VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=109456

Stránka 2 z 4

Re: Prosím o kontrolu logu

Napsal: 23 bře 2011 21:50
od cernohous13
kajaa1 píše:Děkuju za radu. S PC problémy mám. Při spuštění Firefoxu se na chvilku kousne (a sem tam i při následným surfování) a občas i při normální práci (když se v PC hrabu při hledání filmů, muziky apod.) přestane na chvilku reagovat. Při hrách problémy nejsou žádný.
Vetřu se - promiňte
Podobné problémy jsem zaznamenal po instalaci nejčerstvější verze Adobe Flash Playeru - bod obnovy před instalaci potíže vyřešil.

Re: Prosím o kontrolu logu

Napsal: 24 bře 2011 10:06
od vyosek
Dekuji kolegovi za vstup a dobry postreh :wink: Zkuste tedy obnovit k datu pred instalaci FP...

Re: Prosím o kontrolu logu

Napsal: 24 bře 2011 21:33
od kajaa1
Protože jsem od aktualizace flash playeru toho v PC změnil moc, tak bych se chtěl zeptat, jestli by nestačila jeho odinstalace. (starší verzi ale asi neseženu)

Re: Prosím o kontrolu logu

Napsal: 24 bře 2011 21:34
od vyosek
Muzete jej zkusit reinstalovat...

Re: Prosím o kontrolu logu

Napsal: 27 bře 2011 20:52
od kajaa1
Tak jsem odinstaloval a znova nainsataloval flash player, ale nepomohlo to. Tak už fakt nevím. Nainstaloval jsem si SuperAntiSpyware, ale udělám kotrolu, dám reboot, aby se odstranily nazlezený infekce, ale pak, když dám znova kontrolu, tak stejně zase něco najde.

Re: Prosím o kontrolu logu

Napsal: 28 bře 2011 06:36
od vyosek
Muzete mi sem dat prosim log z nalezu SASu - navod zde http://www.viry.cz/forum/viewtopic.php?f=29&t=51359

Re: Prosím o kontrolu logu

Napsal: 28 bře 2011 15:25
od kajaa1
Tady je poslední log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2011 at 10:02 PM

Application Version : 4.90.1018

Core Rules Database Version : 6675
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:07:10

Memory items scanned : 409
Memory threats detected : 0
Registry items scanned : 6502
Registry threats detected : 1
File items scanned : 2431
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt

Malware.Trace
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
HKU\S-1-5-21-1078081533-1085031214-1177238915-1003\SOFTWARE\VXEG3ZNNE5

Re: Prosím o kontrolu logu

Napsal: 28 bře 2011 20:59
od vyosek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 16:25
od kajaa1
Tak tady je lod z ComboFixu.


ComboFix 11-03-28.05 - Owner 29.03.2011 16:56:07.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3063.2443 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-28 04:37 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Sperej.exe
2011-03-27 18:27 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Sperei.exe
2011-03-27 18:26 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Spereh.exe
2011-03-27 16:16 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Spereg.exe
2011-03-27 14:31 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Speref.exe
2011-03-25 16:08 . 2011-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SASCORE
2011-03-25 16:08 . 2011-03-25 16:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 16:08 . 2011-03-25 16:08 -------- d-----w- c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com
2011-03-25 15:48 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Speree.exe
2011-03-25 13:37 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Spered.exe
2011-03-25 12:29 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Sperec.exe
2011-03-25 05:34 . 2011-03-24 14:55 140800 ----a-w- c:\windows\Spereb.exe
2011-03-24 14:54 . 2011-03-24 14:54 140800 ----a-w- c:\windows\Sperea.exe
2011-03-24 12:00 . 2011-03-24 12:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-03-23 06:19 . 2011-03-23 12:39 -------- d-----w- C:\rsit
2011-03-22 18:53 . 2011-03-22 18:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Chromium
2011-03-21 17:42 . 2011-03-21 18:49 -------- d-----w- c:\program files\Total War Shogun 2
2011-03-20 19:30 . 2011-03-21 14:38 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-20 19:24 . 2011-03-20 19:28 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-03-20 19:22 . 2011-03-21 14:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-19 19:03 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 11:55 . 2010-08-07 22:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-02-23 15:04 . 2011-01-11 18:17 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-06-21 16:50 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-06-21 16:51 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-06-21 16:51 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-06-21 16:51 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-06-21 16:51 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-06-21 16:51 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-06-21 16:51 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-06-21 16:51 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-12 16:52 . 2011-01-25 15:41 30208 ----a-w- C:\devdll.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-02-02 16:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-02-02 16:32 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-23 11:19 . 2011-01-23 11:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-23 11:19 . 2011-01-23 11:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-08 03:27 . 2011-01-27 17:55 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-27 17:55 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2010-02-02 17:45 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2010-02-02 17:45 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2010-02-02 17:45 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2010-02-02 17:45 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2010-02-02 17:45 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2010-02-02 17:45 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27 . 2010-02-02 17:45 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2010-02-02 17:45 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-02-02 17:45 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 13:22 . 2010-02-02 18:01 737280 ----a-w- c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-27 2008576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds II\\TwoWorlds2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.2.2010 20:05 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [29.6.2010 20:44 2712176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 21:03 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.6.2010 18:51 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.3.2011 21:30 218688]
R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2.1.2011 18:38 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2.2.2010 12:06 13384]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2.2.2010 12:06 77896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.6.2010 18:51 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8.8.2010 0:44 10448]
R2 SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2.2.2010 12:06 120832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 17:54 1051968]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2.2.2010 19:36 2320920]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2.2.2010 12:06 4096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 19:16 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.12.2010 18:27 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-04 13:11]
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/4.1.0.179/cs/go/help.faq.installer?source=lightinstaller&LastError=1618
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\yjs6dssc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1085031214-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,f0,d7,b0,6a,77,2a,d4,d4,6c,82,98,d3,14,54,bb,82,7b,c1,3b,54,
ff,53,c3,d5,ce,e0,4c,00,b7,07,d4,f7,e4,6e,2c,00,6c,aa,60,31,20,fc,63,fc,10,\
"rkeysecu"=hex:68,2d,fc,a8,09,a6,c5,f6,67,f5,d6,03,bd,c0,52,3a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2011-03-29 17:22:04
ComboFix-quarantined-files.txt 2011-03-29 15:21
.
Před spuštěním: Volných bajtů: 25 156 263 936
Po spuštění: Volných bajtů: 25 129 844 736
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3F93D106151952B9778FFC3CDC7BD44B

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 16:42
od vyosek
:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :files
c:\program files\DAEMON Tools Toolbar
c:\windows\Spere*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 19:21
od kajaa1
Opět vkládám log:


All processes killed
========== FILES ==========
c:\program files\DAEMON Tools Toolbar\Resources folder moved successfully.
c:\program files\DAEMON Tools Toolbar folder moved successfully.
c:\windows\Sperea.exe moved successfully.
c:\windows\Spereb.exe moved successfully.
c:\windows\Sperec.exe moved successfully.
c:\windows\Spered.exe moved successfully.
c:\windows\Speree.exe moved successfully.
c:\windows\Speref.exe moved successfully.
c:\windows\Spereg.exe moved successfully.
c:\windows\Spereh.exe moved successfully.
c:\windows\Sperei.exe moved successfully.
c:\windows\Sperej.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58135611 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03292011_201319

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 20:03
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\yjs6dssc.default\
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

DDS::
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/4.1.0.179/cs/g ... Error=1618

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 21:02
od kajaa1
Vkládám další log:

ComboFix 11-03-28.05 - Owner 29.03.2011 21:29:07.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3063.2576 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 18:13 . 2011-03-29 18:13 -------- d-----w- C:\_OTM
2011-03-25 16:08 . 2011-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SASCORE
2011-03-25 16:08 . 2011-03-25 16:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 16:08 . 2011-03-25 16:08 -------- d-----w- c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com
2011-03-24 12:00 . 2011-03-24 12:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-03-23 06:19 . 2011-03-23 12:39 -------- d-----w- C:\rsit
2011-03-22 18:53 . 2011-03-22 18:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Chromium
2011-03-21 17:42 . 2011-03-21 18:49 -------- d-----w- c:\program files\Total War Shogun 2
2011-03-20 19:30 . 2011-03-21 14:38 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-20 19:22 . 2011-03-21 14:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-19 19:03 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 19:53 . 2011-03-29 19:53 1028884 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:55 . 2010-08-07 22:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-02-23 15:04 . 2011-01-11 18:17 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-06-21 16:50 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-06-21 16:51 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-06-21 16:51 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-06-21 16:51 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-06-21 16:51 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-06-21 16:51 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-06-21 16:51 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-06-21 16:51 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-12 16:52 . 2011-01-25 15:41 30208 ----a-w- C:\devdll.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-02-02 16:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-02-02 16:32 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-23 11:19 . 2011-01-23 11:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-23 11:19 . 2011-01-23 11:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-08 03:27 . 2011-01-27 17:55 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-27 17:55 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2010-02-02 17:45 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2010-02-02 17:45 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2010-02-02 17:45 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2010-02-02 17:45 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2010-02-02 17:45 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2010-02-02 17:45 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27 . 2010-02-02 17:45 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2010-02-02 17:45 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-02-02 17:45 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 13:22 . 2010-02-02 18:01 737280 ----a-w- c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-29_15.16.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-29 19:48 . 2011-03-29 19:48 16384 c:\windows\temp\Perflib_Perfdata_450.dat
- 2008-04-14 12:00 . 2011-03-29 14:00 68156 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-03-29 19:53 68156 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-03-29 14:00 79040 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2011-03-29 19:53 79040 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2011-03-29 19:53 435260 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-03-29 14:00 435260 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-03-29 14:00 431998 c:\windows\system32\perfh005.dat
+ 2008-04-14 12:00 . 2011-03-29 19:53 431998 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-27 2008576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds II\\TwoWorlds2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.2.2010 20:05 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [29.6.2010 20:44 2712176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 21:03 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.6.2010 18:51 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.3.2011 21:30 218688]
R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2.1.2011 18:38 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2.2.2010 12:06 13384]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2.2.2010 12:06 77896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.6.2010 18:51 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8.8.2010 0:44 10448]
R2 SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2.2.2010 12:06 120832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 17:54 1051968]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2.2.2010 19:36 2320920]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2.2.2010 12:06 4096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 19:16 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.12.2010 18:27 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-04 13:11]
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\yjs6dssc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 21:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1085031214-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,f0,d7,b0,6a,77,2a,d4,d4,6c,82,98,d3,14,54,bb,82,7b,c1,3b,54,
ff,53,c3,d5,ce,e0,4c,00,b7,07,d4,f7,e4,6e,2c,00,6c,aa,60,31,20,fc,63,fc,10,\
"rkeysecu"=hex:68,2d,fc,a8,09,a6,c5,f6,67,f5,d6,03,bd,c0,52,3a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1068)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-29 21:58:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-29 19:58
ComboFix2.txt 2011-03-29 15:22
.
Před spuštěním: Volných bajtů: 25 185 034 240
Po spuštění: Volných bajtů: 25 161 539 584
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 460F3FC6B9C6344A843C09FDBD114DA5

Re: Prosím o kontrolu logu

Napsal: 29 bře 2011 21:04
od vyosek
Jak se chova PC :???:

Re: Prosím o kontrolu logu

Napsal: 30 bře 2011 15:10
od kajaa1
PC má problémy ze začátku. Přijde mně, že je pomalý start a Mozilla se chová o něco líp. Ze začátku jsou pořád stejné problémy, ale když mám internet otevřený delší dobu, tak pak funguje už celkem bez problémů. Dokonce jsem projel PC i SAS a asi po včerejším zásahu ComboFix to nenašlo žádnou infekci.
Všechny časy jsou v UTC+01:00
Stránka 2 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz