Kontrola logu z ComboFix
Napsal: 15 dub 2014 08:42
Dobrý den
Prosím vás o kontrolu logu z ComboFix, počítač neměl antivir, nyní je zpomalený, využití CPU 100% a paměti RAM téměř také 100%, v pozadí běží mnoho podezřelých procesů.
Děkuji předem
ComboFix 14-04-12.01 - Nikola Havlíčková 15.04.2014 8:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.512.230 [GMT 2:00]
Spuštěný z: c:\documents and settings\Nikola Havlíčková\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\NIKOLA~1\LOCALS~1\Temp\Elyh\naus.exe
c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
c:\documents and settings\All Users\wpsfng.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
c:\documents and settings\Nikola Havlíčková\Local Settings\Temp\Elyh\naus.exe
c:\documents and settings\Nikola Havlíčková\Nabídka Start\Programy\Po spuštění\checkupdate.exe
C:\install.exe
c:\program files\Better-Surf\ie\BeTTersrf.dll
c:\program files\BetterSurf\BetterSurfPlus\ie\BeTTersrf.dll
c:\program files\BetterSurf\ie\BeTTersurf.dll
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome.manifest
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271ffaction.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\default\MediaPlayerV1alpha271_32.png
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\overlay.xul
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\install.rdf
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ch\MediaPlayerV1alpha271.crx
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
c:\program files\MediaViewerV1
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome.manifest
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242ffaction.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\default\MediaViewerV1alpha242_32.png
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\overlay.xul
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\install.rdf
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ch\MediaViewerV1alpha242.crx
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
c:\program files\MediaWatchV1
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome.manifest
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342ffaction.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\default\MediaWatchV1home2342_32.png
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\overlay.xul
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\install.rdf
c:\program files\MediaWatchV1\MediaWatchV1home2342\ch\MediaWatchV1home2342.crx
c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
c:\program files\VideoPlayerV3
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome.manifest
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170ffaction.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\default\VideoPlayerV3beta170_32.png
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\Thumbs.db
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\overlay.xul
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\install.rdf
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ch\VideoPlayerV3beta170.crx
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ie\ViDEoplayerv3beta170.dll
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
c:\program files\WebexpEnhancedV1
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome.manifest
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50ffaction.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\default\WebexpEnhancedV1alpha50_32.png
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\Thumbs.db
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\overlay.xul
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\install.rdf
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ch\WebexpEnhancedV1alpha50.crx
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
c:\windows\regedit.com
c:\windows\system32\drivers\2b20afdd85816ac8.sys
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\msssc.dll
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_SEEKEEN_SERVICE
-------\Service_FreezeScreenSaver
-------\Legacy_2b20afdd85816ac8
-------\Service_2b20afdd85816ac8
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-15 do 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-02 17:42 . 2014-04-02 17:41 38400 --sha-w- c:\windows\president.exe
2014-04-02 17:41 . 2014-04-02 17:41 38400 --sha-w- c:\windows\zkz.exe
2014-04-02 17:41 . 2014-04-02 17:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\txaqi
2014-03-25 13:48 . 2014-04-15 06:51 1409 ----a-w- c:\windows\QTFont.for
2014-03-23 17:55 . 2014-03-23 17:55 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-03-23 17:53 . 2014-03-23 17:53 55224 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-03-17 15:11 . 2014-03-17 15:11 -------- d-----w- c:\documents and settings\Nikola Havlíčková\Data aplikací\Mahy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-12-01 17:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-12-01 17:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-09-29 07:07 . 2011-10-08 19:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ceba2399-265c-4189-9a81-390dd094725d}]
2014-02-27 20:07 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha8886\ie\MediaViewV1alpha8886.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d15292e6-809c-4e38-a756-45fd05e68efa}]
2014-02-26 18:24 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha1097\ie\MediaViewV1alpha1097.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-02-23 2251064]
"cz.seznam.software.autoupdate"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Udmedia"="c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll" [2014-03-12 237568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-28 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-28 08:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Team Factor\\tf.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Nikola Havlíčková\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R?2 gupdate1ca6d177fd2f4cc;Služba Google Update (gupdate1ca6d177fd2f4cc);c:\program files\Google\Update\GoogleUpdate.exe [24.11.2009 17:04 133104]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [23.3.2014 19:53 55224]
R2 president-kbr;president;c:\windows\president.exe [2.4.2014 19:42 38400]
R2 Update LemurLeap;Update LemurLeap;c:\program files\LemurLeap\updateLemurLeap.exe [3.10.2013 22:36 350496]
R2 Util LemurLeap;Util LemurLeap;c:\program files\LemurLeap\bin\utilLemurLeap.exe [6.10.2013 19:04 348448]
R2 zkz;zkz;c:\windows\zkz.exe [2.4.2014 19:41 38400]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16.1.2014 2:39 235696]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [6.10.2011 15:55 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 15:59 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 16:53]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Nikola Havlíčková\Data aplikací\Mozilla\Firefox\Profiles\tsr7iw02.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-24 18:34; ext@MediaViewerV1alpha242.net; c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff
FF - ExtSQL: 2014-02-28 16:10; ext@MediaViewV1alpha1097.net; c:\program files\MediaViewV1\MediaViewV1alpha1097\ff
FF - ExtSQL: 2014-03-17 16:11; ext@MediaViewV1alpha8886.net; c:\program files\MediaViewV1\MediaViewV1alpha8886\ff
FF - ExtSQL: 2014-03-23 18:20; ext@MediaWatchV1home2342.net; c:\program files\MediaWatchV1\MediaWatchV1home2342\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_entering_secure - false
FF - user.js: security.warn_entering_weak - false
FF - user.js: security.warn_leaving_secure - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4b78a33d-2c59-4b06-b6da-5e326b303d85} - c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
BHO-{a58de230-28af-4827-a7a8-cb7ed43a37a6} - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
BHO-{db2a0b24-3c82-4a02-90e2-81432927489c} - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
BHO-{fbb5fa1d-0e74-4f0f-bd95-35a83e1cfb2c} - c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
HKCU-Run-vmware-unity - c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
HKCU-Run-guljoiyx - c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
HKLM-Run-wpsfng - c:\documents and settings\All Users\wpsfng.exe
HKLM-Run-updatesvc - c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
MSConfigStartUp-ICQ - ~c:\program files\ICQ6\ICQ.exe
AddRemove-MediaPlayerV1alpha271 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
AddRemove-MediaViewerV1alpha242 - c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
AddRemove-MediaWatchV1home2342 - c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
AddRemove-Video Player - c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-15 08:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-746137067-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7240)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\regsvr32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\LemurLeap\bin\FilterApp_C.exe
c:\program files\LemurLeap\bin\XTLSApp.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\dwwin.exe
c:\program files\Google\Update\Install\{8CB976CD-F6EB-43C4-8322-8C4897EAB48F}\34.0.1847.116_33.0.1750.154_chrome_updater.exe
c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_AA050.tmp\setup.exe
.
**************************************************************************
.
Celkový čas: 2014-04-15 09:05:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-15 07:04
.
Před spuštěním: Volných bajtů: 45 339 832 320
Po spuštění: Volných bajtů: 45 840 097 280
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1D59D323F7014A0349355CF298B4D8AE
413FC2A0C716421B3158746D63736515
Prosím vás o kontrolu logu z ComboFix, počítač neměl antivir, nyní je zpomalený, využití CPU 100% a paměti RAM téměř také 100%, v pozadí běží mnoho podezřelých procesů.
Děkuji předem
ComboFix 14-04-12.01 - Nikola Havlíčková 15.04.2014 8:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.512.230 [GMT 2:00]
Spuštěný z: c:\documents and settings\Nikola Havlíčková\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\NIKOLA~1\LOCALS~1\Temp\Elyh\naus.exe
c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
c:\documents and settings\All Users\wpsfng.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
c:\documents and settings\Nikola Havlíčková\Local Settings\Temp\Elyh\naus.exe
c:\documents and settings\Nikola Havlíčková\Nabídka Start\Programy\Po spuštění\checkupdate.exe
C:\install.exe
c:\program files\Better-Surf\ie\BeTTersrf.dll
c:\program files\BetterSurf\BetterSurfPlus\ie\BeTTersrf.dll
c:\program files\BetterSurf\ie\BeTTersurf.dll
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome.manifest
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271ffaction.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\default\MediaPlayerV1alpha271_32.png
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\overlay.xul
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\install.rdf
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ch\MediaPlayerV1alpha271.crx
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
c:\program files\MediaViewerV1
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome.manifest
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242ffaction.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\default\MediaViewerV1alpha242_32.png
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\overlay.xul
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\install.rdf
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ch\MediaViewerV1alpha242.crx
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
c:\program files\MediaWatchV1
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome.manifest
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342ffaction.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\default\MediaWatchV1home2342_32.png
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\overlay.xul
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\install.rdf
c:\program files\MediaWatchV1\MediaWatchV1home2342\ch\MediaWatchV1home2342.crx
c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
c:\program files\VideoPlayerV3
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome.manifest
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170ffaction.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\default\VideoPlayerV3beta170_32.png
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\Thumbs.db
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\overlay.xul
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\install.rdf
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ch\VideoPlayerV3beta170.crx
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ie\ViDEoplayerv3beta170.dll
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
c:\program files\WebexpEnhancedV1
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome.manifest
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50ffaction.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\default\WebexpEnhancedV1alpha50_32.png
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\Thumbs.db
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\overlay.xul
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\install.rdf
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ch\WebexpEnhancedV1alpha50.crx
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
c:\windows\regedit.com
c:\windows\system32\drivers\2b20afdd85816ac8.sys
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\msssc.dll
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_SEEKEEN_SERVICE
-------\Service_FreezeScreenSaver
-------\Legacy_2b20afdd85816ac8
-------\Service_2b20afdd85816ac8
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-15 do 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-02 17:42 . 2014-04-02 17:41 38400 --sha-w- c:\windows\president.exe
2014-04-02 17:41 . 2014-04-02 17:41 38400 --sha-w- c:\windows\zkz.exe
2014-04-02 17:41 . 2014-04-02 17:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\txaqi
2014-03-25 13:48 . 2014-04-15 06:51 1409 ----a-w- c:\windows\QTFont.for
2014-03-23 17:55 . 2014-03-23 17:55 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-03-23 17:53 . 2014-03-23 17:53 55224 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-03-17 15:11 . 2014-03-17 15:11 -------- d-----w- c:\documents and settings\Nikola Havlíčková\Data aplikací\Mahy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-12-01 17:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-12-01 17:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-09-29 07:07 . 2011-10-08 19:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ceba2399-265c-4189-9a81-390dd094725d}]
2014-02-27 20:07 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha8886\ie\MediaViewV1alpha8886.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d15292e6-809c-4e38-a756-45fd05e68efa}]
2014-02-26 18:24 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha1097\ie\MediaViewV1alpha1097.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-02-23 2251064]
"cz.seznam.software.autoupdate"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Udmedia"="c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll" [2014-03-12 237568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-28 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-28 08:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Team Factor\\tf.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Nikola Havlíčková\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R?2 gupdate1ca6d177fd2f4cc;Služba Google Update (gupdate1ca6d177fd2f4cc);c:\program files\Google\Update\GoogleUpdate.exe [24.11.2009 17:04 133104]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [23.3.2014 19:53 55224]
R2 president-kbr;president;c:\windows\president.exe [2.4.2014 19:42 38400]
R2 Update LemurLeap;Update LemurLeap;c:\program files\LemurLeap\updateLemurLeap.exe [3.10.2013 22:36 350496]
R2 Util LemurLeap;Util LemurLeap;c:\program files\LemurLeap\bin\utilLemurLeap.exe [6.10.2013 19:04 348448]
R2 zkz;zkz;c:\windows\zkz.exe [2.4.2014 19:41 38400]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16.1.2014 2:39 235696]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [6.10.2011 15:55 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 15:59 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 16:53]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Nikola Havlíčková\Data aplikací\Mozilla\Firefox\Profiles\tsr7iw02.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-24 18:34; ext@MediaViewerV1alpha242.net; c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff
FF - ExtSQL: 2014-02-28 16:10; ext@MediaViewV1alpha1097.net; c:\program files\MediaViewV1\MediaViewV1alpha1097\ff
FF - ExtSQL: 2014-03-17 16:11; ext@MediaViewV1alpha8886.net; c:\program files\MediaViewV1\MediaViewV1alpha8886\ff
FF - ExtSQL: 2014-03-23 18:20; ext@MediaWatchV1home2342.net; c:\program files\MediaWatchV1\MediaWatchV1home2342\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_entering_secure - false
FF - user.js: security.warn_entering_weak - false
FF - user.js: security.warn_leaving_secure - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4b78a33d-2c59-4b06-b6da-5e326b303d85} - c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
BHO-{a58de230-28af-4827-a7a8-cb7ed43a37a6} - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
BHO-{db2a0b24-3c82-4a02-90e2-81432927489c} - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
BHO-{fbb5fa1d-0e74-4f0f-bd95-35a83e1cfb2c} - c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
HKCU-Run-vmware-unity - c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
HKCU-Run-guljoiyx - c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
HKLM-Run-wpsfng - c:\documents and settings\All Users\wpsfng.exe
HKLM-Run-updatesvc - c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
MSConfigStartUp-ICQ - ~c:\program files\ICQ6\ICQ.exe
AddRemove-MediaPlayerV1alpha271 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
AddRemove-MediaViewerV1alpha242 - c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
AddRemove-MediaWatchV1home2342 - c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
AddRemove-Video Player - c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-15 08:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-746137067-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7240)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\regsvr32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\LemurLeap\bin\FilterApp_C.exe
c:\program files\LemurLeap\bin\XTLSApp.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\dwwin.exe
c:\program files\Google\Update\Install\{8CB976CD-F6EB-43C4-8322-8C4897EAB48F}\34.0.1847.116_33.0.1750.154_chrome_updater.exe
c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_AA050.tmp\setup.exe
.
**************************************************************************
.
Celkový čas: 2014-04-15 09:05:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-15 07:04
.
Před spuštěním: Volných bajtů: 45 339 832 320
Po spuštění: Volných bajtů: 45 840 097 280
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1D59D323F7014A0349355CF298B4D8AE
413FC2A0C716421B3158746D63736515
Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?
Udelejte 