Fb vir
Napsal: 29 čer 2014 15:17
Dobrý den,
můj počítač chytil fejsbukový hahaha vir - ani nevím, že jsem na odkaz ve zprávě chytla, ale asi ano.
Použila jsem ComboFix, log po projetí počítače přikládám.
Poradíte mi rposím s dalšími kroky?
Děkuji§
Adéla
ComboFix 14-06-27.01 - plischke 28.06.2014 23:33:29.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3032.1187 [GMT 2:00]
Spuštěný z: c:\users\plischke\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CostMin
c:\program files\CostMin\Lux.dat
c:\program files\CostMin\Lux.dll
c:\program files\CostMin\Lux.tlb
c:\program files\CostMin\Lux.x64.dll
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\program files\Supporter\Supporter.dll
c:\program files\Supporter\SupporterSvc.dll
c:\programdata\CostMin
c:\programdata\CostMin\rFuR.dat
c:\programdata\CostMin\rFuR.exe
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\bootstrap.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\content\bg.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\chrome.manifest
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\install.rdf
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\bootstrap.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\content\bg.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\chrome.manifest
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\install.rdf
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\XfNb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\JUrAc.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\hRpoUCJD.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aodinkklhfllkopijpdlmidikgogencd_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aodinkklhfllkopijpdlmidikgogencd_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikpkemjfbaoafejbhakmplbnooedmjoo_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikpkemjfbaoafejbhakmplbnooedmjoo_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaacjelpfohbhlffbajgliongkdofkfg_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaacjelpfohbhlffbajgliongkdofkfg_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\plischke\AppData\Local\Temp\_MEI33282\_ctypes.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_elementtree.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_hashlib.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_multiprocessing.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_socket.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_ssl.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\pyexpat.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\pysqlite2._sqlite.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\python27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\pythoncom27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\PyWinTypes27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\select.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\unicodedata.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32api.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32com.shell.shell.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32crypt.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32event.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32file.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32gui.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32inet.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32pdh.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32pipe.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32process.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32profile.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32security.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32ts.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\windows._lib_cacheinvalidation.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._animate.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._controls_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._core_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._gdi_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._html2.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._misc_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._windows_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._wizard.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxbase294u_net_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxbase294u_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_adv_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_core_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_html_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_webview_vc90.dll
c:\users\plischke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr0epik.dll
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\bootstrap.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\content\bg.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\chrome.manifest
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\install.rdf
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\bootstrap.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\content\bg.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\chrome.manifest
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\install.rdf
c:\users\plischke\Documents\metconv.log
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-28 )))))))))))))))))))))))))))))))
.
.
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\lukas.skala\AppData\Local\temp
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\jan.sadilek\AppData\Local\temp
2014-06-27 17:30 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 09:44 . 2014-06-25 09:44 -------- d-----w- c:\programdata\RoboSaver
2014-06-25 05:46 . 2014-06-25 05:46 -------- d-----w- c:\programdata\F-Secure
2014-06-24 06:42 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{992FF1E2-CAA1-4235-9A09-B49C6DA44284}\gapaengine.dll
2014-06-18 12:19 . 2014-06-18 12:19 -------- d-----w- c:\programdata\FuneDealis
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\program files\TowerTilt
2014-06-11 19:12 . 2014-06-25 09:44 -------- d-----w- c:\programdata\e8f92cc3cc57ce10
2014-06-11 19:12 . 2014-06-28 21:41 -------- d-----w- c:\program files\Supporter
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Chromatic Browser
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Torch
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Chromatic Browser
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Torch
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Comodo
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\program files\buenosearch LTD
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\Admin\AppData\Local\Comodo
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\Guest
2014-06-11 19:11 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Google
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\plischke\AppData\Roaming\buenosearch LTD
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\plischke\AppData\Roaming\BabSolution
2014-06-11 19:10 . 2014-06-11 19:10 -------- d-----w- c:\program files\YourFileDownloader
2014-06-04 07:36 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-28 21:54 . 2014-06-28 21:54 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DC0A079-FA0D-4912-AD76-853AB535A140}\MpKsl7ad28067.sys
2014-06-13 13:20 . 2014-05-28 14:29 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 10:27 . 2012-12-13 07:58 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 10:27 . 2012-12-13 07:58 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-28 14:28 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-05-28 14:28 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-28 14:28 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 23:37 . 2014-05-23 15:09 8073384 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7822D4E-6F03-49EE-AB79-9B2361DBCD22}\mpengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3E9534AE-96F1-E48E-4234-F2AFE7CACE71}]
2014-06-25 09:44 371200 ----a-w- c:\programdata\RoboSaver\zaMO8Le.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5770A26D-BE16-F77E-7B4D-420BE3B63E3E}]
2014-06-18 12:19 371200 ----a-w- c:\programdata\FuneDealis\p.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b66b1fee-a932-4d59-a008-b1b31e7e7e9f}]
2014-06-10 23:31 249632 ----a-w- c:\program files\TowerTilt\E3BA08CF-6891-475C-865F-01F32F02329B.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\users\jan.sadilek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
c:\users\plischke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\plischke\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 40030ae4;Supporter;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL7AD28067
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 20:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 10:27]
.
2014-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3227926975-320046037-3958226496-1001Core.job
- c:\users\plischke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-23 16:19]
.
2014-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3227926975-320046037-3958226496-1001UA.job
- c:\users\plischke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-23 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 6&tsp=5275
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 6&tsp=5275
FF - ExtSQL: 2014-06-11 01:31; firefox@Towertilt.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\firefox@Towertilt.com.xpi
FF - ExtSQL: 2014-06-11 21:12; ffxtlbr@buenosearch.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\ffxtlbr@buenosearch.com
FF - ExtSQL: 2014-06-25 07:44; nouidxlgw@zvygrdgouo.org; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org
FF - ExtSQL: 2014-06-25 07:44; e-1cc846x@kgyqeg-uiia.co.uk; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\e-1cc846x@kgyqeg-uiia.co.uk
FF - ExtSQL: 2014-06-25 11:45; uyu.ldry@oow-mal.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com
FF - ExtSQL: !HIDDEN! 2009-09-15 07:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 6&tsp=5275
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 6&tsp=5275
FF - user.js: extensions.buenosearch.id - b097747b00000000000000ff8ac495b9
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16232
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.721:12
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - cs
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{A1CF0544-8AF9-DF97-EE1E-D42E1B12DA61} - c:\program files\CostMin\Lux.dll
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
c:\users\jan.sadilek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{2F5F003B-C71B-72E3-42B4-DE51AB079EB2} - c:\programdata\CostMin\rFuR.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4} - c:\progra~1\SUPPOR~1\SUPPOR~1.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-28 23:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
.
skenování skrytých souborů ...
.
.
c:\users\plischke\AppData\Roaming\Dropbox\PENDING_jydzh7 6144 bytes
c:\users\plischke\AppData\Roaming\Dropbox\TO_HASH_yw551z 7168 bytes
c:\users\plischke\AppData\Roaming\Dropbox\UPDATED_8mvdpo 6144 bytes
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\YourFileDownloader Updater\YourFileUpdater.exe
c:\program files\Microsoft Security Client\NisSrv.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\users\plischke\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2014-06-28 23:58:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-28 21:58
.
Před spuštěním: Volných bajtů: 114 958 794 752
Po spuštění: Volných bajtů: 116 372 463 616
.
- - End Of File - - 26E1F7FACD81A5F91EE8C36C26F88F13
5C616939100B85E558DA92B899A0FC36
můj počítač chytil fejsbukový hahaha vir - ani nevím, že jsem na odkaz ve zprávě chytla, ale asi ano.
Použila jsem ComboFix, log po projetí počítače přikládám.
Poradíte mi rposím s dalšími kroky?
Děkuji§
Adéla
ComboFix 14-06-27.01 - plischke 28.06.2014 23:33:29.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3032.1187 [GMT 2:00]
Spuštěný z: c:\users\plischke\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CostMin
c:\program files\CostMin\Lux.dat
c:\program files\CostMin\Lux.dll
c:\program files\CostMin\Lux.tlb
c:\program files\CostMin\Lux.x64.dll
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\program files\Supporter\Supporter.dll
c:\program files\Supporter\SupporterSvc.dll
c:\programdata\CostMin
c:\programdata\CostMin\rFuR.dat
c:\programdata\CostMin\rFuR.exe
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\bootstrap.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\content\bg.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\chrome.manifest
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\nouidxlgw@zvygrdgouo.org\install.rdf
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\bootstrap.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\content\bg.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\chrome.manifest
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w2f3yoq9.default\extensions\staged\uyu.ldry@oow-mal.com\install.rdf
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodinkklhfllkopijpdlmidikgogencd\6.1\XfNb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\JUrAc.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpkemjfbaoafejbhakmplbnooedmjoo\2.2\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\background.html
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\content.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\hRpoUCJD.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\lsdb.js
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaacjelpfohbhlffbajgliongkdofkfg\168\manifest.json
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aodinkklhfllkopijpdlmidikgogencd_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aodinkklhfllkopijpdlmidikgogencd_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikpkemjfbaoafejbhakmplbnooedmjoo_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikpkemjfbaoafejbhakmplbnooedmjoo_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaacjelpfohbhlffbajgliongkdofkfg_0.localstorage-journal
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaacjelpfohbhlffbajgliongkdofkfg_0.localstorage
c:\users\plischke\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\plischke\AppData\Local\Temp\_MEI33282\_ctypes.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_elementtree.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_hashlib.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_multiprocessing.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_socket.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\_ssl.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\pyexpat.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\pysqlite2._sqlite.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\python27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\pythoncom27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\PyWinTypes27.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\select.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\unicodedata.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32api.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32com.shell.shell.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32crypt.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32event.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32file.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32gui.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32inet.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32pdh.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32pipe.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32process.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32profile.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32security.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\win32ts.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\windows._lib_cacheinvalidation.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._animate.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._controls_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._core_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._gdi_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._html2.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._misc_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._windows_.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wx._wizard.pyd
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxbase294u_net_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxbase294u_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_adv_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_core_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_html_vc90.dll
c:\users\plischke\AppData\Local\Temp\_MEI33282\wxmsw294u_webview_vc90.dll
c:\users\plischke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr0epik.dll
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\bootstrap.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\content\bg.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\chrome.manifest
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org\install.rdf
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\bootstrap.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\content\bg.js
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\chrome.manifest
c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com\install.rdf
c:\users\plischke\Documents\metconv.log
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-28 )))))))))))))))))))))))))))))))
.
.
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\lukas.skala\AppData\Local\temp
2014-06-28 21:42 . 2014-06-28 21:42 -------- d-----w- c:\users\jan.sadilek\AppData\Local\temp
2014-06-27 17:30 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 09:44 . 2014-06-25 09:44 -------- d-----w- c:\programdata\RoboSaver
2014-06-25 05:46 . 2014-06-25 05:46 -------- d-----w- c:\programdata\F-Secure
2014-06-24 06:42 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{992FF1E2-CAA1-4235-9A09-B49C6DA44284}\gapaengine.dll
2014-06-18 12:19 . 2014-06-18 12:19 -------- d-----w- c:\programdata\FuneDealis
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\program files\TowerTilt
2014-06-11 19:12 . 2014-06-25 09:44 -------- d-----w- c:\programdata\e8f92cc3cc57ce10
2014-06-11 19:12 . 2014-06-28 21:41 -------- d-----w- c:\program files\Supporter
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Chromatic Browser
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Torch
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Chromatic Browser
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Torch
2014-06-11 19:12 . 2014-06-11 19:12 -------- d-----w- c:\users\plischke\AppData\Local\Comodo
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\program files\buenosearch LTD
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\Admin\AppData\Local\Comodo
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\Guest
2014-06-11 19:11 . 2014-06-11 19:12 -------- d-----w- c:\users\Admin\AppData\Local\Google
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\plischke\AppData\Roaming\buenosearch LTD
2014-06-11 19:11 . 2014-06-11 19:11 -------- d-----w- c:\users\plischke\AppData\Roaming\BabSolution
2014-06-11 19:10 . 2014-06-11 19:10 -------- d-----w- c:\program files\YourFileDownloader
2014-06-04 07:36 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-28 21:54 . 2014-06-28 21:54 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DC0A079-FA0D-4912-AD76-853AB535A140}\MpKsl7ad28067.sys
2014-06-13 13:20 . 2014-05-28 14:29 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 10:27 . 2012-12-13 07:58 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 10:27 . 2012-12-13 07:58 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-28 14:28 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-05-28 14:28 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-28 14:28 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 23:37 . 2014-05-23 15:09 8073384 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7822D4E-6F03-49EE-AB79-9B2361DBCD22}\mpengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3E9534AE-96F1-E48E-4234-F2AFE7CACE71}]
2014-06-25 09:44 371200 ----a-w- c:\programdata\RoboSaver\zaMO8Le.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5770A26D-BE16-F77E-7B4D-420BE3B63E3E}]
2014-06-18 12:19 371200 ----a-w- c:\programdata\FuneDealis\p.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b66b1fee-a932-4d59-a008-b1b31e7e7e9f}]
2014-06-10 23:31 249632 ----a-w- c:\program files\TowerTilt\E3BA08CF-6891-475C-865F-01F32F02329B.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\plischke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\users\jan.sadilek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
c:\users\plischke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\plischke\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 40030ae4;Supporter;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL7AD28067
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 20:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 10:27]
.
2014-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3227926975-320046037-3958226496-1001Core.job
- c:\users\plischke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-23 16:19]
.
2014-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3227926975-320046037-3958226496-1001UA.job
- c:\users\plischke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-23 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 6&tsp=5275
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 6&tsp=5275
FF - ExtSQL: 2014-06-11 01:31; firefox@Towertilt.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\firefox@Towertilt.com.xpi
FF - ExtSQL: 2014-06-11 21:12; ffxtlbr@buenosearch.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\ffxtlbr@buenosearch.com
FF - ExtSQL: 2014-06-25 07:44; nouidxlgw@zvygrdgouo.org; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\nouidxlgw@zvygrdgouo.org
FF - ExtSQL: 2014-06-25 07:44; e-1cc846x@kgyqeg-uiia.co.uk; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\e-1cc846x@kgyqeg-uiia.co.uk
FF - ExtSQL: 2014-06-25 11:45; uyu.ldry@oow-mal.com; c:\users\plischke\AppData\Roaming\Mozilla\Firefox\Profiles\vrphudod.default\extensions\uyu.ldry@oow-mal.com
FF - ExtSQL: !HIDDEN! 2009-09-15 07:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 6&tsp=5275
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 6&tsp=5275
FF - user.js: extensions.buenosearch.id - b097747b00000000000000ff8ac495b9
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16232
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.721:12
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - cs
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{A1CF0544-8AF9-DF97-EE1E-D42E1B12DA61} - c:\program files\CostMin\Lux.dll
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
c:\users\jan.sadilek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{2F5F003B-C71B-72E3-42B4-DE51AB079EB2} - c:\programdata\CostMin\rFuR.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4} - c:\progra~1\SUPPOR~1\SUPPOR~1.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-28 23:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H????????????2?????w????????????0???<???????|??????w???w????3 ?w!??w??????????????????F?L???~z?v????????????????+?A?????????J?A??8????????????F?$l@?`???????????? A?I???????J?A?[?@??????v@??????8????@????????
.
skenování skrytých souborů ...
.
.
c:\users\plischke\AppData\Roaming\Dropbox\PENDING_jydzh7 6144 bytes
c:\users\plischke\AppData\Roaming\Dropbox\TO_HASH_yw551z 7168 bytes
c:\users\plischke\AppData\Roaming\Dropbox\UPDATED_8mvdpo 6144 bytes
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\YourFileDownloader Updater\YourFileUpdater.exe
c:\program files\Microsoft Security Client\NisSrv.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\users\plischke\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2014-06-28 23:58:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-28 21:58
.
Před spuštěním: Volných bajtů: 114 958 794 752
Po spuštění: Volných bajtů: 116 372 463 616
.
- - End Of File - - 26E1F7FACD81A5F91EE8C36C26F88F13
5C616939100B85E558DA92B899A0FC36
Kdo vam poradil ComboFix? 
Stahnete AdwCleaner 
