kontrola logu....

Zpráva

klim11 · #1 Příspěvek od **klim11** » 03 čer 2010 19:02

Zdravím...

..Předem se moc omlouvám za předčasné spuštění ComboFixu,ale jinak to nešlo....

....od včerejška mi nešel Internet-PC byl zpomalený,sám od-sebe se restartoval..(vypnul)..(.žádný nový software jsem neinstaloval.).... můžete se někdo podívat aspoň na ten log-byl bych moc vděčný-děkuji...

ComboFix 10-06-02.04 - Libas 03.06.2010 19:30:41.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.463 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\mazuki.dll
c:\users\Libas\AppData\Roaming\inst.exe
c:\windows\system32\%appdata%
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-03 do 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 17:37 . 2010-06-03 17:40 -------- d-----w- c:\users\Libas\AppData\Local\temp
2010-06-03 17:37 . 2010-06-03 17:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-03 17:37 . 2010-06-03 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 12:06 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 15:04 . 2010-05-14 15:04 -------- d-----w- c:\users\Libas\AppData\Local\AOL
2010-05-14 15:03 . 2010-05-14 15:05 -------- d-----w- c:\program files\ICQ7.1
2010-05-14 14:26 . 2010-05-14 14:31 19569 ----a-w- c:\windows\hpqins13.dat
2010-05-14 14:14 . 2010-05-14 14:14 63488 ----a-w- c:\users\Libas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-14 13:52 . 2010-05-14 13:52 -------- d-----w- c:\users\Libas\AppData\Roaming\KC Softwares
2010-05-14 13:51 . 2010-05-14 13:51 -------- d-----w- c:\program files\KC Softwares
2010-05-14 12:21 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-05-14 12:21 . 2010-05-14 12:21 -------- d-----w- c:\program files\Ashampoo
2010-05-12 09:55 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-05 16:46 . 2010-05-05 16:46 -------- d-----w- c:\program files\Elaborate Bytes
2010-05-05 16:10 . 2010-05-05 16:10 -------- d-----w- c:\programdata\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 17:20 . 2009-11-15 14:10 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-05-30 16:14 . 2009-11-15 21:38 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-05-30 16:11 . 2010-02-21 17:52 -------- d-----w- c:\program files\CCleaner
2010-05-14 15:50 . 2010-01-18 11:46 -------- d-----w- c:\users\Libas\AppData\Roaming\skypePM
2010-05-14 15:04 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-14 15:04 . 2009-11-15 21:42 -------- d-----w- c:\programdata\ICQ
2010-05-14 14:26 . 2010-05-14 14:26 262144 ----a-w- c:\programdata\ntuser.dat
2010-05-14 14:14 . 2010-01-27 14:05 117760 ----a-w- c:\users\Libas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-14 14:12 . 2010-01-27 14:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 09:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:57 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-11-15 01:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:59 . 2010-04-04 17:12 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-04 17:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-04 17:12 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-04 17:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-04 17:12 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-04 17:12 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 18:12 . 2010-02-21 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 17:22 . 2009-11-15 14:10 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-05-02 17:22 . 2009-11-15 14:10 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-05-02 17:22 . 2009-11-15 14:10 -------- d-----w- c:\program files\VSO
2010-05-02 09:30 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-05-02 09:30 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-05-01 13:13 . 2010-05-01 13:13 680 ----a-w- c:\users\Libas\AppData\Local\d3d9caps.dat
2010-05-01 13:13 . 2009-11-15 19:49 -------- d-----w- c:\program files\Java
2010-04-29 13:39 . 2010-02-21 17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-02-21 17:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 11:35 . 2009-11-16 19:32 153700 ----a-w- c:\windows\HPHins15.dat
2010-04-28 11:14 . 2009-11-16 19:39 -------- d-----w- c:\programdata\HPSSUPPLY
2010-04-14 16:47 . 2010-04-04 17:12 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-13 16:18 . 2010-04-13 16:18 -------- d-----w- c:\programdata\WindowsSearch
2010-04-12 15:29 . 2010-05-01 13:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 08:59 . 2010-04-05 08:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 21:46 . 2010-02-21 08:11 70672 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-16 20:03 . 2010-03-16 19:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-27 14:23 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-05-14 15:03 133368 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e2,64,76,0c,12,66,ca,01

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 133104]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-14 12872]
R4 0056631265123892mcinstcleanup;McAfee Application Installer Cleanup (0056631265123892);c:\windows\TEMP\005663~1.EXE [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-16 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-14 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-14 68168]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 17:12]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 17:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\ymcbsu4l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 19:39
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1864)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-06-03 19:45:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-03 17:45

Před spuštěním: Volných bajtů: 202 559 946 752
Po spuštění: Volných bajtů: 202 580 594 688

- - End Of File - - 1AE0AE2A333B94BDCF9BD2C6F7EE0494

#2 Příspěvek od **Rudy** » 03 čer 2010 19:33

4 položky smazány, zbytek logu vypadá čistý.

klim11 · #3 Příspěvek od **klim11** » 03 čer 2010 19:52

To jsem rád..Díky...

.ComboFix pomohl zase to šlape ,jak hodinky...díky...zatím..

#4 Příspěvek od **Rudy** » 03 čer 2010 21:06

Nemáte zač!

VIRY.CZ

kontrola logu....

kontrola logu....

Re: kontrola logu....

Re: kontrola logu....

Re: kontrola logu....