Kontrola logu z ComboFix

Zpráva

driedl · #1 Příspěvek od **driedl** » 15 dub 2014 08:42

Dobrý den
Prosím vás o kontrolu logu z ComboFix, počítač neměl antivir, nyní je zpomalený, využití CPU 100% a paměti RAM téměř také 100%, v pozadí běží mnoho podezřelých procesů.
Děkuji předem

ComboFix 14-04-12.01 - Nikola Havlíčková 15.04.2014 8:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.512.230 [GMT 2:00]
Spuštěný z: c:\documents and settings\Nikola Havlíčková\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\NIKOLA~1\LOCALS~1\Temp\Elyh\naus.exe
c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
c:\documents and settings\All Users\wpsfng.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
c:\documents and settings\Nikola Havlíčková\Local Settings\Temp\Elyh\naus.exe
c:\documents and settings\Nikola Havlíčková\Nabídka Start\Programy\Po spuštění\checkupdate.exe
C:\install.exe
c:\program files\Better-Surf\ie\BeTTersrf.dll
c:\program files\BetterSurf\BetterSurfPlus\ie\BeTTersrf.dll
c:\program files\BetterSurf\ie\BeTTersurf.dll
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome.manifest
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\ffMediaPlayerV1alpha271ffaction.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\default\MediaPlayerV1alpha271_32.png
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\chrome\content\overlay.xul
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ff\install.rdf
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ch\MediaPlayerV1alpha271.crx
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
c:\program files\MediaViewerV1
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome.manifest
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\ffMediaViewerV1alpha242ffaction.js
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\default\MediaViewerV1alpha242_32.png
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\chrome\content\overlay.xul
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff\install.rdf
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ch\MediaViewerV1alpha242.crx
c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
c:\program files\MediaWatchV1
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome.manifest
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\ffMediaWatchV1home2342ffaction.js
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\default\MediaWatchV1home2342_32.png
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\chrome\content\overlay.xul
c:\program files\MediaWatchV1\MediaWatchV1home2342\ff\install.rdf
c:\program files\MediaWatchV1\MediaWatchV1home2342\ch\MediaWatchV1home2342.crx
c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
c:\program files\VideoPlayerV3
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome.manifest
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\ffVideoPlayerV3beta170ffaction.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\default\VideoPlayerV3beta170_32.png
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\icons\Thumbs.db
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\chrome\content\overlay.xul
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ff\install.rdf
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ch\VideoPlayerV3beta170.crx
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\ie\ViDEoplayerv3beta170.dll
c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
c:\program files\WebexpEnhancedV1
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome.manifest
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\ffWebexpEnhancedV1alpha50ffaction.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\default\WebexpEnhancedV1alpha50_32.png
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\icons\Thumbs.db
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\chrome\content\overlay.xul
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ff\install.rdf
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ch\WebexpEnhancedV1alpha50.crx
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
c:\windows\regedit.com
c:\windows\system32\drivers\2b20afdd85816ac8.sys
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\msssc.dll
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_SEEKEEN_SERVICE
-------\Service_FreezeScreenSaver
-------\Legacy_2b20afdd85816ac8
-------\Service_2b20afdd85816ac8
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-15 do 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-02 17:42 . 2014-04-02 17:41 38400 --sha-w- c:\windows\president.exe
2014-04-02 17:41 . 2014-04-02 17:41 38400 --sha-w- c:\windows\zkz.exe
2014-04-02 17:41 . 2014-04-02 17:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\txaqi
2014-03-25 13:48 . 2014-04-15 06:51 1409 ----a-w- c:\windows\QTFont.for
2014-03-23 17:55 . 2014-03-23 17:55 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-03-23 17:53 . 2014-03-23 17:53 55224 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-03-17 15:11 . 2014-03-17 15:11 -------- d-----w- c:\documents and settings\Nikola Havlíčková\Data aplikací\Mahy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-12-01 17:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-12-01 17:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-09-29 07:07 . 2011-10-08 19:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ceba2399-265c-4189-9a81-390dd094725d}]
2014-02-27 20:07 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha8886\ie\MediaViewV1alpha8886.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d15292e6-809c-4e38-a756-45fd05e68efa}]
2014-02-26 18:24 87040 ----a-w- c:\program files\MediaViewV1\MediaViewV1alpha1097\ie\MediaViewV1alpha1097.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-02-23 2251064]
"cz.seznam.software.autoupdate"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Nikola Havlíčková\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Udmedia"="c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll" [2014-03-12 237568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-28 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-28 08:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Team Factor\\tf.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Nikola Havlíčková\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R?2 gupdate1ca6d177fd2f4cc;Služba Google Update (gupdate1ca6d177fd2f4cc);c:\program files\Google\Update\GoogleUpdate.exe [24.11.2009 17:04 133104]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [23.3.2014 19:53 55224]
R2 president-kbr;president;c:\windows\president.exe [2.4.2014 19:42 38400]
R2 Update LemurLeap;Update LemurLeap;c:\program files\LemurLeap\updateLemurLeap.exe [3.10.2013 22:36 350496]
R2 Util LemurLeap;Util LemurLeap;c:\program files\LemurLeap\bin\utilLemurLeap.exe [6.10.2013 19:04 348448]
R2 zkz;zkz;c:\windows\zkz.exe [2.4.2014 19:41 38400]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\NIKOLA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16.1.2014 2:39 235696]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [6.10.2011 15:55 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 15:59 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 16:53]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 15:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Nikola Havlíčková\Data aplikací\Mozilla\Firefox\Profiles\tsr7iw02.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-24 18:34; ext@MediaViewerV1alpha242.net; c:\program files\MediaViewerV1\MediaViewerV1alpha242\ff
FF - ExtSQL: 2014-02-28 16:10; ext@MediaViewV1alpha1097.net; c:\program files\MediaViewV1\MediaViewV1alpha1097\ff
FF - ExtSQL: 2014-03-17 16:11; ext@MediaViewV1alpha8886.net; c:\program files\MediaViewV1\MediaViewV1alpha8886\ff
FF - ExtSQL: 2014-03-23 18:20; ext@MediaWatchV1home2342.net; c:\program files\MediaWatchV1\MediaWatchV1home2342\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_entering_secure - false
FF - user.js: security.warn_entering_weak - false
FF - user.js: security.warn_leaving_secure - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4b78a33d-2c59-4b06-b6da-5e326b303d85} - c:\program files\MediaViewerV1\MediaViewerV1alpha242\ie\MediaViewerV1alpha242.dll
BHO-{a58de230-28af-4827-a7a8-cb7ed43a37a6} - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\ie\MediaPlayerV1alpha271.dll
BHO-{db2a0b24-3c82-4a02-90e2-81432927489c} - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\ie\WebexpEnhancedV1alpha50.dll
BHO-{fbb5fa1d-0e74-4f0f-bd95-35a83e1cfb2c} - c:\program files\MediaWatchV1\MediaWatchV1home2342\ie\MediaWatchV1home2342.dll
HKCU-Run-vmware-unity - c:\documents and settings\Nikola Havlíčková\Data aplikací\vmware-unity.exe
HKCU-Run-guljoiyx - c:\documents and settings\All Users\Data aplikací\guljoiyx.dat
HKLM-Run-wpsfng - c:\documents and settings\All Users\wpsfng.exe
HKLM-Run-updatesvc - c:\documents and settings\Nikola Havlíčková\Data aplikací\Microsoft\Windows\updater.exe
MSConfigStartUp-ICQ - ~c:\program files\ICQ6\ICQ.exe
AddRemove-MediaPlayerV1alpha271 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha271\uninstall.exe
AddRemove-MediaViewerV1alpha242 - c:\program files\MediaViewerV1\MediaViewerV1alpha242\uninstall.exe
AddRemove-MediaWatchV1home2342 - c:\program files\MediaWatchV1\MediaWatchV1home2342\uninstall.exe
AddRemove-Video Player - c:\program files\VideoPlayerV3\VideoPlayerV3beta170\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha50\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-15 08:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-746137067-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7240)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\documents and settings\Nikola Havlíčková\Local Settings\Data aplikací\Udmedia\MxAutoUpdate.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\regsvr32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\LemurLeap\bin\FilterApp_C.exe
c:\program files\LemurLeap\bin\XTLSApp.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\dwwin.exe
c:\program files\Google\Update\Install\{8CB976CD-F6EB-43C4-8322-8C4897EAB48F}\34.0.1847.116_33.0.1750.154_chrome_updater.exe
c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_AA050.tmp\setup.exe
.
**************************************************************************
.
Celkový čas: 2014-04-15 09:05:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-15 07:04
.
Před spuštěním: Volných bajtů: 45 339 832 320
Po spuštění: Volných bajtů: 45 840 097 280
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1D59D323F7014A0349355CF298B4D8AE
413FC2A0C716421B3158746D63736515

#2 Příspěvek od **Márty84** » 15 dub 2014 09:48

Zdravim

Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy a ja ted muzu tak akorat varit z vody, jak se rika

Zkusim se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty.

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.stahuj.centrum.cz/utility_a_ ... i-malware/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

3.5. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Kontrola logu z ComboFix

Kontrola logu z ComboFix

Re: Kontrola logu z ComboFix