll.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE48F8B3-351C-475A-BAF0-1AFA8EE3622E}: NameServer = 213.192.40.6,213.192.40.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Diky moc, DRS

Vidím firewall COMODO. Neblokuje internet právě on?

Ne ne, za prvé tam byl i předtím, než internet selhal a žádná změna nastavení neproběhla a za druhé jsem to zkoušel i s vypnutým firewallem, taky to nešlo...

Stáhněte a uložte na plochu ComboFix:

Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy (webový prohlížeč, messenger, ...) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5 - 10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup

VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.

tak ted jsem to dodelal, tady to je....


ComboFix 08-04-29.5 - Martin 2008-04-30 21:59:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.208 [GMT 2:00]
Running from: C:\Documents and Settings\Martin.KOUTEK\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 19:57 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\U3
2008-04-30 18:08 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\AVG7
2008-04-27 12:57 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\AdobeUM
2008-04-19 22:25 --------- d-----w C:\Program Files\ICQToolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2005-10-24 19:03 2,121 ----a-w C:\Program Files\INSTALL.LOG
2004-12-22 15:53 2,221,056 ----a-w C:\Program Files\ABBYY FineReader 7.0 Professional Edition.msi
2004-12-17 04:28 35,217,401 ----a-w C:\Program Files\Data1.cab
2004-12-16 20:45 317 ----a-w C:\Program Files\setup.ini
2004-12-10 12:54 311,296 ----a-w C:\Program Files\setup.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsiA.exe
.

------- Sigcheck -------

2002-09-23 22:00 12800 329945887a0c684c38a4845330bc9100 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-18 00:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-18 00:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\system32\svchost.exe

2002-09-23 22:00 75264 748494b94a871a828c64d1d5c738d2b7 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-18 00:49 82944 382e9b87f1282e697c67af84e34e35e2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-18 00:49 82944 382e9b87f1282e697c67af84e34e35e2 C:\WINDOWS\system32\ws2_32.dll

2002-09-23 22:00 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-18 00:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-18 00:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\system32\winlogon.exe

2002-09-23 22:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-09-23 22:00 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-18 00:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-18 00:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"SarbyxTrayClock"="C:\Program Files\Sarbyx TrayClock\trayclock.exe" [2006-10-19 20:21 60928]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 22:27 579584]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-12-20 13:24 406528]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 20:00 191488]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-15 15:17 4624384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-11-15 15:17 86016]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 10:56 98304]
"PasswordOrganizer"="C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe" [ ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-31 00:35 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 17:30 219136]
"sysPersonalFirewall"="msnmssgr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"sysPersonalFirewall"="msnmssgr.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codec"= l3codecp.acm
"VIDC.NSVI"= NSVIDEO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Vietcong\\vietcong.exe"=
"C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Raven\\SOF\\SoF.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Borland\\Delphi7\\Projects\\server\\Project1.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S2 OPFSVC;OPFSVC;C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe []
S2 Personal Firewall;Personal Firewall;C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe []
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 19:47]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 19:48]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 08:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2075d38-46c1-11da-8428-00301860114c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eba33866-238d-11d9-9569-00301860114c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 22:04:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&7???6~??6~????????\???\???????????U?6~??6~\???\?????????`??????C@?\???\??????s????\??????s\????&7?A??s?&7??C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?0 ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?0 ????????6~??????????@?i?1???????????????B?????? ???????????????????`??????r?B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 22:08:22
ComboFix-quarantined-files.txt 2008-04-30 20:07:51

Adresářů: 25, Volných bajtů: 14,478,757,888
Adresářů: 30, Volných bajtů: 16,341,282,816

153 --- E O F --- 2008-04-09 22:30:05

Vypni tuto službu: Personal Firewall (Start - spustit - napsat: services.msc - najít - dvojklik - zastavit a typ spouštění na zakázáno).

Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:



Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)

+ tyto soubory nech zkontrolovat na www.virustotal.com (stačí zkopírovat cestu k souboru):
C:\Program Files\Data1.cab
C:\Program Files\setup.ini
C:\Program Files\instmsiW.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe

hotovo, tady je ten log.... jinak ty soubory na netu nezkontroluju, protoze prave na postizenem pocitaci neslape. Jinak kazdopadne moc dekuju za pomoc....

ComboFix 08-04-29.5 - Martin 2008-04-30 22:56:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.175 [GMT 2:00]
Running from: C:\Documents and Settings\Martin.KOUTEK\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin.KOUTEK\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 19:57 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\U3
2008-04-30 18:08 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\AVG7
2008-04-27 12:57 --------- d-----w C:\Documents and Settings\Martin.KOUTEK\Data aplikací\AdobeUM
2008-04-19 22:25 --------- d-----w C:\Program Files\ICQToolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2005-10-24 19:03 2,121 ----a-w C:\Program Files\INSTALL.LOG
2004-12-22 15:53 2,221,056 ----a-w C:\Program Files\ABBYY FineReader 7.0 Professional Edition.msi
2004-12-17 04:28 35,217,401 ----a-w C:\Program Files\Data1.cab
2004-12-16 20:45 317 ----a-w C:\Program Files\setup.ini
2004-12-10 12:54 311,296 ----a-w C:\Program Files\setup.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsiA.exe
.

------- Sigcheck -------

2002-09-23 22:00 12800 329945887a0c684c38a4845330bc9100 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-18 00:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-18 00:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\system32\svchost.exe

2002-09-23 22:00 75264 748494b94a871a828c64d1d5c738d2b7 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-18 00:49 82944 382e9b87f1282e697c67af84e34e35e2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-18 00:49 82944 382e9b87f1282e697c67af84e34e35e2 C:\WINDOWS\system32\ws2_32.dll

2002-09-23 22:00 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-18 00:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-18 00:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\system32\winlogon.exe

2002-09-23 22:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-09-23 22:00 13312 8708be15ac5f27386b5d5fe7a1ebaf26 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-18 00:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-18 00:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"SarbyxTrayClock"="C:\Program Files\Sarbyx TrayClock\trayclock.exe" [2006-10-19 20:21 60928]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 22:27 579584]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-12-20 13:24 406528]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 20:00 191488]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-15 15:17 4624384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-11-15 15:17 86016]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 10:56 98304]
"PasswordOrganizer"="C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe" [ ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-31 00:35 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 17:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codec"= l3codecp.acm
"VIDC.NSVI"= NSVIDEO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Vietcong\\vietcong.exe"=
"C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Raven\\SOF\\SoF.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Borland\\Delphi7\\Projects\\server\\Project1.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 19:47]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 19:48]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 08:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e656fd8-151c-11dc-8824-00301860114c}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 23:00:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????L&7???6~??6~????????\???\???????????U?6~??6~\???\????????Z_??????C@?\???\??????s????\??????s\???0&7?A??s0&7??C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?0 ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?P ????B???@?????P?????@?? ????????6~??????????@?A?????????????????B?????\ ??????????????????????????r?B

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-30 23:03:58
ComboFix-quarantined-files.txt 2008-04-30 21:02:54
ComboFix2.txt 2008-04-30 20:08:23

Adresářů: 25, Volných bajtů: 17,093,283,840
Adresářů: 29, Volných bajtů: 17,077,481,472

135 --- E O F --- 2008-04-09 22:30:05

Zkusil bych tohle: Start - spustit - napsat: cmd - otevře se příkazový řádek a zadáš:


a potom ještě tohle:


Resetuje to protokol TCP/IP a druhý příkaz resetuje Winsock. Napiš, jestli to pomohlo.

Tak nepomohlo to, kdyz jsem ale napsal ten druhy prikaz napsalo to, ze winsock byl uspesne resetovan. U toho prvniho prikazu to nenapsalo nic, tak nevim, jestli reset probehl... Kazdopadne vubec nechapu co s tim muze byt.. Melo by to byt v pocitaci, protoze kdyz misto nej zapojim notebook, jede internet bez problemu.. Mam bezdratovy net, na strese prijimac a pres switch to rozvedene do celeho baraku. Vsechny ostatni kompy jedou, jen tenhle ne... Nevim jestli to neco znamena, ale kdyz dam ping na vychozi branu, ztrati to polovinu paketu, ping na primarni DNS server ztrati 75 procent, na sekundarni DNS ztrati vsechny... Nekdy se mi zda ze internet je pripojen, ale neskutecne pomalu, protoze nekdy se treba nacte to "s" od seznamu pred url... dokonce odeslu vysledky programu whatpulse a jednou se mi zacala stahovat i aktualizace avg. Soubor o velikosti 0.5 MB to stahovalo asi půl hodiny. Proto jsem si myslel, ze mi to nějaká veš jakoby blokuje, či zpomaluje. Každopádně normální html stránku se mi ještě na tom compu načíst nepovedlo...

Mě se moc nezdá tento program: AdwareAlert. Věříš mu?

Jinak po provedení prvního příkazu by měl být výsledek v c:\log.txt.

Ty jo, ja nevím co to je za program, myslel jsem ze je to neco s Ad-Aware od Lavasoftu... Klidne ho vypraskám, jestli tam nemusí být...


Kazdopadne se tvári jako nejaky spyware... ma v adresari spylogy, errorlogy, adresar registry backup, ale zadny spustitelný soubor....


Coz je divne, protoze v nejakem tom logu bylo C:/program files/adwarealert/adwarealert.exe , ze? kazdopadne zadny takovy soubor v tom adresari není, nebo ho alespon nevidim (skryty ale taky neni)...

Tak ani odstranění tohoto programu nepomohlo, internet neslape...