kontrola logu

meedja23 · Příspěvekod **meedja23** » 27 kvě 2008 18:01

Ahoj, mam problem se suspenzorPC, ESET si s tim neumi poradit, tak zadam o radu vas. Tady je log z HJT. Predem moc dekuji. Meedja23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:31, on 27.5.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dan\AppData\Local\Temp\jkkHAPgd.dll,c
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\Dan\AppData\Local\Temp\uwxomoqn.dll",b
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\Dan\AppData\Local\Temp\hrmneusp.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7928 bytes

Reklama

dog.big · Příspěvekod **dog.big** » 27 kvě 2008 20:57

FIXNI toto
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dan\AppData\Local\Temp\jkkHAPgd.dll,c - ZÁKEŘNÉ
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\Dan\AppData\Local\Temp\hrmneusp.dll",s
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\Dan\AppData\Local\Temp\uwxomoqn.dll",b

Příspěvekod **fredik** » 27 kvě 2008 21:19

Vítej na fóru

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

meedja23 · Příspěvekod **meedja23** » 27 kvě 2008 21:22

Dekuju moc, doufam, ze uz to da pokoj. Davam si na podobnej sajrajt bacha, ale mam novej comp a instaloval sem more veci z netu... Este jednou dekuju za pomoc.

meedja23 · Příspěvekod **meedja23** » 27 kvě 2008 21:46

Ahoj, tady je ten log, porad tam je, smejd jeden....

ComboFix 08-05-26.2 - Dan 2008-05-27 21:30:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1009 [GMT 2:00]
Running from: C:\Users\Dan\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ACER.exe
C:\Windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-27 17:39 . 2008-05-27 17:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 18:11 . 2008-05-25 18:11 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-25 18:11 . 2008-05-25 18:11 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-25 18:10 . 2008-05-25 18:10 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-25 18:10 . 2008-05-25 18:10 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-25 18:10 . 2008-05-25 18:10 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-25 18:10 . 2008-05-25 18:10 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-25 18:10 . 2008-05-25 18:10 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-25 18:10 . 2008-05-25 18:10 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-25 18:08 . 2008-05-25 18:08 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-25 18:08 . 2008-05-25 18:08 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-25 18:08 . 2008-05-25 18:08 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-25 18:08 . 2008-05-25 18:08 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-25 18:08 . 2008-05-25 18:08 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-25 18:08 . 2008-05-25 18:08 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-25 18:08 . 2008-05-25 18:08 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-25 18:08 . 2008-05-25 18:08 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-25 18:07 . 2008-05-25 18:07 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-05-25 18:07 . 2008-05-25 18:07 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-25 18:07 . 2008-05-25 18:07 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-25 18:07 . 2008-05-25 18:07 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-25 18:07 . 2008-05-25 18:07 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-25 18:07 . 2008-05-25 18:07 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-25 18:07 . 2008-05-25 18:07 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-25 18:05 . 2008-05-25 18:05 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-25 18:05 . 2008-05-25 18:05 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-25 18:05 . 2008-05-25 18:05 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-25 18:05 . 2008-05-25 18:05 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-25 18:05 . 2008-05-25 18:05 118 --a------ C:\Windows\System32\MRT.INI
2008-05-25 18:04 . 2008-05-25 18:04 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-25 15:15 . 2008-05-25 15:15 <DIR> d-------- C:\Users\Dan\AppData\Roaming\ICQ Toolbar
2008-05-25 14:49 . 2008-05-25 14:49 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-25 14:49 . 2008-05-25 14:49 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-25 14:49 . 2008-05-25 14:49 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-25 14:49 . 2008-05-25 14:49 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-05-25 14:49 . 2008-05-25 14:49 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-05-25 14:49 . 2008-05-25 14:49 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-05-25 14:49 . 2008-05-25 14:49 43,352 --a------ C:\Windows\System32\wups2.dll
2008-05-25 14:49 . 2008-05-25 14:49 33,624 --a------ C:\Windows\System32\wups.dll
2008-05-25 14:49 . 2008-05-25 14:49 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-05-25 00:13 . 2008-05-25 00:13 <DIR> d-------- C:\Users\All Users\CyberLink
2008-05-25 00:13 . 2008-05-25 00:13 <DIR> d-------- C:\ProgramData\CyberLink
2008-05-24 23:30 . 2008-05-24 23:30 <DIR> d-------- C:\Program Files\VUGames
2008-05-24 18:23 . 2008-05-24 22:18 <DIR> d-------- C:\Program Files\AnyReader
2008-05-24 16:54 . 2008-05-24 16:55 <DIR> d-------- C:\Program Files\Ontrack
2008-05-24 16:51 . 2008-05-24 16:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 16:29 . 2008-05-24 16:29 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-24 16:23 . 2008-05-24 16:23 <DIR> d-------- C:\Users\Dan\AppData\Roaming\DAEMON Tools
2008-05-24 06:05 . 2008-05-24 06:05 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-24 06:05 . 2008-05-24 06:05 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-24 06:05 . 2008-05-24 06:05 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-24 06:05 . 2008-05-24 06:05 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-24 06:04 . 2008-05-24 06:04 <DIR> d-------- C:\Windows\Users
2008-05-24 06:04 . 2008-05-24 06:04 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-24 06:04 . 2008-05-24 06:04 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-24 06:04 . 2008-05-24 06:04 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-24 06:04 . 2008-05-24 06:04 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2008-05-24 06:04 . 2008-05-24 06:04 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-24 06:04 . 2008-05-24 06:04 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-24 06:01 . 2008-05-24 06:01 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-05-24 06:01 . 2008-05-24 06:01 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-05-24 06:01 . 2008-05-24 06:01 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-05-24 06:01 . 2008-05-24 06:01 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-05-24 06:01 . 2008-05-24 06:01 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-05-24 06:01 . 2008-05-24 06:01 5,120 --a------ C:\Windows\System32\wmi.dll
2008-05-24 05:59 . 2008-05-24 06:00 <DIR> d-------- C:\Windows\Lan
2008-05-24 05:59 . 2007-08-09 01:29 2,772,992 --a------ C:\Windows\System32\NETw4r32.dll
2008-05-24 05:59 . 2007-08-08 18:26 2,226,688 --a------ C:\Windows\System32\drivers\NETw4v32.sys
2008-05-24 05:59 . 2007-08-09 01:28 684,032 --a------ C:\Windows\System32\NETw4c32.dll
2008-05-24 05:59 . 2007-04-21 03:56 20,480 --a------ C:\Windows\RUNXMLPL.EXE
2008-05-24 00:50 . 2008-05-24 00:50 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-05-24 00:50 . 2008-05-24 00:49 737,280 --a------ C:\Windows\iun6002.exe
2008-05-23 23:37 . 2008-05-24 19:47 <DIR> d-------- C:\Users\Dan\AppData\Roaming\ICQ
2008-05-23 23:37 . 2008-05-23 23:37 <DIR> d-------- C:\Program Files\ICQToolbar
2008-05-23 23:37 . 2008-05-24 19:47 <DIR> d-------- C:\Program Files\ICQ6
2008-05-23 20:12 . 2008-05-23 20:12 <DIR> d-------- C:\Windows\SUYIN NB Cam
2008-05-23 20:12 . 2008-05-23 20:12 <DIR> d-------- C:\Program Files\CONEXANT
2008-05-23 20:12 . 2008-05-23 20:12 <DIR> d-------- C:\Program Files\Common Files\snp2uvc
2008-05-23 20:12 . 2007-02-07 18:35 1,729,152 --a------ C:\Windows\System32\drivers\snp2uvc.sys
2008-05-23 20:12 . 2006-11-07 15:17 286,720 --a------ C:\Windows\System32\vsnp2uvc.dll
2008-05-23 20:12 . 2007-04-02 18:40 172,032 --a------ C:\Windows\System32\rsnp2uvc.dll
2008-05-23 20:12 . 2005-11-23 13:55 53,248 --a------ C:\Windows\System32\csnp2uvc.dll
2008-05-23 20:12 . 2007-04-24 11:49 45,056 --a------ C:\Windows\PLFSet.dll
2008-05-23 20:12 . 2007-03-30 19:10 28,032 --a------ C:\Windows\System32\drivers\sncduvc.sys
2008-05-23 20:11 . 2008-05-25 18:57 12 --a------ C:\Windows\bthservsdp.dat
2008-05-23 19:38 . 2008-05-23 19:38 <DIR> d-------- C:\Users\Dan\AppData\Roaming\Talkback
2008-05-23 19:32 . 2008-05-23 19:37 <DIR> d-------- C:\Users\Dan\AppData\Roaming\Thunderbird
2008-05-23 19:29 . 2008-05-23 19:29 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-23 19:16 . 2008-01-07 14:29 352 --ah----- C:\Windows\nod32fixtemdono.reg
2008-05-23 19:10 . 2008-05-23 19:10 <DIR> d-------- C:\Users\Dan\AppData\Roaming\ESET
2008-05-23 19:09 . 2008-05-23 19:09 <DIR> d-------- C:\Users\All Users\ESET
2008-05-23 19:09 . 2008-05-23 19:09 <DIR> d-------- C:\ProgramData\ESET
2008-05-23 19:09 . 2008-05-23 19:09 <DIR> d-------- C:\Program Files\ESET
2008-05-23 18:58 . 2008-05-24 17:03 <DIR> d-------- C:\Users\Dan\AppData\Roaming\uTorrent
2008-05-23 18:58 . 2008-05-23 18:58 <DIR> d-------- C:\Program Files\uTorrent
2008-05-23 14:40 . 2008-05-23 14:40 <DIR> d-------- C:\Users\Dan\AppData\Roaming\ATI
2008-05-23 14:40 . 2008-05-23 14:40 <DIR> d-------- C:\Users\All Users\ATI
2008-05-23 14:40 . 2008-05-23 14:40 <DIR> d-------- C:\ProgramData\ATI
2008-05-23 14:39 . 2008-05-24 22:17 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-23 14:35 . 2007-03-02 18:19 76,584 --a------ C:\Windows\System32\drivers\int15.sys
2008-05-23 14:35 . 2007-03-02 18:19 15,656 --a------ C:\Windows\System32\drivers\int15_64.sys
2008-05-23 14:35 . 2007-03-02 18:19 14,544 --a------ C:\Windows\System32\drivers\TVicPort.sys
2008-05-23 14:35 . 2007-03-12 16:30 13,096 --a------ C:\Windows\System32\drivers\zntport64.sys
2008-05-23 14:35 . 2007-03-02 18:19 8,704 --a------ C:\Windows\System32\drivers\TVicPort64.sys
2008-05-23 14:35 . 2007-03-02 18:19 6,080 --a------ C:\Windows\System32\drivers\zntport.sys
2008-05-23 14:34 . 2007-07-17 19:33 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe
2008-05-23 14:34 . 2006-11-12 11:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe
2008-05-23 14:34 . 2006-07-20 10:33 65,536 --a------ C:\Windows\System32\NATTraversal.dll
2008-05-23 14:34 . 2006-11-10 17:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe
2008-05-23 14:34 . 2005-12-09 09:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe
2008-05-23 14:34 . 2006-02-24 11:28 552 --a------ C:\Windows\System32\setup.iss
2008-05-23 14:32 . 2008-05-23 14:32 <DIR> d-------- C:\Windows\System32\i386
2008-05-23 14:32 . 2008-05-23 14:32 <DIR> d-------- C:\Program Files\Launch Manager
2008-05-23 14:32 . 2008-05-23 14:32 83 --a------ C:\Windows\LManager.UNI
2008-05-23 14:31 . 2007-06-13 16:53 90,112 -ra------ C:\Windows\System32\eNetHook.dll
2008-05-23 14:31 . 2008-05-23 14:31 92 --a------ C:\Windows\GridV.UNI
2008-05-23 14:30 . 2008-05-23 14:30 <DIR> d-------- C:\Program Files\CyberLink
2008-05-23 14:30 . 2007-02-07 16:21 29,744 --------- C:\Windows\System32\msxml3a.dll
2008-05-23 14:30 . 2007-01-11 02:52 631 --------- C:\Windows\PDVD.iss
2008-05-23 14:30 . 2007-01-11 02:52 631 --------- C:\PDVD.iss
2008-05-23 14:25 . 2008-05-23 14:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-23 14:25 . 2007-07-12 16:35 305,176 --a------ C:\Windows\System32\drivers\iaStor.sys
2008-05-23 14:24 . 2008-05-23 14:31 <DIR> d-------- C:\Program Files\Acer Inc
2008-05-23 14:23 . 2008-05-23 14:23 <DIR> d-------- C:\Program Files\SUYIN
2008-05-23 14:23 . 2008-05-23 14:23 <DIR> d-------- C:\Program Files\ACER Crystal Eye webcam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 16:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-25 16:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-25 16:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-05-25 16:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-25 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-25 16:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-24 21:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 20:59 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-24 20:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-24 20:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-24 20:16 --------- d-----w C:\ProgramData\Symantec
2008-05-24 20:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 04:04 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-24 04:04 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-05-24 04:04 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-05-24 04:04 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-05-24 04:01 --------- d-----w C:\Program Files\Windows Mail
2008-05-23 12:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-23 12:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 12:25 --------- d-----w C:\Program Files\Intel
2008-05-23 12:24 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-23 12:24 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-05-23 12:24 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-23 12:24 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
2008-05-23 12:24 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-23 12:24 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
2008-05-23 12:24 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-05-23 12:24 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-23 12:24 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-23 12:24 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Plocha
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Oblíbené položky
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Šablony
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Nabídka Start
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Dokumenty
2008-05-23 12:15 --------- d-sh--w C:\ProgramData\Data aplikací
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-25 18:08 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 02:29 4472832 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 21:00 815104]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-24 11:49 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-15 07:45 850704]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"MRT"="C:\Windows\system32\MRT.exe" [2008-05-09 14:35 16863864]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-01-19 19:51:16 711472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{22D9940F-8F03-4884-A0F3-7D979322AE70}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{F36EE04A-5F79-4F6B-93E9-A3D25DC81D27}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{18F9E878-6D6D-4D16-AC40-49D463E529C2}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 02:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 09:36]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 00:03]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-09 00:29]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-09 00:24]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-09 00:27]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 21:35:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

? [11732]
? [14996]
? [49628]
? [56724]
? [57608]
? [58476]
? [18344]
? [22628]
? [22636]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-27 21:36:09
ComboFix-quarantined-files.txt 2008-05-27 19:36:04

Adresářů: 8, Volných bajtů: 87,128,698,880
Adresářů: 13, Volných bajtů: 87,016,402,944

273 --- E O F --- 2008-05-27 15:09:25

Příspěvekod **fredik** » 28 kvě 2008 17:31

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

V logu je vidět pozůstatky po Nortonu, pokud už nic od (Symantecu) nepoužíváš tak použij jejich nástroj na kompletní odinstalování: Norton Removal Tool

Pokud máš ještě problémy, tak udělej toto:
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj + dej sem nový log z HJT

Máš ještě problémy?

meedja23 · Příspěvekod **meedja23** » 28 kvě 2008 17:55

diky moc, zatim to vypada bez problemu....

kontrola logu

kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Kdo je online