Pomaly PC a stale pretazeny procak 1

[Stix]

Zdravim Vas,mam rovnaky problem,akurat mne pc pretazy hocikedy,nie len ked odidem,dnes to azcalo,vcera som pri stahovani jedneho programu vypol nod,co bola asi velka blbost a kvoli tomus a mi toto deje,proste mi absolutne zmrzne pc a po zhruba 5 minutach ho restaruje,vatezenie je tiez velke,pri defragmentacii disku to bolo napr 90% a viac,teraz je akurat 37% a to nemam nic pustene,ram je na 54%,ale stale to samozrejme beha.Teraz ale napr je vsetko v pohode,10-25%,rams tale nad 40%.Notebook acer aspire 7720-1,8 GHz procesor,2gb ram,nvidia geforce 8400 M GS.Vazne vas prosim o pomoc,nechcem prist o data a v predchadzajucom probleme som nerozumel viacerim popisom prace,takze by som bol velmi vdacny za jednoduchsie spresnenie,dakujem velmi pekne.

[JaRon]

ahoj,
vypni NOD a prescanuj PC s AVPTool - vysledny log o najdenych infiltraciach vloz sem

[Pavuk29]

Zdravim Vas,mam rovnaky problem,akurat mne pc pretazy hocikedy,nie len ked odidem,dnes to azcalo,vcera som pri stahovani jedneho programu vypol nod,co bola asi velka blbost a kvoli tomus a mi toto deje,proste mi absolutne zmrzne pc a po zhruba 5 minutach ho restaruje,vatezenie je tiez velke,pri defragmentacii disku to bolo napr 90% a viac,teraz je akurat 37% a to nemam nic pustene,ram je na 54%,ale stale to samozrejme beha.Teraz ale napr je vsetko v pohode,10-25%,rams tale nad 40%.Notebook acer aspire 7720-1,8 GHz procesor,2gb ram,nvidia geforce 8400 M GS.Vazne vas prosim o pomoc,nechcem prist o data a v predchadzajucom probleme som nerozumel viacerim popisom prace,takze by som bol velmi vdacny za jednoduchsie spresnenie,dakujem velmi pekne.

Offtopic:
Poprosim Ta, vo vlastnom zaujme, trosku kultivovanejsi prejav, aspon medzery zavse pouzi a obmedz preklepy, ked uz pravopis neexistuje. Ak by kolega JaRon vychrlil na Teba odpoved takouto formou, asi by si nebol nadseny.
Dakujem.

[Stix]

Zdravim,preskenoval som cely notebook tak ako ste mi poradili,vysledny scan ma 180 Mb,je to normalne?A ospravedlnujem sa za preklepy v predchadzajucom prispevku.

[JaRon]

ano ten log byva velky - zaujima ma skor ci nieco naslo a ci to vyliecilo ,,,
toto byva na poslednej strane tohto dlheho logu

[Stix]

Tak Vam sem skopirujem nejaky ten koniec?Inac uploadujem to na uloz.to,ale to uz asi moc komplikovane kvoli tej velkosti.

[JaRon]

skus poslednu 1-2 strany

[Stix]

Som v koncoch,notebook mi nezvladne ani len otvorit poznamkovy blok alebo word,jedine co ma napada je ze by som to uploadol na uloz.to,mimochodom,ked ste sa pytali ci nieco naslo a vyliecilo,tak toto je vlastne 3. sken ale jediny,ktory sa vydaril,predchadzajuce dva nieco nasli a ja som dal vyliecit,ale skeny sa nedokoncili kvoli tomu,ze pc sa vypol z pretazenia,ci ako to mam nazvat.

[JaRon]

- kludne ten log niekde uploadni
- prescanuj PC s MBAM - rychla kontrola - log vloz

[Stix]

Nech sa paci,tu je ten log http://uloz.to/x5xbbjeW/scan-txt
a akurat prebieha sken MBAM,hned ako bude hotovy prilozim report.

[Stix]

Tu je sprava s vysledkami z MBAM:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
http://www.malwarebytes.org

Verzia databázy: v2014.01.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Paťo :: PC29402 [administrátor]

Ochrana: Zapnuté

29. 1. 2014 15:39:28
MBAM-log-2014-01-29 (15-52-30).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 222418
Uplynutý čas: 10 min, 15 sek

Detegované služby pamäte: 1
C:\Windows\inf\mncuttseh\mncuttseh.exe (Trojan.BitMiner) -> 4400 -> Žiadna úloha nevykonaná.

Detegované moduly pamäte: 4
C:\Windows\inf\mncuttseh\libcurl-4.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\libeay32.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\ssleay32.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\zlib1.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSStp (Malware.Trace) -> Dáta: C:\Windows\system32\msstp.vbe -> Žiadna úloha nevykonaná.

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 2
C:\Windows\inf\mncuttseh (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\bitstreams (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.

Detegované súbory: 16
C:\Windows\inf\mncuttseh\mncuttseh.exe (Trojan.BitMiner) -> Žiadna úloha nevykonaná.
C:\Windows\System32\msstp.vbe (Malware.Trace) -> Žiadna úloha nevykonaná.
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\diablo130302.cl (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\diakgcn121016.cl (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\libcurl-4.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\libeay32.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\libidn-11.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\librtmp.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\libssh2.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\phatk121016.cl (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\poclbm130302.cl (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\scrypt130511.cl (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\ssleay32.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\zlib1.dll (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.
C:\Windows\inf\mncuttseh\bitstreams\fpgaminer_top_fixed7_197MHz.ncd (Trojan.Agent.BCM) -> Žiadna úloha nevykonaná.

(koniec)


Vazera to tak ze je tam toho hodne,dal som to odstranit,restartovalo mi to notebook,uz je to lepsie,no stale mam pocit ze pred tim to bolo lepsie.

[JaRon]

vyborne - pokracujeme
najprv prescanuj s http://www.sophos.com/en-us/products/fr ... d-now.aspx
+
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[Stix]

Preskenoval som to so Sophosom,naslo nejake 2 virusy,dal som ich odstranit ale report mi neukazalo.
Potom som pokracoval s Combofixom,tu je report:
ComboFix 14-01-29.01 - Paťo . 01. 2014 11:53:45.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2046.1107 [GMT 1:00]
Running from: c:\users\Paťo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-30 )))))))))))))))))))))))))))))))
.
.
2014-01-30 11:05 . 2014-01-30 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-30 08:59 . 2014-01-30 09:00 -------- d-----w- c:\programdata\Sophos
2014-01-30 08:59 . 2014-01-30 08:59 -------- d-----w- c:\program files\Sophos
2014-01-29 18:22 . 2014-01-29 18:22 -------- d-----w- c:\program files\GamePark
2014-01-29 14:36 . 2014-01-29 14:36 -------- d-----w- c:\programdata\Malwarebytes
2014-01-29 14:36 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-29 10:05 . 2014-01-29 10:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D447E8-D48D-458A-9523-041077EBE4C3}\offreg.dll
2014-01-29 10:04 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D447E8-D48D-458A-9523-041077EBE4C3}\mpengine.dll
2014-01-28 16:21 . 2014-01-28 08:36 133208 ----a-w- c:\windows\system32\drivers\68687665.sys
2014-01-28 08:36 . 2014-01-28 08:36 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-26 12:13 . 2014-01-26 20:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-26 12:12 . 2014-01-26 20:45 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-26 12:12 . 2014-01-26 20:45 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-23 22:37 . 2014-01-23 22:37 -------- d-----w- C:\Scenario
2014-01-10 08:48 . 2014-01-10 08:48 -------- d-----w- c:\program files\PowerQuest
2014-01-08 20:11 . 2014-01-08 20:12 -------- d-----w- C:\ExpertPlus
2014-01-07 08:28 . 2014-01-09 09:29 -------- d-----w- c:\program files\Common Files\InstallShield
2014-01-07 08:20 . 2014-01-07 08:20 -------- d-----w- c:\program files\PANDORA.TV
2014-01-07 00:24 . 2014-01-07 00:24 -------- d-----w- c:\program files\3DO
2014-01-07 00:24 . 2014-01-07 00:24 -------- d-----w- c:\program files\Common Files\3DO Shared
2014-01-07 00:22 . 2014-01-07 00:22 -------- d-----w- c:\program files\directx
2014-01-07 00:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2014-01-06 13:58 . 2014-01-06 13:58 -------- d-----w- c:\programdata\LogMeIn
2014-01-06 13:57 . 2014-01-06 13:57 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-01-06 08:14 . 2014-01-06 08:14 -------- d-----w- c:\programdata\Oracle
2014-01-06 08:02 . 2014-01-06 08:02 -------- d-----w- c:\program files\Common Files\Java
2014-01-06 08:01 . 2014-01-06 08:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-06 08:01 . 2014-01-06 08:01 -------- d-----w- c:\program files\Java
2014-01-06 07:58 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2014-01-06 07:58 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2014-01-06 07:58 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2014-01-05 23:27 . 2013-08-11 14:40 43520 --s-a-w- c:\windows\system32\nircmdc.exe
2014-01-05 23:11 . 2014-01-05 23:11 1 ----a-w- c:\windows\system32\SI.bin
2014-01-05 17:17 . 2014-01-26 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-01-05 09:24 . 2014-01-06 13:15 -------- d-----w- c:\windows\system32\Macromed
2014-01-05 09:23 . 2014-01-05 09:24 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-05 08:27 . 2014-01-05 08:27 -------- d-----w- c:\program files\TeamViewer
2014-01-04 22:49 . 2014-01-04 22:54 -------- d-----w- c:\program files\Google
2014-01-04 15:31 . 2014-01-04 15:39 -------- d-----w- C:\VTRoot
2014-01-04 15:31 . 2014-01-05 07:48 1709494 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-01-04 15:08 . 2014-01-04 15:09 -------- d-s---w- c:\programdata\Shared Space
2014-01-04 15:07 . 2014-01-04 15:07 -------- d-----w- c:\program files\COMODO
2014-01-04 15:07 . 2014-01-04 15:09 -------- d-----w- c:\programdata\Comodo
2014-01-04 15:07 . 2014-01-04 15:07 -------- d-----w- c:\programdata\Comodo Downloader
2014-01-04 14:56 . 2014-01-04 14:56 -------- d-----w- c:\program files\ESET
2014-01-04 10:54 . 2014-01-04 10:54 81408 ----a-w- c:\windows\system32\dfboottime.exe
2014-01-04 10:54 . 2014-01-04 10:54 -------- d-----w- c:\program files\Defraggler
2014-01-04 10:52 . 2014-01-04 10:52 -------- d-----w- c:\program files\CCleaner
2014-01-04 00:56 . 2014-01-04 00:56 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-01-04 00:56 . 2014-01-04 00:57 -------- d-----w- c:\program files\Microsoft SQL Server
2014-01-04 00:56 . 2014-01-04 00:56 -------- d-----w- c:\windows\PCHEALTH
2014-01-04 00:53 . 2014-01-04 00:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-01-04 00:53 . 2014-01-04 00:59 -------- d-----w- c:\programdata\Microsoft Help
2014-01-04 00:52 . 2014-01-04 00:52 -------- d-----r- C:\MSOCache
2014-01-04 00:50 . 2014-01-04 00:50 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-04 00:50 . 2014-01-04 00:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-01-04 00:49 . 2014-01-04 00:51 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-01-04 00:42 . 2013-11-14 11:59 955168 ----a-w- c:\windows\system32\nvspcap.dll
2014-01-04 00:41 . 2014-01-04 00:41 -------- d-----w- c:\program files\AGEIA Technologies
2014-01-04 00:40 . 2014-01-04 00:47 -------- d-----w- c:\programdata\NVIDIA
2014-01-04 00:40 . 2014-01-04 00:40 -------- d-----w- c:\users\UpdatusUser
2014-01-04 00:40 . 2013-11-11 14:26 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2014-01-04 00:40 . 2013-11-11 14:26 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2014-01-04 00:40 . 2013-11-11 14:26 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2014-01-04 00:40 . 2013-11-11 14:26 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-01-04 00:40 . 2013-11-11 14:26 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-01-04 00:40 . 2013-11-11 14:26 209184 ----a-w- c:\windows\system32\nvmctray.dll
2014-01-04 00:40 . 2013-11-14 11:58 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-01-04 00:39 . 2014-01-05 00:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-01-04 00:34 . 2014-01-04 00:57 -------- d-----w- c:\program files\Microsoft.NET
2014-01-04 00:34 . 2014-01-30 08:59 -------- d-sh--w- c:\windows\Installer
2014-01-04 00:29 . 2014-01-04 00:42 -------- d-----w- c:\program files\NVIDIA Corporation
2014-01-04 00:00 . 2013-12-18 05:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-03 23:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2014-01-03 23:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-01-03 23:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-01-03 23:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 23:51 . 2014-01-03 23:51 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-03 18:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-03 18:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-01-03 18:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-03 18:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-01-03 18:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-01-03 18:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-01-03 18:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-01-03 18:49 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-03 18:49 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-01-03 18:45 . 2014-01-27 08:55 -------- d-----w- c:\users\Paťo
2014-01-03 18:45 . 2014-01-03 18:45 -------- d-----w- C:\Recovery
2014-01-03 18:36 . 2014-01-04 10:56 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-30 08:59 . 2014-01-30 08:59 73728 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-30 08:59 . 2014-01-30 08:59 73728 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-26 20:46 . 2014-01-26 12:13 22328 ----a-w- c:\users\Paťo\AppData\Roaming\PnkBstrK.sys
2014-01-26 20:46 . 2014-01-26 12:13 22328 ----a-w- c:\users\Paťo\AppData\Roaming\PnkBstrK.sys
2014-01-07 08:35 . 2014-01-07 08:35 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2014-01-07 08:35 . 2014-01-07 08:35 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2013-11-14 10:38 . 2013-11-14 10:38 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 10:38 . 2013-11-14 10:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-12-17 4370712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
"mncuttsehSrv"="c:\windows\inf\mncuttseh.vbe" [2014-01-19 1342]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Startovanie procesu.lnk - c:\expertplus\service\serverStarter.bat [2014-1-8 276]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 68687665;68687665;c:\windows\system32\DRIVERS\68687665.sys [2014-01-28 133208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-11-14 582936]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-04 243128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-11 1616208]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MBAMService;MBAMService;d:\software\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 09:32 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-04 22:49]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-04 22:49]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Paťo\AppData\Roaming\Mozilla\Firefox\Profiles\g3qpcltd.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-msewvcSrv - c:\windows\inf\msewvc.vbe
c:\users\Paťo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_68687665.lnk - c:\users\Paťo\AppData\Local\Temp\_uninst_68687665.bat
AddRemove-{8F547732-EF13-AA88-2BC7-ECB617D2772C}_is1 - d:\hry\Heroes of Might and Magic V\Fraps 3.5.9 CZ pln verze!!! - by kopiha\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\guard32.dll
.
Completion time: 2014-01-30 12:08:33
ComboFix-quarantined-files.txt 2014-01-30 11:08
.
Pre-Run: 37 303 119 872 bytes free
Post-Run: 36 980 649 984 bytes free
.
- - End Of File - - 3BEB759A8BBF9DD11674E563B532B69D
A36C5E4F47E84449FF07ED3517B43A31

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mncuttsehSrv"=-

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

+ este k logu AVPTool
- daj vyhladat nasledovne subory msqerol.exe, mslmvqm.exe, mslivyg.exe, msdjixf.exe - ak existuju ZMAZ

[Stix]

Tak,naslo mi subory msqerol.exe, mslmvqm.exe a msdjixf.exe,mslivyg.exe nenaslo ,tie co naslo som vymazal,no pytalo odomna povolenie správcu.
Presunul som ten textovy subor na ikonu combofix a akurat skenuje ale od stage 48 to ide dost pomaly.