odpojování modemu

[czRossi]

prosím o kontrolu logu neustále mi blbne pripojení k netu..díky

Logfile of HijackThis v1.99.1
Scan saved at 22:59:46, on 16.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Documents and Settings\Tomas\Plocha\Rapget\rapget.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Tomas\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Tomas\LOCALS~1\Temp\ScanningProcess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Tomas\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\office\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Tomas\Plocha\Rapget\rapget.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\office\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - http://www.tvkoo.com/update/KooPlayer.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D14E466-1AB0-48F5-A87B-06E33D4B9E4D}: NameServer = 193.165.222.254,193.165.192.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\office\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

[Reklama]

[Baron Prášil]

běží ti rezidentně dva antispy,Spy doctor a Spy Terminator.u jednoho vypni štíty.
taky nemáš firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo

jinak tam nic nevidím,pošli nálezy Mwavu

[czRossi]

TADY JE LOG MWAV ....

Fri Aug 17 15:57:49 2007 => ***** Test dokončen, kontrolu proveďte na http://www.viry.cz. *****

Fri Aug 17 15:57:49 2007 => Testovaných objektů: 30336
Fri Aug 17 15:57:49 2007 => Kritických objektů: 2
Fri Aug 17 15:57:49 2007 => Celkem vyléčených objektů: 0
Fri Aug 17 15:57:49 2007 => Celkem přejmenováno: 0
Fri Aug 17 15:57:49 2007 => Smazaných objektů: 0
Fri Aug 17 15:57:49 2007 => Celkem chyb: 24
Fri Aug 17 15:57:49 2007 => Uplynulý čas: 00:51:42
Fri Aug 17 15:57:49 2007 => Datum vydání databáze: 8/16/2007
Fri Aug 17 15:57:49 2007 => Verze virové databáze: 382944

Fri Aug 17 15:57:49 2007 => Test je dokončen.


Fri Aug 17 15:56:01 2007 => Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 17 15:56:03 2007 => Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.


A TADY NOVY HJTS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:38, on 17.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Documents and Settings\Tomas\Plocha\Rapget\rapget.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\office\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Tomas\Plocha\Rapget\rapget.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\office\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - http://www.tvkoo.com/update/KooPlayer.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D14E466-1AB0-48F5-A87B-06E33D4B9E4D}: NameServer = 193.165.222.254,193.165.192.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\office\Office12\GR99D3~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8564 bytes

[czRossi]

TROCHU JSEM TO PROČISTIL A VYSLEDEK...MWAV

Fri Aug 17 16:36:49 2007 => ***** Test dokončen, kontrolu proveďte na http://www.viry.cz. *****

Fri Aug 17 16:36:49 2007 => Testovaných objektů: 28455
Fri Aug 17 16:36:49 2007 => Kritických objektů: 2
Fri Aug 17 16:36:49 2007 => Celkem vyléčených objektů: 0
Fri Aug 17 16:36:49 2007 => Celkem přejmenováno: 0
Fri Aug 17 16:36:49 2007 => Smazaných objektů: 0
Fri Aug 17 16:36:49 2007 => Celkem chyb: 6
Fri Aug 17 16:36:49 2007 => Uplynulý čas: 00:01:55
Fri Aug 17 16:36:49 2007 => Datum vydání databáze: 4/30/2007
Fri Aug 17 16:36:49 2007 => Verze virové databáze: 307397

Fri Aug 17 16:36:49 2007 => Test je dokončen.

Jenom nevim co je toto níže co jsem objevil v logu a nikde to nemohu najít...

Fri Aug 17 16:35:30 2007 => ERROR!!! Invalid Entry \SystemRoot\System32\Drivers\dtscsi.sys in SYSTEM\CurrentControlSet\Services\dtscsi...

[Baron Prášil]

jo,firewall si měl (sorry byl sem nějak ve spěchu)
štíty si pofackoval. v Mwavu nic neni.
osobně bych kontaktoval providera,než to rozebereme do posledního šroubku.
ten komp je dobře zabezpečenej.
(i když dva štíty antispy běžící najednou jsou horší než dva antiviry)

[czRossi]

hele to jsme se dobre trefili ve stejnou dobu do odpovedi jen se ptam jak je to s temi stity u antispyware ja je mam vyple a stejne mi to ve spustenych procesech psalo ze jedou oba tak jsem terminatora odinstaloval a je klid...zustal jen doctor

[Baron Prášil]

jó,teď je to v poho.
tak ještě udělej Combofix
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah

[czRossi]

tady je ten log combo....

ComboFix 07-08-14.4 - "Tomas" 2007-08-17 17:11:49.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.604 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 17:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 08:42 <DIR> d-------- C:\DOCUME~1\Tomas\DATAAP~1\Google
2007-08-16 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-16 20:58 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-08-16 20:58 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-08-15 12:13 <DIR> d-------- C:\Program Files\Florikey V4.0 Beta
2007-08-15 11:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-15 11:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-14 19:08 <DIR> d-------- C:\Program Files\VoipCheapCom
2007-08-14 18:59 <DIR> d-------- C:\WINDOWS\vf_hip
2007-08-14 18:59 <DIR> d-------- C:\Program Files\Hide IP Platinum
2007-08-14 17:06 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-08-14 17:06 <DIR> d-------- C:\OpenSSL
2007-08-13 21:24 <DIR> d-------- C:\Program Files\Google
2007-08-13 21:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Google
2007-08-12 09:25 <DIR> d-------- C:\DOCUME~1\Tomas\DATAAP~1\teamspeak2
2007-08-10 21:22 <DIR> d-------- C:\Program Files\Webteh
2007-08-05 11:29 <DIR> d-------- C:\Program Files\HLSW
2007-08-05 08:37 <DIR> d-------- C:\Program Files\Activision
2007-08-04 20:32 <DIR> d-------- C:\DOCUME~1\Tomas\DATAAP~1\FreeCall
2007-08-04 18:35 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-08-04 18:35 <DIR> d-------- C:\Program Files\ffdshow
2007-08-04 14:47 <DIR> d-------- C:\Program Files\iSkoot
2007-08-03 21:25 <DIR> d-------- C:\DOCUME~1\Tomas\DATAAP~1\VoipCheapCom
2007-07-29 12:24 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-29 12:24 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-29 11:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-28 19:56 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-28 19:56 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-28 19:56 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-28 19:56 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-28 18:22 <DIR> d-------- C:\!KillBox
2007-07-27 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\TrackMania United
2007-07-27 14:17 <DIR> d-------- C:\Program Files\TrackMania United
2007-07-26 20:29 <DIR> d-------- C:\Program Files\Centauri
2007-07-24 18:21 <DIR> d-------- C:\DOCUME~1\Tomas\DATAAP~1\Pointstone
2007-07-24 18:14 <DIR> d-------- C:\Program Files\Common Files\Pointstone
2007-07-23 17:01 <DIR> d-------- C:\Program Files\GamePark
2007-07-22 12:45 <DIR> d-------- C:\Program Files\Registry Medic
2007-07-22 11:08 <DIR> d-------- C:\ferrari_hub
2007-07-21 17:51 <DIR> d-------- C:\Strong DC Ferrari edition


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 17:18 1399584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-17 17:16 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-17 17:06 --------- d-------- C:\Program Files\ICQ
2007-08-17 16:27 --------- d-------- C:\Program Files\Spyware Terminator
2007-08-16 23:39 5024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-16 23:39 37408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-16 23:39 20048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-16 08:37 --------- d-------- C:\Program Files\BitComet
2007-08-12 21:34 --------- d-------- C:\Program Files\Theorica Divx Codecs
2007-08-12 17:10 --------- d-------- C:\Program Files\Codec Pack - All In 1
2007-08-10 21:33 737280 --a------ C:\WINDOWS\iun6002.exe
2007-08-06 14:55 --------- d-------- C:\Program Files\Strong DC Ferrari edition
2007-08-05 08:45 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 20:31 --------- d-------- C:\Program Files\Media Player Classic
2007-08-04 14:56 --------- d-------- C:\DOCUME~1\Tomas\DATAAP~1\Skype
2007-08-02 21:46 --------- d-------- C:\Program Files\Registry Mechanic
2007-07-31 13:00 --------- d-------- C:\DOCUME~1\Tomas\DATAAP~1\Xfire
2007-07-29 21:52 --------- d-------- C:\DOCUME~1\Tomas\DATAAP~1\Hamachi
2007-07-29 21:51 264 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-29 14:28 --------- d---s---- C:\Program Files\Xfire
2007-07-29 11:35 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-28 21:24 --------- d-------- C:\Program Files\RegScrubXP
2007-07-23 09:01 --------- d-------- C:\Program Files\EasyCleaner
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-05 09:20 --------- d-------- C:\Program Files\TRANSLAT
2007-06-27 16:10 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 19:16 --------- d-------- C:\Program Files\Counter-Strike 1.6
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:49 --------- d-------- C:\Program Files\EA SPORTS
2007-06-19 20:46 --------- d-------- C:\Program Files\br3
2007-06-19 20:39 --------- d-------- C:\Program Files\!KillBox
2007-06-19 16:02 --------- d-------- C:\Program Files\Vstep
2007-06-19 16:02 --------- d-------- C:\Program Files\Electronic Arts
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 18:11 --------- d-------- C:\Program Files\Mindscape
2007-06-13 15:23 1033728 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-05-24 19:05 6 --a------ C:\Program Files\guid.eye
2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 13:30 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-25 23:31 411 --a------ C:\Program Files\INSTALL.LOG
2003-07-06 14:07 372736 --a------ C:\Program Files\IJL15.DLL
2002-10-06 20:37 53760 --a------ C:\Program Files\zlib.dll
2001-12-04 03:08 413696 --a------ C:\Program Files\Game.exe
2001-10-17 15:48 40960 --a------ C:\Program Files\Language.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-12-15 06:01 C:\WINDOWS\system32\nwiz.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-13 20:33]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 07:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 C:\WINDOWS\mHotkey.exe]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57]
"GrooveMonitor"="D:\office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-05 21:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01]
"Rapget"="C:\Documents and Settings\Tomas\Plocha\Rapget\rapget.exe" [2007-06-24 20:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2007-08-13 21:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Mirabilis ICQ"=C:\PROGRA~1\ICQ\ICQNet.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
R4 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S4 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-08-17 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-07-22 15:55:20 C:\WINDOWS\Tasks\RegistryMedicAuotScan.job - C:\Program Files\Registry Medic\RegMedical.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 17:17:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc29.tmp"

Completion time: 2007-08-17 17:21:33
C:\ComboFix-quarantined-files.txt ... 2007-08-17 17:21

--- E O F ---