prosim o kontrolu logu. dik

[AlCapone03]

po nejakem case (1-2 hodiny) mi pada net:( ( zhasnou svetla na modemu )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:10, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QIP\qip.exe
D:\jaja\Opera\9.10\Opera.exe
E:\Bitlord\BitLord.exe
C:\Documents and Settings\Jakub\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DamageCopier 3 (media manager)] C:\Program Files\Evolution Labs\DamageCopier 3.1\mmanager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{427D6B67-A771-4186-8948-1CD193A7DFA3}: NameServer = 10.8.140.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{F748935C-6ABC-4976-AC00-ECFC5C26F52F}: NameServer = 194.228.41.65 194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{427D6B67-A771-4186-8948-1CD193A7DFA3}: NameServer = 10.8.140.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{427D6B67-A771-4186-8948-1CD193A7DFA3}: NameServer = 10.8.140.81
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5268 bytes

[Reklama]

[Anonym]

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
to jsou jen zbytecnosti... mno nevim mozna použij toto:

//neraď něco fixnout když nevíš co to znamená a je to korektní a v pořádku
záznam odstraněn
fredik

Nejspíš to vypadá na ComboFix, proto postupuj dle návodu:

Zde si stáhnete ComboFix
Uložte na plochu!!!
Ukončete všechna okna.
Po spuštění: potvrď je stiskem klávesy 1
Dělej co ti Combofix nařídí,neklikej do oken která se ti zobrazují
Skončí skenování: zobrazí se nejspíš log který pošleš.
Jestli se ti náhodou log nezobrazí, tak ho najdeš zde: C:\ComboFix.txt
Ať už log dostaneš buď tím prvním nebo druhým tak pošli celý jeho obsah!
Ke Combofixu vše
***********************************************************************************************************************

[AlCapone03]

ComboFix 08-01-29.3 - Jakub 2008-01-29 20:17:38.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.300 [GMT 1:00]
Running from: C:\Documents and Settings\Jakub\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\MyWay\Cache\SmileyCentralBtn.html
C:\WINDOWS\NDNuninstall4_85.exe

----- BITS: Possible infected sites -----

hxxp://10.8.140.86
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-22 15:38 . 2008-01-22 15:38 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-18 23:00 . 2008-01-20 18:50 <DIR> d-------- C:\Program Files\File Scavenger 3.2
2008-01-18 22:44 . 2008-01-18 22:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-18 22:29 . 2008-01-18 22:35 8,192 --a------ C:\WINDOWS\system32\vxdblock.exe
2008-01-18 22:08 . 2008-01-18 22:08 <DIR> d-------- C:\Documents and Settings\Jakub\Data aplikací\AltrixSoft
2008-01-18 19:15 . 2008-01-18 19:15 <DIR> d-------- C:\Program Files\Runtime Software
2008-01-18 14:32 . 2008-01-18 14:32 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\InterVideo
2008-01-18 14:28 . 2008-01-18 14:29 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\BSplayer Pro
2008-01-09 16:37 . 2008-01-09 16:37 <DIR> d-------- C:\Program Files\SMPlayer
2008-01-09 16:37 . 2008-01-09 16:37 <DIR> d-------- C:\Documents and Settings\Jakub\.smplayer
2008-01-09 16:19 . 2008-01-09 16:19 <DIR> d-------- C:\Program Files\rulesPlayer
2008-01-09 15:22 . 2008-01-09 15:22 <DIR> d-------- C:\Program Files\FLVPlayer
2008-01-06 13:44 . 2008-01-06 13:44 <DIR> d-------- C:\Program Files\Tracker Software
2008-01-06 13:44 . 2004-12-07 06:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-06 13:38 . 2008-01-06 13:38 <DIR> d-------- C:\Program Files\PDF2Word v1.4
2008-01-06 13:38 . 2008-01-06 13:38 1,024 --a------ C:\WINDOWS\system32\pdf2word.DAT
2008-01-06 13:38 . 2008-01-06 13:38 92 --a------ C:\WINDOWS\pdf2rtf.INI
2008-01-06 13:29 . 2008-01-06 13:29 <DIR> d-------- C:\Program Files\Smart PDF Converter
2008-01-06 13:14 . 2008-01-06 13:19 <DIR> d-------- C:\Program Files\ABC Amber PDF Converter
2008-01-02 14:00 . 2008-01-02 14:00 58,251 --a------ C:\Calc.exe
2008-01-02 14:00 . 2008-01-02 14:00 305 --a------ C:\return
2008-01-02 14:00 . 2008-01-02 14:00 49 --a------ C:\calc.bat
2007-12-30 16:02 . 2007-12-30 16:02 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:10 332 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-30 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:47 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\uTorrent
2007-12-28 20:39 --------- d-----w C:\Program Files\uTorrent
2007-12-26 14:46 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-12-26 14:46 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-12-26 14:46 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-12-25 16:07 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-12-25 16:05 --------- d-----w C:\Program Files\Samsung
2007-12-24 18:55 --------- d-----w C:\Program Files\MediaCoder
2007-12-24 18:55 --------- d-----w C:\Program Files\High Quality Photo Resizer
2007-12-24 18:54 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-24 18:54 --------- d-----w C:\Program Files\Cliprex DS DVD Player
2007-12-24 18:54 --------- d-----w C:\Program Files\AVSMedia
2007-12-24 18:13 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\ICQ
2007-12-24 12:26 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\MEGAUPLOADTOOLBAR
2007-12-24 09:28 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\CyberLink
2007-12-20 17:48 --------- d-----w C:\Program Files\CyberLink
2007-12-16 14:13 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\gtk-2.0
2007-12-16 14:04 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-12 16:00 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\GeoVid
2007-12-10 12:12 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\Orbit
2007-12-10 05:53 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Orbit
2007-12-08 11:53 --------- d-----w C:\Program Files\N-case
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-30 14:32 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Sports Interactive
2007-11-30 14:06 --------- d--h--r C:\Documents and Settings\Radek\Data aplikací\SecuROM
2007-11-30 14:05 --------- d--h--w C:\Program Files\Zero G Registry
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-08-22 15:57 15360]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"9xadiras"="9xadiras.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"DamageCopier 3 (media manager)"="C:\Program Files\Evolution Labs\DamageCopier 3.1\mmanager.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-08-22 15:57 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2005-08-22 15:57 389632 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00 734872]
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe [2007-07-12 08:43:44 929889]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 10:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 10:05]
R3 ELNK3;3Com EtherLink III;C:\WINDOWS\system32\DRIVERS\elnk3.sys [2001-08-17 19:10]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2005-08-22 15:59]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9522c530-5d3c-11dc-ae7b-4d6564696130}]
\Shell\AutoRun\command - G:\autorun.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 20:22:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-29 20:24:44
ComboFix-quarantined-files.txt 2008-01-29 19:24:36
.
2007-07-11 06:10:19 --- E O F ---

[AlCapone03]

kdyz me to odpoji z netu a zhasne mi modem...kdyz odpojim kabel z modemu do PC ,tak se ukaze modra obrazovka s napisem : zkontrolujte esi naist.hardware pracuje spravne,nebo esi je spravne nainst. nebo neco takoveho........:(