VIRY.CZ

SpyHuntera som pouzil, nasiel daco a poriesil, druhy check nic nenasiel, ale Esete halsi stale...
a prva cast navodu mi moc nedala, ziadne podobne nazvy, ani subory som nenasiel...

23:20:25.0028 0x0428 PSI_SVC_2 - ok
23:20:25.0400 0x0428 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:20:25.0590 0x0428 ql2300 - ok
23:20:25.0670 0x0428 [ B4DD51DD25182244B86737DC51AF2270 ...

:\Windows\system32\DRIVERS\umbus.sys
23:15:04.0629 0x0f04 umbus - ok
23:15:04.0722 0x0f04 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:15:04.0757 0x0f04 UmPass - ok
23:15:04.0915 0x0f04 ...

\scan dobehol, ale dalsie okno nebolo....

log je tu:

23:10:16.0235 0x0868 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
23:10:22.0417 0x0868 ============================================================
23:10:22.0417 0x0868 Current date / time: 2015/09/13 23:10:22.0417
23:10:22.0417 ...

stale to vyskakuje...

ComboFix 15-09-07.01 - radiboy . 09. 2015 22:35:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.3579.2030 [GMT 2:00]
Running from: c:\users\radiboy\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46 ...

scan nikde len ta hladka co je obrazok v prvom prispevku. v operacnej pamati...

vyskakuje tonpriebezne ked mam pustene PC

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 11. 9. 2015
Čas skenování: 22:03
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.11.06
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým ...

nie, okno esetu stale vyskakuje...

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\ias.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Extras logfile created on: 8. 9. 2015 21:45:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\radiboy\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 0000041b | Country: Slovenská republika ...

< *keygen* /s >
[2010/06/12 12:34:40 | 000,229,312 | ---- | M] () -- \Users\radiboy\Desktop\Corel VideoStudio Pro X3 v13.6.2.36\Keygens_Backup.rar
[2010/04/08 14:14:02 | 000,016,384 | ---- | M] () -- \Users\radiboy\Desktop\Corel VideoStudio Pro X3 v13.6.2.36\Keygen_(AGAIN)-New!\CVSP.X3_Keygen ...

OTL logfile created on: 8. 9. 2015 21:45:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\radiboy\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 0000041b | Country: Slovenská republika ...

tak to teda netusim...
je to bratov notebook, neviem, ci bol k tomu, alebo sa tam dostal inaksou cestou...

ahojte,

Eset vyhadzuje hlasku (nie pocas scanu), ze v operacnej pamati je hrozba, run32dll.exe - Win32/Ponmocup.AA
ale scan Smart security, ani Spyhununter nic neukazu.
v prilohe je obrazok toho, co Eset halsi
zacalo to ze som sa snazil odstanit nejaky cryptolocker, to sa podarilo, a ...