Prosím o kontrolu logu

[cranberiss]

Není to z mého pc, ale je tam podle mě dost přebytečných věcí.
A ještě dašlí takový problém, v Mozille Firefox (nejn. verze) se nechcou zobrazit některé stránky (v IE se zobrazí v pohodě), nevíte náhodou čím to je ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:54, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\QIP\qip.exe
D:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [848c40b7] rundll32.exe "C:\WINDOWS\system32\vusoxewt.dll",b
O4 - HKLM\..\Run: [BM87bf732b] Rundll32.exe "C:\WINDOWS\system32\frhigwdw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 4883 bytes

[Reklama]

[zlobyl]

Řekl bych, že je tam nezvaný host.

Použij ComboFix:

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Před jeho použitím ještě vypni rezidentní štít Eset Smart Security!

[cranberiss]

ComboFix 08-06-05.3 - Dan 2008-06-06 18:51:59.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.101 [GMT 2:00]
Running from: C:\Documents and Settings\Dan\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM87bf732b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\auecabnt.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\frhigwdw.dll
C:\WINDOWS\system32\gqbnkffe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npgfhbkp.ini
C:\WINDOWS\system32\pkbhfgpn.dll
C:\WINDOWS\system32\twexosuv.ini
C:\WINDOWS\system32\uRljIxxw.dll
C:\WINDOWS\system32\wxxIjlRu.ini
C:\WINDOWS\system32\wxxIjlRu.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 18:56 . 2008-06-06 18:56 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-06 18:56 . 2008-06-06 18:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-06 18:47 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-06 18:46 . 2008-06-06 18:46 <DIR> d-------- C:\NVIDIA
2008-06-06 18:19 . 2008-06-06 18:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-06 18:09 . 2008-06-06 18:11 <DIR> d-------- C:\Documents and Settings\Dan\Nov slo§ka
2008-06-06 17:49 . 2008-06-06 17:50 <DIR> d-------- C:\Program Files\Free Download Manager
2008-06-05 17:59 . 2008-06-05 17:59 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-05 15:45 . 2008-06-05 15:45 <DIR> d-------- C:\Program Files\JetAudio
2008-06-05 15:45 . 2008-06-05 15:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 15:45 . 2008-06-05 15:45 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-06-05 15:29 . 2008-06-05 15:33 <DIR> d-------- C:\Program Files\Webteh
2008-06-05 14:07 . 2008-06-05 14:07 <DIR> d-------- C:\Downloads
2008-06-05 08:10 . 2008-06-05 08:10 <DIR> d-------- C:\Documents and Settings\Taśulda
2008-06-04 18:37 . 2008-06-05 06:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-04 18:29 . 2008-06-04 18:29 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-06-04 18:23 . 2008-06-04 18:26 <DIR> d-------- C:\WINDOWS\nview
2008-06-04 18:23 . 2004-07-15 11:42 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-04 18:23 . 2004-07-15 11:42 13,474 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 18:22 . 2008-06-06 18:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 21:36 . 2008-06-04 18:00 <DIR> d-------- C:\Program Files\QIP
2008-06-03 21:33 . 2008-06-03 21:33 25 --a------ C:\WINDOWS\mixerdef.ini
2008-06-03 21:30 . 2008-06-03 21:30 <DIR> d-------- C:\Program Files\C-Media
2008-06-03 21:13 . 2004-08-04 01:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-06-03 21:12 . 2004-08-17 17:43 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-03 21:12 . 2001-08-17 23:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-06-03 21:10 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-03 21:10 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-03 21:09 . 2008-06-05 08:12 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-03 21:09 . 2008-06-06 18:56 <DIR> dr------- C:\Program Files
2008-06-03 21:09 . 2008-06-03 19:52 1,131,204 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-06-03 21:09 . 2008-06-03 19:25 4,249 --a------ C:\WINDOWS\ODBCINST.INI
2008-06-03 21:09 . 2008-06-03 19:43 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-03 21:08 . 2008-06-03 19:18 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-06-03 21:08 . 2008-06-03 19:27 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-06-03 21:08 . 2008-06-03 19:28 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-06-03 21:08 . 2008-06-05 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-06-03 21:08 . 2008-06-03 19:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-06-03 21:08 . 2008-06-03 19:21 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-06-03 21:08 . 2008-06-06 18:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-06-03 21:07 . 2008-06-03 19:41 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-03 21:07 . 2008-06-03 19:23 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-03 21:07 . 2008-06-05 08:10 <DIR> d-------- C:\Documents and Settings
2008-06-03 21:06 . 2008-06-03 19:32 932 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 15:35 --------- d-----w C:\Program Files\IrfanView
2008-06-06 15:35 --------- d-----w C:\Program Files\BitComet
2008-06-04 15:15 --------- d-----w C:\Program Files\Eset
2008-06-03 17:50 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-03 17:41 --------- d-----w C:\Program Files\Windows Defender
2008-06-03 17:41 --------- d-----w C:\Program Files\Ahead
2008-06-03 17:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-03 17:32 --------- d-----w C:\Program Files\Total Commander
2008-06-03 17:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 17:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-03 17:27 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-03 17:27 --------- d-----w C:\Program Files\RocketDock
2008-06-03 17:27 --------- d-----w C:\Program Files\7-Zip
2008-06-03 17:26 --------- d-----w C:\Program Files\Java
2008-06-03 17:26 --------- d-----w C:\Program Files\Common Files\Java
2008-06-03 17:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-26 11:51 139,264 ----a-w C:\WINDOWS\cmuninst.exe
2008-04-26 11:51 1,855,488 ----a-w C:\WINDOWS\mixer.exe
.

------- Sigcheck -------

2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2qfe\tcpip.sys
2007-12-27 12:47 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A8A5ED1-438A-4D49-86D6-DF090483948C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63AB48C9-01A8-495C-8194-A715DB8A37A2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"C-Media Mixer"="Mixer.exe" [2008-04-26 13:51 1855488 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 04:54 1443072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"848c40b7"="C:\WINDOWS\system32\pkbhfgpn.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBSIyX]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7098:TCP"= 7098:TCP:BitComet 7098 TCP
"7098:UDP"= 7098:UDP:BitComet 7098 UDP

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 SAMPXP;10/100 Mbps PCI Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\SAMPXP.sys [2002-02-01 10:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b370fbf1-319e-11dd-af1b-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 16:59:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:56:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Eset\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2008-06-06 18:59:46 - machine was rebooted [Dan]
ComboFix-quarantined-files.txt 2008-06-06 16:59:40

Adresářů: 9, Volných bajtů: 16,078,270,464
Adres ý…: 12, Volněch bajt…: 16,103,165,952

175 --- E O F --- 2008-06-04 16:38:40




A co prosím s tím prohlížečem ? (viz má první zpráva)

[zlobyl]

S tím prohlížečem teď nevím, ale PC byl nakažen a na to se teď zaměřuji.

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"848c40b7"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBSIyX]

Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)



Pak sem dej log, který ti z něj vyleze a nový log z HJT.