Prosím o preventívnu kontrolu logu

JANíčOK · Příspěvekod **JANíčOK** » 16 kvě 2009 21:32

Prosím o preventívnu kontrolu logu z HiJackThis.
Ďakujem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:58, on 16.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1123561945-746137067-1417001333-1017\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5341 bytes

Reklama

Damned · Příspěvekod **Damned** » 16 kvě 2009 21:58

V logu nevidím nic špatné, přesto pro jistotu:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

JANíčOK · Příspěvekod **JANíčOK** » 16 kvě 2009 22:56

Ďakujem za rýchlu reakciu! Posielam log z Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2142
Windows 5.1.2600 Service Pack 2

16.5.2009 22:50:52
mbam-log-2009-05-16 (22-50-48).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 110739
Uplynutý cas: 3 minute(s), 51 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

Damned · Příspěvekod **Damned** » 16 kvě 2009 23:15

Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Vypni rezidentní štíty Esetu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

JANíčOK · Příspěvekod **JANíčOK** » 17 kvě 2009 14:32

Posielam log z ComboFix-u a prosím o kontrolu.

ComboFix 09-05-16.05 - janbeno 17.05.2009 14:19.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1023.639 [GMT 2:00]
Running from: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\LegitCheckControl.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 20:43 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 20:43 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 20:43 . 2009-05-16 20:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 19:26 . 2009-05-16 19:26 -------- d-----w c:\program files\Trend Micro
2009-05-16 19:20 . 2009-05-16 19:22 -------- d-----w c:\program files\ELIS
2009-05-16 19:20 . 1997-01-22 14:34 312320 ----a-w c:\windows\IsUninst.exe
2009-05-14 08:14 . 2005-06-15 01:00 102400 ----a-w c:\windows\system32\tsccvid.dll
2009-05-13 14:20 . 2009-05-13 14:20 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-13 14:18 . 2009-05-13 14:18 -------- d-----w c:\program files\Common Files\Skype
2009-05-13 14:18 . 2009-05-13 14:28 -------- d-----r c:\program files\Skype
2009-05-13 07:05 . 2009-05-13 07:05 -------- d-----w c:\program files\MSXML 4.0
2009-05-13 07:05 . 2009-05-13 07:05 -------- d-----w c:\program files\OLYMPUS
2009-05-13 06:48 . 2009-05-13 06:48 -------- d-----w c:\windows\system32\QuickTime
2009-05-13 06:48 . 2004-06-08 15:41 319488 ------w c:\windows\system32\Pvmjpg21.dll
2009-05-13 06:48 . 2000-07-05 00:16 9688 ------w c:\windows\system32\drivers\cdrbsvsd.sys
2009-05-13 06:48 . 2001-04-10 14:16 13184 ------w c:\windows\system32\drivers\bsaspi32.sys
2009-05-13 06:48 . 2004-03-08 10:55 13567 ------w c:\windows\system32\drivers\CDRBSDRV.SYS
2009-05-13 06:46 . 2009-05-13 06:46 -------- d-----w c:\program files\QuickTime Alternative
2009-05-13 04:45 . 2009-05-13 04:45 -------- d-----w c:\program files\CCleaner
2009-05-13 04:44 . 2009-05-13 04:45 -------- d-----w c:\program files\RegCleaner
2009-05-13 04:26 . 2009-05-13 04:26 -------- d-----w c:\program files\ProductViewExpress
2009-05-13 04:14 . 2009-05-13 09:03 -------- d-----w C:\users
2009-05-13 03:54 . 2009-05-13 03:54 -------- d-----w c:\program files\ConTEXT
2009-05-12 11:50 . 2009-05-12 11:50 -------- d-----w c:\windows\system32\URTTEMP
2009-05-12 09:25 . 2009-05-12 10:38 -------- d-----w c:\program files\Microsoft Games
2009-05-12 08:54 . 2009-05-12 08:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 08:53 . 2009-05-12 08:53 -------- d-----w c:\program files\Java
2009-05-12 08:42 . 2009-05-12 08:42 -------- d-----w c:\windows\SHELLNEW
2009-05-12 08:26 . 2009-05-12 08:26 -------- d-----w c:\program files\IrfanView
2009-05-12 08:00 . 2009-04-29 09:08 278528 ------w c:\windows\system32\fppr332.dll
2009-05-12 08:00 . 2009-04-28 17:48 385024 ------w c:\windows\system32\fppmon3.dll
2009-05-12 07:18 . 2006-06-27 03:40 12800 -c----w c:\windows\system32\dllcache\WgaTray.exe
2009-05-12 07:18 . 2006-06-27 03:40 3584 -c----w c:\windows\system32\dllcache\WgaLogon.dll
2009-05-12 07:09 . 2009-05-12 07:09 -------- d-----w c:\windows\system32\drivers\umdf
2009-05-12 06:58 . 2009-05-12 06:57 737280 ----a-w c:\windows\iun6002.exe
2009-05-12 06:58 . 2009-05-12 06:58 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-11 18:31 . 2009-05-11 18:53 -------- d-----w c:\program files\Autodesk
2009-05-11 18:28 . 2009-05-11 18:29 -------- d-----w c:\program files\AOEMView 2009
2009-05-11 18:27 . 2009-05-11 18:28 -------- d-----w c:\program files\DWG TrueView 2009
2009-05-11 18:27 . 2007-07-19 16:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-05-11 18:27 . 2007-07-19 16:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-05-11 18:27 . 2007-07-19 16:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-05-11 18:26 . 2009-05-11 18:26 -------- d-----w c:\windows\system32\cs-CZ
2009-05-11 17:54 . 2009-05-11 18:26 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 17:52 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-11 15:31 . 2009-05-11 15:31 -------- d-----w c:\program files\PowerISO
2009-05-11 15:12 . 2009-05-11 15:13 -------- d-----w c:\program files\Internet Download Manager
2009-05-11 15:06 . 2009-05-11 15:08 -------- d-----w c:\program files\totalcmd
2009-05-11 14:20 . 2009-05-11 14:20 -------- d-----w c:\windows\EPSON CardMonitor Essential
2009-05-11 14:20 . 2003-07-01 23:00 131072 ----a-r c:\windows\system32\Epcmlib.dll
2009-05-11 14:19 . 2009-05-11 14:19 -------- d-----w c:\windows\EPSON PhotoStarter Essential
2009-05-11 14:17 . 1999-04-26 22:17 3136 ----a-w c:\windows\Ade001.bin
2009-05-11 14:17 . 1999-06-15 09:31 96768 ----a-w c:\windows\SlantAdj.dll
2009-05-11 14:17 . 1999-12-07 00:03 73216 ----a-w c:\windows\ADE.DLL
2009-05-11 14:17 . 2004-02-01 01:00 38028 ----a-w c:\windows\system32\EPPICPrinterDB.dat
2009-05-11 14:17 . 2004-02-01 01:00 413696 ----a-w c:\windows\system32\PICSDK.dll
2009-05-11 14:17 . 2002-11-14 22:00 65536 ----a-w c:\windows\system32\EPPicMgr.dll
2009-05-11 14:17 . 2004-02-01 01:00 27030 ----a-w c:\windows\system32\EPPICPattern1.dat
2009-05-11 14:17 . 2002-11-14 22:00 114688 ----a-w c:\windows\system32\EpPicPrt.dll
2009-05-11 14:16 . 2004-08-03 20:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-11 14:16 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-11 14:15 . 2000-06-06 16:01 34304 ----a-w c:\windows\system32\E_FBCH9HE.DLL
2009-05-11 14:15 . 2004-04-19 20:03 79654 ----a-w c:\windows\system32\E_FLM9HE.DLL
2009-05-11 14:15 . 2003-05-20 17:27 64000 ----a-w c:\windows\system32\E_FBCB9HE.DLL
2009-05-11 14:15 . 2003-04-09 20:40 31744 ----a-w c:\windows\system32\E_DCINST.DLL
2009-05-11 14:14 . 2009-05-11 14:19 -------- d-----w c:\program files\epson
2009-05-11 14:14 . 2003-06-30 22:00 22528 ----a-w c:\windows\system32\esccmd.dll
2009-05-11 14:14 . 2003-06-30 22:00 46080 ----a-w c:\windows\system32\escimgd.dll
2009-05-11 14:14 . 2003-06-30 22:00 29696 ----a-w c:\windows\system32\escwiad.dll
2009-05-11 13:40 . 2004-08-03 21:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-11 13:40 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-11 13:30 . 2004-08-03 21:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-11 13:30 . 2004-08-03 21:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-11 13:29 . 2009-05-11 13:29 -------- d-----r c:\documents and settings\LocalService.NT AUTHORITY\Dokumenty
2009-05-11 13:26 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-05-11 13:26 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-11 13:26 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-05-11 13:26 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-05-11 13:26 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-05-11 13:26 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-11 13:26 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-11 13:25 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-05-11 13:25 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-11 13:25 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-05-11 13:25 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-11 13:25 . 2005-01-14 07:32 53248 ----a-w c:\windows\system32\PAStiSvc.exe
2009-05-11 13:25 . 2004-08-17 13:49 54272 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-11 13:25 . 2004-08-17 13:49 54272 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-11 13:21 . 2009-05-11 13:21 -------- d-----w c:\windows\PixArt
2009-05-11 13:20 . 2009-05-11 13:20 -------- d-----w c:\windows\Downloaded Installations
2009-05-11 13:17 . 2001-08-17 19:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-05-11 13:17 . 2001-08-17 19:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-05-11 13:16 . 2004-08-04 07:34 39018 ----a-r c:\windows\system32\hsfci011.dll
2009-05-11 13:16 . 2004-09-29 07:33 1036928 ----a-r c:\windows\system32\drivers\HSF_DP.sys
2009-05-11 13:16 . 2004-09-29 07:35 219136 ----a-r c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-11 13:16 . 2004-09-29 07:34 702592 ----a-r c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-11 12:59 . 2009-05-11 12:59 -------- d-----w c:\program files\ESET
2009-05-11 12:30 . 2009-05-17 11:59 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-11 12:26 . 2009-05-11 12:26 -------- d-----w c:\program files\MozBackup
2009-05-11 08:48 . 2005-10-04 12:12 90112 ----a-w c:\windows\SOUNDMAN.EXE
2009-05-11 08:48 . 2005-10-04 14:27 10459648 ----a-w c:\windows\system32\RTLCPL.EXE
2009-05-11 08:48 . 2005-09-16 12:14 157184 ----a-w c:\windows\system32\RTLCPAPI.dll
2009-05-11 08:48 . 2005-10-04 15:39 3797632 ----a-w c:\windows\system32\drivers\ALCXWDM.SYS
2009-05-11 08:24 . 2009-05-11 08:24 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Nabídka Start
2009-05-11 08:15 . 2009-05-11 08:15 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 08:13 . 2006-10-16 14:10 23856 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-11 08:12 . 2009-05-11 08:17 -------- d-----w c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 07:00 . 2006-08-09 09:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 11:51 . 2001-10-25 12:00 531126 ----a-w c:\windows\system32\perfh005.dat
2009-05-12 11:51 . 2001-10-25 12:00 118878 ----a-w c:\windows\system32\perfc005.dat
2009-05-11 18:53 . 2007-09-06 18:31 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-11 18:35 . 2007-05-12 18:16 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-05-11 16:18 . 2006-08-18 17:41 -------- d-----w c:\program files\Common Files\Adobe
2009-05-11 15:38 . 2009-03-08 13:41 -------- d-----w c:\program files\QIP Infium
2009-05-11 07:44 . 2009-05-11 07:44 0 ----a-w c:\windows\ativpsrm.bin
2009-05-11 06:41 . 2009-05-11 06:41 0 ----a-w c:\windows\nsreg.dat
2009-05-11 06:01 . 2009-05-11 06:01 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-26 15:35 . 2009-05-07 07:42 210352 ----a-w c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Google Update"="c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-05-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-04-28 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [25.10.2001 14:00 69120]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\applic\proeWildfire3\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\Firefox\Profiles\gu9j4spb.default\
FF - component: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 14:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-17 14:22
ComboFix-quarantined-files.txt 2009-05-17 12:22

Pre-Run: Volných bajtů: 12 784 930 816
Post-Run: Volných bajtů: 12 988 309 504

206

Damned · Příspěvekod **Damned** » 17 kvě 2009 15:47

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

JANíčOK · Příspěvekod **JANíčOK** » 17 kvě 2009 18:35

Posielam log z ComboFix-u a HJT:

ComboFix 09-05-16.05 - janbeno 17.05.2009 18:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1023.639 [GMT 2:00]
Running from: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 20:43 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 20:43 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 20:43 . 2009-05-16 20:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 19:26 . 2009-05-16 19:26 -------- d-----w c:\program files\Trend Micro
2009-05-16 19:20 . 2009-05-16 19:22 -------- d-----w c:\program files\ELIS
2009-05-16 19:20 . 1997-01-22 14:34 312320 ----a-w c:\windows\IsUninst.exe
2009-05-14 08:14 . 2005-06-15 01:00 102400 ----a-w c:\windows\system32\tsccvid.dll
2009-05-13 14:20 . 2009-05-13 14:20 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-13 14:18 . 2009-05-13 14:18 -------- d-----w c:\program files\Common Files\Skype
2009-05-13 14:18 . 2009-05-13 14:28 -------- d-----r c:\program files\Skype
2009-05-13 07:05 . 2009-05-13 07:05 -------- d-----w c:\program files\MSXML 4.0
2009-05-13 07:05 . 2009-05-13 07:05 -------- d-----w c:\program files\OLYMPUS
2009-05-13 06:48 . 2009-05-13 06:48 -------- d-----w c:\windows\system32\QuickTime
2009-05-13 06:48 . 2004-06-08 15:41 319488 ------w c:\windows\system32\Pvmjpg21.dll
2009-05-13 06:48 . 2000-07-05 00:16 9688 ------w c:\windows\system32\drivers\cdrbsvsd.sys
2009-05-13 06:48 . 2001-04-10 14:16 13184 ------w c:\windows\system32\drivers\bsaspi32.sys
2009-05-13 06:48 . 2004-03-08 10:55 13567 ------w c:\windows\system32\drivers\CDRBSDRV.SYS
2009-05-13 06:46 . 2009-05-13 06:46 -------- d-----w c:\program files\QuickTime Alternative
2009-05-13 04:45 . 2009-05-13 04:45 -------- d-----w c:\program files\CCleaner
2009-05-13 04:44 . 2009-05-13 04:45 -------- d-----w c:\program files\RegCleaner
2009-05-13 04:26 . 2009-05-13 04:26 -------- d-----w c:\program files\ProductViewExpress
2009-05-13 04:14 . 2009-05-13 09:03 -------- d-----w C:\users
2009-05-13 03:54 . 2009-05-13 03:54 -------- d-----w c:\program files\ConTEXT
2009-05-12 11:50 . 2009-05-12 11:50 -------- d-----w c:\windows\system32\URTTEMP
2009-05-12 09:25 . 2009-05-12 10:38 -------- d-----w c:\program files\Microsoft Games
2009-05-12 08:54 . 2009-05-12 08:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 08:53 . 2009-05-12 08:53 -------- d-----w c:\program files\Java
2009-05-12 08:42 . 2009-05-12 08:42 -------- d-----w c:\windows\SHELLNEW
2009-05-12 08:26 . 2009-05-12 08:26 -------- d-----w c:\program files\IrfanView
2009-05-12 08:00 . 2009-04-29 09:08 278528 ------w c:\windows\system32\fppr332.dll
2009-05-12 08:00 . 2009-04-28 17:48 385024 ------w c:\windows\system32\fppmon3.dll
2009-05-12 07:18 . 2006-06-27 03:40 12800 -c----w c:\windows\system32\dllcache\WgaTray.exe
2009-05-12 07:18 . 2006-06-27 03:40 3584 -c----w c:\windows\system32\dllcache\WgaLogon.dll
2009-05-12 07:09 . 2009-05-12 07:09 -------- d-----w c:\windows\system32\drivers\umdf
2009-05-12 06:58 . 2009-05-12 06:57 737280 ----a-w c:\windows\iun6002.exe
2009-05-12 06:58 . 2009-05-12 06:58 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-11 18:31 . 2009-05-11 18:53 -------- d-----w c:\program files\Autodesk
2009-05-11 18:28 . 2009-05-11 18:29 -------- d-----w c:\program files\AOEMView 2009
2009-05-11 18:27 . 2009-05-11 18:28 -------- d-----w c:\program files\DWG TrueView 2009
2009-05-11 18:27 . 2007-07-19 16:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-05-11 18:27 . 2007-07-19 16:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-05-11 18:27 . 2007-07-19 16:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-05-11 18:26 . 2009-05-11 18:26 -------- d-----w c:\windows\system32\cs-CZ
2009-05-11 17:54 . 2009-05-11 18:26 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 17:52 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-11 15:31 . 2009-05-11 15:31 -------- d-----w c:\program files\PowerISO
2009-05-11 15:12 . 2009-05-11 15:13 -------- d-----w c:\program files\Internet Download Manager
2009-05-11 15:06 . 2009-05-11 15:08 -------- d-----w c:\program files\totalcmd
2009-05-11 14:20 . 2009-05-11 14:20 -------- d-----w c:\windows\EPSON CardMonitor Essential
2009-05-11 14:20 . 2003-07-01 23:00 131072 ----a-r c:\windows\system32\Epcmlib.dll
2009-05-11 14:19 . 2009-05-11 14:19 -------- d-----w c:\windows\EPSON PhotoStarter Essential
2009-05-11 14:17 . 1999-04-26 22:17 3136 ----a-w c:\windows\Ade001.bin
2009-05-11 14:17 . 1999-06-15 09:31 96768 ----a-w c:\windows\SlantAdj.dll
2009-05-11 14:17 . 1999-12-07 00:03 73216 ----a-w c:\windows\ADE.DLL
2009-05-11 14:17 . 2004-02-01 01:00 38028 ----a-w c:\windows\system32\EPPICPrinterDB.dat
2009-05-11 14:17 . 2004-02-01 01:00 413696 ----a-w c:\windows\system32\PICSDK.dll
2009-05-11 14:17 . 2002-11-14 22:00 65536 ----a-w c:\windows\system32\EPPicMgr.dll
2009-05-11 14:17 . 2004-02-01 01:00 27030 ----a-w c:\windows\system32\EPPICPattern1.dat
2009-05-11 14:17 . 2002-11-14 22:00 114688 ----a-w c:\windows\system32\EpPicPrt.dll
2009-05-11 14:16 . 2004-08-03 20:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-11 14:16 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-11 14:15 . 2000-06-06 16:01 34304 ----a-w c:\windows\system32\E_FBCH9HE.DLL
2009-05-11 14:15 . 2004-04-19 20:03 79654 ----a-w c:\windows\system32\E_FLM9HE.DLL
2009-05-11 14:15 . 2003-05-20 17:27 64000 ----a-w c:\windows\system32\E_FBCB9HE.DLL
2009-05-11 14:15 . 2003-04-09 20:40 31744 ----a-w c:\windows\system32\E_DCINST.DLL
2009-05-11 14:14 . 2009-05-11 14:19 -------- d-----w c:\program files\epson
2009-05-11 14:14 . 2003-06-30 22:00 22528 ----a-w c:\windows\system32\esccmd.dll
2009-05-11 14:14 . 2003-06-30 22:00 46080 ----a-w c:\windows\system32\escimgd.dll
2009-05-11 14:14 . 2003-06-30 22:00 29696 ----a-w c:\windows\system32\escwiad.dll
2009-05-11 13:40 . 2004-08-03 21:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-11 13:40 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-11 13:30 . 2004-08-03 21:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-11 13:30 . 2004-08-03 21:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-11 13:29 . 2009-05-11 13:29 -------- d-----r c:\documents and settings\LocalService.NT AUTHORITY\Dokumenty
2009-05-11 13:26 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-05-11 13:26 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-11 13:26 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-05-11 13:26 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-05-11 13:26 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-05-11 13:26 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-11 13:26 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-11 13:26 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-11 13:25 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-05-11 13:25 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-11 13:25 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-05-11 13:25 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-11 13:25 . 2005-01-14 07:32 53248 ----a-w c:\windows\system32\PAStiSvc.exe
2009-05-11 13:25 . 2004-08-17 13:49 54272 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-11 13:25 . 2004-08-17 13:49 54272 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-11 13:21 . 2009-05-11 13:21 -------- d-----w c:\windows\PixArt
2009-05-11 13:20 . 2009-05-11 13:20 -------- d-----w c:\windows\Downloaded Installations
2009-05-11 13:17 . 2001-08-17 19:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-05-11 13:17 . 2001-08-17 19:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-05-11 13:16 . 2004-08-04 07:34 39018 ----a-r c:\windows\system32\hsfci011.dll
2009-05-11 13:16 . 2004-09-29 07:33 1036928 ----a-r c:\windows\system32\drivers\HSF_DP.sys
2009-05-11 13:16 . 2004-09-29 07:35 219136 ----a-r c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-11 13:16 . 2004-09-29 07:34 702592 ----a-r c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-11 12:59 . 2009-05-11 12:59 -------- d-----w c:\program files\ESET
2009-05-11 12:30 . 2009-05-17 16:07 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-11 12:26 . 2009-05-11 12:26 -------- d-----w c:\program files\MozBackup
2009-05-11 08:48 . 2005-10-04 12:12 90112 ----a-w c:\windows\SOUNDMAN.EXE
2009-05-11 08:48 . 2005-10-04 14:27 10459648 ----a-w c:\windows\system32\RTLCPL.EXE
2009-05-11 08:48 . 2005-09-16 12:14 157184 ----a-w c:\windows\system32\RTLCPAPI.dll
2009-05-11 08:48 . 2005-10-04 15:39 3797632 ----a-w c:\windows\system32\drivers\ALCXWDM.SYS
2009-05-11 08:24 . 2009-05-11 08:24 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Nabídka Start
2009-05-11 08:15 . 2009-05-11 08:15 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 08:13 . 2006-10-16 14:10 23856 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-11 08:12 . 2009-05-11 08:17 -------- d-----w c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 07:00 . 2006-08-09 09:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 11:51 . 2001-10-25 12:00 531126 ----a-w c:\windows\system32\perfh005.dat
2009-05-12 11:51 . 2001-10-25 12:00 118878 ----a-w c:\windows\system32\perfc005.dat
2009-05-11 18:53 . 2007-09-06 18:31 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-11 18:35 . 2007-05-12 18:16 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-05-11 16:18 . 2006-08-18 17:41 -------- d-----w c:\program files\Common Files\Adobe
2009-05-11 15:38 . 2009-03-08 13:41 -------- d-----w c:\program files\QIP Infium
2009-05-11 07:44 . 2009-05-11 07:44 0 ----a-w c:\windows\ativpsrm.bin
2009-05-11 06:41 . 2009-05-11 06:41 0 ----a-w c:\windows\nsreg.dat
2009-05-11 06:01 . 2009-05-11 06:01 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-26 15:35 . 2009-05-07 07:42 210352 ----a-w c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_12.21.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-17 16:07 . 2009-05-17 16:07 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2009-05-11 06:10 . 2009-05-17 16:07 230076 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Google Update"="c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-05-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-04-28 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [25.10.2001 14:00 69120]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\applic\proeWildfire3\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\Firefox\Profiles\gu9j4spb.default\
FF - component: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\msi.dll
.
Completion time: 2009-05-17 18:25
ComboFix-quarantined-files.txt 2009-05-17 16:25
ComboFix2.txt 2009-05-17 12:22

Pre-Run: Volných bajtů: 12 993 601 536
Post-Run: Volných bajtů: 12 982 718 464

208

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:55, on 17.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1123561945-746137067-1417001333-1017\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5330 bytes

Damned · Příspěvekod **Damned** » 17 kvě 2009 19:14

Nevidím tam nic špatnýho, ale červeně označené soubory zkontroluj na virustotalu .
Pokud nebudeš moci tyto soubory najít, vlož do políčka na stránce celou cestu souboru.

c:\windows\Ade001.bin
c:\windows\SlantAdj.dll
c:\windows\ADE.DLL
c:\windows\system32\hsfci011.dll

Vlož se potom odkazy na výsledky.

JANíčOK · Příspěvekod **JANíčOK** » 17 kvě 2009 21:45

Ďakujem za kontrolu! Tu sú výsledky z virustotal.com:
c:\windows\Ade001.bin
c:\windows\SlantAdj.dll
c:\windows\ADE.DLL
c:\windows\system32\hsfci011.dll

Damned · Příspěvekod **Damned** » 17 kvě 2009 21:59

Je to vše ok, označ za vyřešené.
Pokud tě v budoucnu něco podobného potká, zas se obrať sem.

JANíčOK · Příspěvekod **JANíčOK** » 17 kvě 2009 22:12

Ešte raz veľmi pekne ďakujem!

Prosím o preventívnu kontrolu logu Vyřešeno

Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu

Re: Prosím o preventívnu kontrolu logu Vyřešeno

Kdo je online