prosím o kontrolu

[cibi]

ALogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:01, on 26.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\doma\LOCALS~1\Temp\Dočasný adresář 1 pro HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk.disabled
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBC248B-CA24-4AE9-91E3-D8F79FFBF267}: NameServer = 80.251.252.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 4654 bytes

[Reklama]

[Baron Prášil]

Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.

nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

[cibi]

SDFix spuštěn,ale po čištění jsem žádný *txt od SDFix v PC nenašel

Nový log HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:40, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\doma\LOCALS~1\Temp\Dočasný adresář 2 pro HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk.disabled
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBC248B-CA24-4AE9-91E3-D8F79FFBF267}: NameServer = 80.251.252.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 4589 bytes

[Baron Prášil]

ok.tohle je teda dobráček

spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi ICF zastav a typ spuštění dej na zakázáno(nemusí to jít,neva)

potom použij COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

zkontroluj jestli ti běží alespoň firewall ve win(ale poctivej firewall by byl lepčejší )

[cibi]

ICF není spuštěn , nejde taky zastavit

ComboFix 08-02-25.3 - doma 2008-02-27 13:10:51.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.143 [GMT 1:00]
Running from: C:\Documents and Settings\doma\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ICF
-------\LEGACY_WINCOM32
-------\ICF
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-27 12:17 . 2008-02-27 12:17 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-27 12:17 . 2008-02-27 12:17 <DIR> d-------- C:\Program Files\CheckPoint
2008-02-27 12:17 . 2008-02-27 12:17 144 --a------ C:\WINDOWS\system32\lkfl.dat
2008-02-27 12:17 . 2008-02-27 13:02 96 --a------ C:\WINDOWS\system32\pdfl.dat
2008-02-27 12:17 . 2008-02-27 12:17 96 --a------ C:\WINDOWS\system32\ibfl.dat
2008-02-27 10:33 . 2007-01-20 18:33 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-02-27 10:33 . 2008-02-27 10:52 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-27 10:33 . 2007-01-20 19:22 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-02-27 10:27 . 2008-02-27 11:19 <DIR> d-------- C:\SDFix
2008-02-21 13:54 . 2008-02-24 13:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-21 13:54 . 2008-02-21 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 19:52 . 2008-02-19 20:47 <DIR> d-------- C:\Program Files\Eurotran XP
2008-02-19 13:37 . 2008-02-21 13:08 238 --a------ C:\WINDOWS\mafosav.INI
2008-02-19 13:36 . 2008-02-19 13:36 <DIR> d-------- C:\Buziol Games
2008-02-19 13:24 . 2008-02-19 13:24 <DIR> d-------- C:\Program Files\CartmansAuthoritah
2008-02-19 09:24 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-19 09:24 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-19 09:24 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-19 09:24 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-18 23:12 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys
2008-02-18 21:07 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys
2008-02-18 21:07 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys
2008-02-18 21:07 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys
2008-02-18 21:07 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys
2008-02-09 14:57 . 2007-01-20 18:33 <DIR> d--h----- C:\Documents and Settings\Sten\ćablony
2008-02-09 14:57 . 2008-02-09 16:49 <DIR> d-------- C:\Documents and Settings\Sten\Plocha
2008-02-09 14:57 . 2007-01-20 19:22 <DIR> d--h----- C:\Documents and Settings\Sten\Okolnˇ tisk rny
2008-02-09 14:57 . 2008-02-09 15:23 <DIR> d--h----- C:\Documents and Settings\Sten\Okolnˇ sˇś
2008-02-09 14:57 . 2008-02-09 22:09 <DIR> dr------- C:\Documents and Settings\Sten\Oblˇben‚ polo§ky
2008-02-09 14:57 . 2007-01-20 19:22 <DIR> dr------- C:\Documents and Settings\Sten\Nabˇdka Start
2008-02-09 14:57 . 2008-02-09 15:06 <DIR> dr------- C:\Documents and Settings\Sten\Dokumenty
2008-02-09 14:57 . 2008-02-09 16:03 <DIR> dr-h----- C:\Documents and Settings\Sten\Data aplikacˇ
2008-01-28 23:07 . 2008-02-21 10:17 10,757 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr
2008-01-28 23:07 . 2008-02-21 13:52 9,696 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-01-27 15:12 . 2004-01-27 20:50 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2008-01-27 15:12 . 2004-01-27 20:51 290,816 --a------ C:\WINDOWS\system32\3ivxDSDecoder.ax
2008-01-27 08:36 . 2008-02-10 18:16 <DIR> dr------- C:\Mˇça

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 11:17 --------- d-----w C:\Program Files\CheckPoint
2008-01-26 19:23 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-01-26 08:36 606,848 ----a-w C:\WINDOWS\flashax.exe
2008-01-26 08:36 12,288 ----a-w C:\WINDOWS\impborl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-24 10:54 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-04 13:22 286720]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-02-07 13:28 262144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 07:32 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeCall"="D:\PROGRAMY\FreeCall\FreeCall.exe" -nosplash -minimized
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ICQ Lite"="D:\PROGRAMY\ICQLite\ICQLite.exe" -minimize
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"FixCamera"=C:\WINDOWS\FixCamera.exe
"snpstd3"=C:\WINDOWS\vsnpstd3.exe
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"=
"D:\\PROGRAMY\\FreeCall\\FreeCall.exe"=
"D:\\PROGRAMY\\Bluesoleil\\BlueSoleil.exe"=
"D:\\PROGRAMY\\ICQLite\\ICQLite.exe"=
"D:\\PROGRAMY\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mt3d.sys [2001-08-17 21:50]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-06-29 19:09]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-06-29 19:09]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-06-29 19:09]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-06-29 19:09]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-06-29 19:09]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35628942-b3a9-11dc-8865-0011675a9d7e}]
\Shell\AutoRun\command - F:\AutoTransfer.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 13:17:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\wscntfy.exe
D:\DC:\WINDOWS\System32\svchost.exe
.
**************************************************************************
.
Completion time: 2008-02-27 13:20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 12:20:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:11, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
D:\DĚDA\PROGRAMY\Bluesoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\doma\LOCALS~1\Temp\Dočasný adresář 1 pro HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk.disabled
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BlueSoleil.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\PROGRAMY\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBC248B-CA24-4AE9-91E3-D8F79FFBF267}: NameServer = 80.251.252.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 4301 bytes

[Baron Prášil]

z mýho pohledu ok.ale pořád chybí firewall.takže-co dělá komp?

[cibi]

Komp jede,ale Zone ALarm nešlo spustit nastavení ,tak jsem jej odebral a mám pouze firewall WIN

[Baron Prášil]

v tom případě zvýýýýšená opatrnost.ale lépe zkusit jinej fw

[cibi]

Něco tam nainstaluji. Zatím děkuji za pomoc.

[Baron Prášil]

za nic