VIRY.CZ

Prikladam report z dokonceneho Combofix skenu:
ComboFix 14-01-29.01 - Paťo . 01. 2014 19:02:25.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2046.696 [GMT 1:00]
Running from: c:\users\PaŁo\Desktop\ComboFix.exe
Command switches used :: c:\users\PaŁo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-30 )))))))))))))))))))))))))))))))
.
.
2014-01-30 18:58 . 2014-01-30 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-29 18:22 . 2014-01-29 18:22 -------- d-----w- c:\program files\GamePark
2014-01-29 14:36 . 2014-01-29 14:36 -------- d-----w- c:\programdata\Malwarebytes
2014-01-29 14:36 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-29 10:05 . 2014-01-29 10:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D447E8-D48D-458A-9523-041077EBE4C3}\offreg.dll
2014-01-29 10:04 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D447E8-D48D-458A-9523-041077EBE4C3}\mpengine.dll
2014-01-28 16:21 . 2014-01-28 08:36 133208 ----a-w- c:\windows\system32\drivers\68687665.sys
2014-01-28 08:36 . 2014-01-28 08:36 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-26 12:13 . 2014-01-26 20:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-26 12:12 . 2014-01-26 20:45 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-26 12:12 . 2014-01-26 20:45 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-23 22:37 . 2014-01-23 22:37 -------- d-----w- C:\Scenario
2014-01-10 08:48 . 2014-01-10 08:48 -------- d-----w- c:\program files\PowerQuest
2014-01-08 20:11 . 2014-01-08 20:12 -------- d-----w- C:\ExpertPlus
2014-01-07 08:28 . 2014-01-09 09:29 -------- d-----w- c:\program files\Common Files\InstallShield
2014-01-07 08:20 . 2014-01-07 08:20 -------- d-----w- c:\program files\PANDORA.TV
2014-01-07 00:24 . 2014-01-07 00:24 -------- d-----w- c:\program files\3DO
2014-01-07 00:24 . 2014-01-07 00:24 -------- d-----w- c:\program files\Common Files\3DO Shared
2014-01-07 00:22 . 2014-01-07 00:22 -------- d-----w- c:\program files\directx
2014-01-07 00:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2014-01-06 13:58 . 2014-01-06 13:58 -------- d-----w- c:\programdata\LogMeIn
2014-01-06 13:57 . 2014-01-06 13:57 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-01-06 08:14 . 2014-01-06 08:14 -------- d-----w- c:\programdata\Oracle
2014-01-06 08:02 . 2014-01-06 08:02 -------- d-----w- c:\program files\Common Files\Java
2014-01-06 08:01 . 2014-01-06 08:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-06 08:01 . 2014-01-06 08:01 -------- d-----w- c:\program files\Java
2014-01-06 07:58 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2014-01-06 07:58 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2014-01-06 07:58 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2014-01-05 23:27 . 2013-08-11 14:40 43520 --s-a-w- c:\windows\system32\nircmdc.exe
2014-01-05 23:11 . 2014-01-05 23:11 1 ----a-w- c:\windows\system32\SI.bin
2014-01-05 17:17 . 2014-01-26 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-01-05 09:24 . 2014-01-06 13:15 -------- d-----w- c:\windows\system32\Macromed
2014-01-05 09:23 . 2014-01-05 09:24 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-05 08:27 . 2014-01-05 08:27 -------- d-----w- c:\program files\TeamViewer
2014-01-04 22:49 . 2014-01-04 22:54 -------- d-----w- c:\program files\Google
2014-01-04 15:31 . 2014-01-04 15:39 -------- d-----w- C:\VTRoot
2014-01-04 15:31 . 2014-01-05 07:48 1709494 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-01-04 15:08 . 2014-01-04 15:09 -------- d-s---w- c:\programdata\Shared Space
2014-01-04 15:07 . 2014-01-04 15:07 -------- d-----w- c:\program files\COMODO
2014-01-04 15:07 . 2014-01-04 15:09 -------- d-----w- c:\programdata\Comodo
2014-01-04 15:07 . 2014-01-04 15:07 -------- d-----w- c:\programdata\Comodo Downloader
2014-01-04 14:56 . 2014-01-04 14:56 -------- d-----w- c:\program files\ESET
2014-01-04 10:54 . 2014-01-04 10:54 81408 ----a-w- c:\windows\system32\dfboottime.exe
2014-01-04 10:54 . 2014-01-04 10:54 -------- d-----w- c:\program files\Defraggler
2014-01-04 10:52 . 2014-01-04 10:52 -------- d-----w- c:\program files\CCleaner
2014-01-04 00:56 . 2014-01-04 00:56 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-01-04 00:56 . 2014-01-04 00:57 -------- d-----w- c:\program files\Microsoft SQL Server
2014-01-04 00:56 . 2014-01-04 00:56 -------- d-----w- c:\windows\PCHEALTH
2014-01-04 00:53 . 2014-01-04 00:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-01-04 00:53 . 2014-01-04 00:59 -------- d-----w- c:\programdata\Microsoft Help
2014-01-04 00:52 . 2014-01-04 00:52 -------- d-----r- C:\MSOCache
2014-01-04 00:50 . 2014-01-04 00:50 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-04 00:50 . 2014-01-04 00:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-01-04 00:49 . 2014-01-04 00:51 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-01-04 00:42 . 2013-11-14 11:59 955168 ----a-w- c:\windows\system32\nvspcap.dll
2014-01-04 00:41 . 2014-01-04 00:41 -------- d-----w- c:\program files\AGEIA Technologies
2014-01-04 00:40 . 2014-01-04 00:47 -------- d-----w- c:\programdata\NVIDIA
2014-01-04 00:40 . 2014-01-04 00:40 -------- d-----w- c:\users\UpdatusUser
2014-01-04 00:40 . 2013-11-11 14:26 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2014-01-04 00:40 . 2013-11-11 14:26 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2014-01-04 00:40 . 2013-11-11 14:26 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2014-01-04 00:40 . 2013-11-11 14:26 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-01-04 00:40 . 2013-11-11 14:26 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-01-04 00:40 . 2013-11-11 14:26 209184 ----a-w- c:\windows\system32\nvmctray.dll
2014-01-04 00:40 . 2013-11-14 11:58 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-01-04 00:39 . 2014-01-05 00:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-01-04 00:34 . 2014-01-04 00:57 -------- d-----w- c:\program files\Microsoft.NET
2014-01-04 00:34 . 2014-01-30 08:59 -------- d-sh--w- c:\windows\Installer
2014-01-04 00:29 . 2014-01-04 00:42 -------- d-----w- c:\program files\NVIDIA Corporation
2014-01-04 00:00 . 2013-12-18 05:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-03 23:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2014-01-03 23:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-01-03 23:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-01-03 23:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 23:51 . 2014-01-03 23:51 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-03 18:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-03 18:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-01-03 18:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-03 18:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-01-03 18:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-01-03 18:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-01-03 18:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-01-03 18:49 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-03 18:49 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-01-03 18:45 . 2014-01-27 08:55 -------- d-----w- c:\users\Paťo
2014-01-03 18:45 . 2014-01-03 18:45 -------- d-----w- C:\Recovery
2014-01-03 18:36 . 2014-01-04 10:56 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-30 08:59 . 2014-01-30 08:59 73728 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-30 08:59 . 2014-01-30 08:59 73728 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-26 20:46 . 2014-01-26 12:13 22328 ----a-w- c:\users\Paťo\AppData\Roaming\PnkBstrK.sys
2014-01-26 20:46 . 2014-01-26 12:13 22328 ----a-w- c:\users\Paťo\AppData\Roaming\PnkBstrK.sys
2014-01-07 08:35 . 2014-01-07 08:35 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2014-01-07 08:35 . 2014-01-07 08:35 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2014-01-07 08:35 . 2014-01-07 08:35 45056 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2013-11-14 10:38 . 2013-11-14 10:38 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 10:38 . 2013-11-14 10:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-12-17 4370712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
"mncuttsehSrv"="c:\windows\inf\mncuttseh.vbe" [2014-01-19 1342]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Startovanie procesu.lnk - c:\expertplus\service\serverStarter.bat [2014-1-8 276]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 68687665;68687665;c:\windows\system32\DRIVERS\68687665.sys [2014-01-28 133208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-11-14 582936]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-04 243128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-11 1616208]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MBAMService;MBAMService;d:\software\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 09:32 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-04 22:49]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-04 22:49]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.2 208.67.220.220
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Paťo\AppData\Roaming\Mozilla\Firefox\Profiles\g3qpcltd.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4280)
c:\windows\system32\guard32.dll
.
Completion time: 2014-01-30 20:01:40
ComboFix-quarantined-files.txt 2014-01-30 19:01
ComboFix2.txt 2014-01-30 11:08
.
Pre-Run: 36 987 387 904 bytes free
Post-Run: 36 994 031 616 bytes free
.
- - End Of File - - 4820AEAF14FDED37F1BE2C01D400254F
A36C5E4F47E84449FF07ED3517B43A31

Skusal som textovy subor CFScript preniest podla rady aj na AVP Tool,lenze nerozumiem ako ma ten program rpacovat,stiahol som ho a mam ho na ploche,no to je stale instalacka,po otvoreni nabehnu nejake nacitania a bez instalacie mi vybehne hned ci chcem skenovat a taketo tie veci tam co su,no a ked som preniesol ten textovy subor,tak ako keby som len zapol AVP-cko,teda nic len zaplo program.Mam dat normalne skenovat?
Pravdepodobne su moje otazky blbe,ale nechcem nic zvorat a nejak sa nevyznam.Dakujem za trezlivost.

vsetko je na dobrej ceste ,,,
- ak existuje subor c:\windows\inf\mncuttseh.vbe , tak ho ZMAZ
- prescanuj PC s MBAM - kompletna kontrola
- napis, ci su este problemy

Oskenovane s MBAM report tu:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.01.31.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Paťo :: PC29402 [administrátor]

Ochrana: Zapnuté

31. 1. 2014 15:59:02
mbam-log-2014-01-31 (15-59-02).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 402079
Uplynutý čas: 1 hod, 31 min, 31 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 7
C:\ProgramData\Comodo\Cis\Quarantine\data\{166DD07C-915F-4ACD-BA77-5ED4D095BDC3} (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Comodo\Cis\Quarantine\data\{4061C898-61E3-4F6A-AD0F-6A8C66C2E846} (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Paťo\Desktop\Hry-C\Call of Duty 4 - Modern Warfare\KeyGen\PC_DOX-Call.Of.Duty.4.KeyGen-Razor1911.exe (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Paťo\Desktop\Hry-C\Call of Duty 4 - Modern Warfare\KeyGen\rzr-cod4.exe (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\VTRoot\HarddiskVolume3\Hry\CoD4\Call of Duty 4 - Modern Warfare\KeyGen\PC_DOX-Call.Of.Duty.4.KeyGen-Razor1911.exe (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\VTRoot\HarddiskVolume3\Hry\CoD4\Call of Duty 4 - Modern Warfare\KeyGen\rzr-cod4.exe (Trojan.Agent.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Windows\inf\mslivtg\mslivtg.exe (BitcoinMiner) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

Vymazal som detekovane subory,restartoval notebook.
Nasiel som c:\windows\inf\mncuttseh.vbe,vymazane,problemy uz niesu,notebookk slape ako pred tim,akurat nerozumiem preco znova detekovalo nejake subroy,kedze uz som ich pred tim vymazal.

- ComboFix premenuj na uninstall a spust - prebehne odinstalovanie
- vsetky ostatne programy pouzite pri odvirovani odinstaluj prip. zmaz
- ukaz sa za 2-3 tyzdne na preventivku
tot vsio

Som vám nesmierne vďačný.Zatiaľ sa majte pekne.

rado sa stalo

VIRY.CZ

Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1

Re: Pomaly PC a stale pretazeny procak 1