Prosím o kontrolu logu,při hraní Trackmanie padá okno s hrou, jinak ne.Občas se spustí reklama na Farmerama, či jiná "hudba".Děkuji.
ComboFix 10-11-02.06 - pc 03.11.2010 19:06:21.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.289 [GMT 1:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\GooglePlusVideos
c:\program files\GooglePlusVideos\17.GooglePlusVideos.dll
c:\program files\GooglePlusVideos\DeploymentHelper.exe
c:\program files\GooglePlusVideos\FFExt\chrome.manifest
c:\program files\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\program files\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\program files\GooglePlusVideos\FFExt\install.rdf
c:\program files\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\program files\GooglePlusVideos\GVConfig.ini
c:\program files\GooglePlusVideos\MFC42U.DLL
c:\program files\GooglePlusVideos\Uninstall.bat
----- BITS: Možné infikované stránky -----
hxxp://www.8ballclub.com
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-03 do 2010-11-03 )))))))))))))))))))))))))))))))
.
2010-11-01 20:59 . 2010-11-01 22:03 -------- d-----w- c:\program files\currports
2010-11-01 18:24 . 2010-11-01 18:24 -------- d-----w- c:\documents and settings\pc\Data aplikací\SUPERAntiSpyware.com
2010-11-01 18:24 . 2010-11-01 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-11-01 18:24 . 2010-11-01 18:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-21 21:09 . 2010-10-21 21:09 -------- d-----w- c:\program files\CCleaner
2010-10-17 15:59 . 2010-10-17 15:59 -------- d-----w- c:\program files\Common Files\Java
2010-10-17 15:59 . 2010-09-15 02:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-17 15:59 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-09 17:26 . 2010-11-03 17:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2010-10-09 17:22 . 2010-10-09 17:24 -------- d-----w- c:\program files\TmNationsForever
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 00:29 . 2010-01-25 22:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-08-09 21:14 . 2009-08-09 21:14 49152 ----a-w- c:\program files\mozilla firefox\components\SuperSearchXPCOM.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolsForRepair"= 0 (0x0)
"NoStartup"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2008 17:37 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 15:52 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 15:49 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 15:00 3584]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-08 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-06-05 08:55]
2010-09-27 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-27 16:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
TCP: {D9A409F2-B1FF-44CC-B740-1F1D69031FD2} = 192.168.70.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\dt2cekn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 19:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C62CE5C8CC66E7FD1872EAA52F26808419AD9C9F5EDE9EF4F5D3157E402C8F87298F9D8EFD68B6C4106540E6303865F1A0286C8190E6CAD025BF25A742136BB508B7C9A6AA2CAAE2372EE25953BC663A90FB8602E409A340DD424DF0A7FA45E668B9D07E23DE5835935D4052BB6E70330CD504FA6DAD8DAA0946EDDB931A1C38135CFB5C3BA37AAEEE36ACFA0D7B96C10197DF9B43AF188CCF6A4A39AD97975C941B7757CC106FD45633DB4E720890E2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34528EDD5E5BE2F6E667905D73CC88EA83C251BBFE9C7655352E13E5C82AE2F34DB0B63F1C9E0CD636B0B36E4A38C3E13DEC3B0AAF101BCDF1F6E081E035948C106CE0EAD510ECF4788B651230A36F3A398FED61908B604031663712EEDCEDB0ADADBEB119C93DEBAF044A7BAC1E7B43B0298F73AE0306088070DC642B9A22662D7C569FE7E942117C574A90288BDD3D7BCB8924FE3FD3F41419D97B303EE72BBAF4F4712663432D24D611EDEF240D60979D080C565E9149437FFE0CFE6879ED2647A71B1DFB8AFE8F671063B47408D4A7D97CF76F5010BC07515C00F80E959363B743C0F74F69B54C82F9F48DDACD3970CD1D67E85A9CF7FE51C973E6797EF20B1FDDBF48CCB3F6893548D8720BE39EDDDBE011C4148F1D6F57DFB97249FBD9D769D3A581B63E5C1E21B57AC18E538D7B79875B69EB423E3DCEFC58AD6ED706AB1742B37C24E7F1807BC37ABD3FA77D7CB390E3A12112E0F4B6450709AEE0AD87BB0EE1F47E8E39D00EB62C094EF1DDB6A5C07A9B48E00245A19CB4DE246AF715005E5A0D8617A74DB41596AE3EC690A383A2A3694C150FFE392D82E83DC90021A01DFBC74DE7A55B61AC769B67BFEAE113039903E816EC1CB5E64746B9D95799ED7AD80EBA6D90051A8CB8A276F7B7B1AE72C6C0ADD271B568FA8A7B31F98193CBE9B6AB88963976778983776911B47BC4C6CDE280BD670BB3DE8AEE8D8D7547B2A11251C6D7E380A73B2EB4953014C6D61800891ACB8E7F8F4D386C0B79A08E2E1C17935728CB98EA7EC156217C7B437BC4E83D0876981986C53BA3BCA962EBDE9A2AEAF1049B561673803F0A248542DD6DC3E6A8BB2F03B987EA27088C1002F91FE1331F6B75F7937DDCB41F56BF393BF60256341C6A0CD99B566FA6146F98C67087ADC0606EDD60C4FE5E0349AB42E68BC63D301F5BA72F4ABCD627373E9BA19A1AFE08EB0F0E8D3741CBAE34409B45176B327B4E046C9422179E69F0AB9B7BEBCBADFA98552FBF81346DED54672753CAFC2FC5B5DA96FAF50CE7A5405CCBD7F784A776F6B10FB21C1B19DF6AFE6A1D9D3B1214E64D02E3DB7ABB6327E684CF965DBD271A8920B0"
"OODEFRAG12.00.00.01PROFESSIONAL"="310787DC84D573D11F231D80F6AD9197C244C075A12860C9BF5C8E8F7C0933A1C0D1916DED4BFE8AB05F2CB80FE80888803F10B6F4F42A72FB26CEA612F3A876B2926DF529998EF4E9E7923D41CC252CABD9C0923E77742CD42CA22979B0D41EBEBAE0C3722992E3755B8F708DF9A17901032B20E0B15EB137C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34528EDD5E5BE2F6E667B08C7E23656E0B5A52F0142F11D28E79325FD72052040FCA953DDAF50AABBCB4DA4A786163962B0BE828274F1FF12406414557D2DB4C9096168461D684F670FC78C202A238275BB591A66E30D0741EB7EABFEACFF6995C02CAF5809CC41549F4A04FB5C0F18E6E7FFBF96388A00E01A098B18CCA2583462AF8EA5199F2A41067905C6CC9868F3D03FE444044EAC6D4455890F72CCDF829A2854EB35322968D9526694602CCC0A3CB90388682F17AA7A1DDE7AF8F3B3861F3FC9FC70442319134E50A25DE838B00DAD022FA97DA590A247BD478479AD752178C70F418AD0D6F697967318A49B1B526FE5D240BAEE68F2CAD8ADA577F3FDFFB89EAE4311E19FB52AABE556323C3AE16FEDC4F17DB7AD19192CE24F75F2D7586E8C786A5B396127F6ADE417D78A8D387DBA38B2DB2BF6D9FEAFB66159630000C46578BFD711C9274CB2DE61E171C17CB41CC2E6F683782111C0176CF61AE7058607D69F7BE12DC2808207EC02FABEA2880844EB61834359A31DE6CFC63E03D2A1AAFDA056738DA887AC6839254BAC6D48E0DC80CBCDE2FE0582C27A422D35FB57A7BDECB1A9E7574A23FB3F68081A680043B3E313AB21DFEE11447830967D5A02C7EB5A46AAB9ABFA33E93040E888BCA9DF71219D4FE2F8245D4B009E5D12087FD6CE71E50193EB2478B69053E2F76C8BC416BEBB4689AEC1CBF0D5C6A9A4677630DBDF7A7F4570A7805C0F7B5297003E528390469661735A33B4AD42F9ECF74F2BBC5292E9F5F754799E7107DFB867843D1A8F063C4E1C33EC299FCAC8F4C75686652DB08D0D498674F7332808446981FF6307778A33C79F163EE18C1F1CCE5A0117A6C3E113C0CB13C39F990EEC3486D65868DE075E9A569BF0519B09DE52421D4966B393F99DAA08CD63760BE17E1C0FE28E03B04338F700D57A9A040B2830E594621CA8CFA855403A7698ACB5B315338D54E88E8E5F0F998A8A41B5A4F4BB4E06A04A57DEB01117151C909C03177011B136BAD1652771D3DFD1D8FC0DE3602BDAA44DFEE0034BF423BC1BE9B3CEACB43287EF5CD4C46916F1F544F9C06F20BD66FC2F68B4E7B6AEF0F706E2FA23358E3A0830CA7AD7237B419C59069EEA405286813C956F127C28BBCA741A291ECED42CE2B821052850EA7BE9C6F7A"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\a67ae326-3297-6599-1022-2628e64ee21]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1w41w0ccvz2wg"=hex:39,65,63,62,32,62,35,36,2d,62,37,66,36,2d,34,65,63,64,2d,
38,66,37,65,2d,34,31,62,35,65,34,33,32,64,35,36,30
"19mawmnngh07b"=hex:65,00,00,00,f8,00,00,00,ad,28,8f,82,54,59,44,59,54,00,00,
00,00,00,00,00,00,00,00,00,56,2b,cb,9e,f6,b7,cd,4e,8f,7e,41,b5,e4,32,d5,60,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-03 19:10:12
ComboFix-quarantined-files.txt 2010-11-03 18:10
Před spuštěním: Volných bajtů: 15 714 963 456
Po spuštění: Volných bajtů: 15 715 385 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/noguiboot/NoExecute=OptIn
- - End Of File - - 6145394B66BB165E403489E306F35B59
Kontrola logu ComboFix Vyřešeno
Kontrola logu ComboFix Vyřešeno
Naposledy upravil(a) josefh dne 03 lis 2010 19:43, celkem upraveno 1 x.
-
Stene
- Level 6
- Příspěvky: 3124
- Registrován: únor 09
- Bydliště: Jihlava
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu ComboFix
Zapomněl jsi ten log přidat.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti