HELP PLS !!!

Praha81 · Příspěvek od **Praha81** » ned 13. črc 2008, 12:18

Zdravím, nějak mi hapruje ten můj šrot... mohl by někdo z logů vyčíst jestli tam není neco ?
Děkuji Tomáš

HTJ log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:50, on 13.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Q.ADMIN1\Plocha\HJTInstall.exe
C:\Documents and Settings\Q.ADMIN1\Plocha\HJTInstall.exe
C:\Program Files\kontrola systemu\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\Cleaner\SystemWiper.exe m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {702B8921-6171-4375-A8DA-474D4054B8CA} (ICAEnroll Class) - https://download.ica.cz/ICAEnroll.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Combo log :

ComboFix 08-07-12.2 - Q 2008-07-13 12:09:23.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.100 [GMT 2:00]
Running from: C:\Documents and Settings\Q.ADMIN1\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 12:05 . 2008-07-13 12:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-13 12:05 . 2008-07-13 12:05 <DIR> d-------- C:\Program Files\kontrola systemu
2008-07-12 03:31 . 2008-07-13 01:37 <DIR> d-------- C:\Program Files\eMule
2008-07-07 02:41 . 2008-07-07 02:41 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-06 21:15 . 2008-07-06 21:15 <DIR> d-------- C:\Program Files\aTube Catcher
2008-06-25 21:26 . 2008-06-25 21:26 <DIR> d-------- C:\Program Files\Spybot
2008-06-25 21:26 . 2008-07-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-06-25 21:09 . 2008-06-25 21:09 <DIR> d-------- C:\Program Files\Defraggler
2008-06-25 16:30 . 2008-06-25 16:30 <DIR> d-------- C:\Program Files\Cleaner
2008-06-16 21:42 . 2008-06-16 21:42 232,034 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1593.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 09:52 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\OpenOffice.org2
2008-07-12 09:14 --------- d-----w C:\Program Files\WinClamAVShield
2008-07-12 09:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2008-07-11 01:27 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\Spyware Terminator
2008-07-08 21:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-06 19:15 --------- d-----w C:\Program Files\Xvid
2008-06-25 19:23 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\Skype
2008-06-25 14:55 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\skypePM
2008-06-24 20:54 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 14:24 --------- d-----w C:\Program Files\QIP
2008-06-07 19:10 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\Yahoo!
2008-06-07 19:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Yahoo!
2008-06-07 19:09 --------- d-----w C:\Program Files\Youtube downloader
2008-06-06 17:20 --------- d-----w C:\Program Files\Yahoo!
2008-06-02 00:37 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-01 22:45 --------- d-----w C:\Program Files\Java
2008-05-30 22:07 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-30 11:37 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\ICQ
2008-05-28 15:43 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\VoipBuster
2008-05-25 14:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 14:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sony Ericsson
2008-05-25 14:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BVRP Software
2008-05-24 17:56 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\gtk-2.0
2008-05-24 09:14 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 08:33 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\CDBurnerXP_Soft
2008-05-24 08:32 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-24 08:27 --------- d-----w C:\Program Files\MSBuild
2008-05-24 08:12 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-14 23:59 --------- d-----w C:\Program Files\CCleaner
2008-05-14 23:58 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-14 22:50 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\Phantasmagoria
2008-05-14 18:43 --------- d-----w C:\Program Files\Free Video to Mp3 Converter
2008-05-13 05:56 --------- d-----w C:\Documents and Settings\Q.ADMIN1\Data aplikací\NCH Swift Sound
2008-05-13 05:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-01-16 21:42 32 -c--a-w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ezsid.dat
2007-10-04 01:51 87,608 -c--a-w C:\Documents and Settings\admin\Data aplikací\ezpinst.exe
2007-10-04 01:51 47,360 -c--a-w C:\Documents and Settings\admin\Data aplikací\pcouffin.sys
2001-11-23 20:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [2008-06-05 10:48 2113360]
"iIWiper"="C:\Program Files\Cleaner\SystemWiper.exe" [2004-08-28 21:11 258048]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 16:50 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-09 19:56 1817600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 15:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a--c--- 2006-11-13 16:50 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-07-28 15:19 4841472 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2003-07-28 15:19 49152 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-05-09 19:56 1817600 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a--c--- 2002-01-29 02:16 1228800 C:\WINDOWS\mixer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Q.ADMIN1\\Plocha\\system\\sdc\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24748:TCP"= 24748:TCP:BitComet 24748 TCP
"24748:UDP"= 24748:UDP:BitComet 24748 UDP
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"990:TCP"= 990:TCP:ac
"999:TCP"= 999:TCP:a
"5678:TCP"= 5678:TCP:tcp
"5679:TCP"= 5679:TCP:tcp
"5721:TCP"= 5721:TCP:tcp
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-09 19:56]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-20 23:55]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2004-08-17 15:49]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 04:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ba786a0-2102-11dc-a17e-806d6172696f}]
\Shell\AutoRun\command - E:\reactos\welcome.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 09:29:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B71160B2-E175-4873-9476-538F4E0CFA80}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 12:12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-13 12:15:46
ComboFix-quarantined-files.txt 2008-07-13 10:14:51
ComboFix2.txt 2008-07-13 09:34:31

Adresářů: 10, Volných bajtů: 5,861,756,928
Adresářů: 13, Volných bajtů: 5,849,657,344

163 --- E O F --- 2008-06-20 07:18:01

2) automaticky se mi spouští WMPlayer - pokud ho vypnu, je správci,ale když ho tam ukončím automaticky se zapne, ale jen jako na pozadí nezobrazí se ve aplikacích. - ???

Díky moc

Teuzz · Příspěvek od **Teuzz** » ned 13. črc 2008, 15:13

Než budeš po někom chtít, aby četl tenhle román, mohl bys napsat alespoň normální nadpis a trochu konkrétněji než "nějak mi hapruje" popsat svůj problém, abychom věděli, co hledat.

První část HJT je podle mě čistá.

Příspěvek od **Dzin** » ned 13. črc 2008, 15:36

Co to je hapruje? Popiš konktrétneji problem!
Okdy to delá, co to děla...
Oprav si název threadu nebo to letí na smeťák!