Malwarebytes anti-malware hlási napadnutie Vyřešeno

[cobr4in]

Som si istý, že takto je to prehľadnejšie, než v pekne oddelených .txt súboroch.

[Reklama]

[guest]

A proč musíš čekat 12 hodin?

[cobr4in]

Pretože normálne trvá 12 hodín, kým Ti nastavenie fóra dovolí pridať nový príspevok, resp. 12 hodín trvá fungovanie autoeditácie príspevku. V tejto sekcii je to zrejme upravené, čo som nevedel.

[guest]

Tak toho jsem si nikdy nevšiml, logy sem dávám normálně.

[cobr4in]

Veď aj ja, ale tento bol príliš dlhý, tak to nešlo.

[bledulka]

Ahoj,
než projdu log, našel mbam něco při kontrole?

[cobr4in]

Tu sú výsledky, ale IMHO nič --> viewtopic.php?f=70&t=86861

[bledulka]

A co ta klávesnice, všechno je ok?

[cobr4in]

Zatiaľ áno. Ale všimol som si, že počas minimalizovania hry to zase blblo, takže zrejme to bolo záťažou PC (procák bol možno na 40%, RAM vyťažených 4GB).

[bledulka]

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[cobr4in]

ComboFix 12-05-28.05 - CoBain_SK . 05. 2012 23:49:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8167.6386 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpDC88.tmp
c:\windows\SysWow64\tmpDC89.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 21:51 . 2012-05-28 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 11:20 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{382A51C4-55F3-4478-83B3-2EF165E9ACDE}\mpengine.dll
2012-05-27 12:15 . 2012-05-27 12:15 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 12:15 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 10:50 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-23 00:52 . 2012-05-23 00:52 -------- d-sh--w- c:\windows\ftpcache
2012-05-22 19:40 . 2012-05-22 19:48 -------- d-----w- c:\programdata\NVIDIA
2012-05-22 19:40 . 2012-05-22 19:40 -------- d-----w- c:\users\UpdatusUser
2012-05-22 19:40 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-22 19:37 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-22 19:37 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-22 19:37 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-22 19:37 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-22 19:37 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-22 19:37 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-22 19:37 . 2012-05-22 19:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\windows\Sun
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Oracle
2012-05-20 20:07 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-20 20:07 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Java
2012-05-19 11:45 . 2012-05-19 12:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-19 11:02 . 2012-05-20 09:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-17 09:45 . 2012-05-16 11:49 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-05-17 06:05 . 2012-05-26 01:13 1752 ----a-w- C:\user.js
2012-05-17 06:05 . 2012-05-17 06:05 -------- d-----w- c:\programdata\Babylon
2012-05-10 04:17 . 2012-05-10 04:17 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 04:17 . 2012-05-10 04:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-08 16:07 . 2012-05-08 16:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 16:07 . 2012-05-08 16:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 16:07 . 2012-05-08 16:07 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-08 16:07 . 2012-05-08 16:07 -------- d-----w- c:\windows\system32\Macromed
2012-05-08 14:27 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2012-05-08 14:27 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2012-05-07 18:20 . 2012-05-07 18:20 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-06 20:50 . 2007-12-10 00:00 55808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ZIMFPRNT.DLL
2012-05-06 20:50 . 2012-05-06 20:50 -------- d-----w- c:\program files\HP
2012-05-06 20:50 . 2007-12-10 00:00 49664 ----a-w- c:\windows\system32\ZTAG.DLL
2012-05-06 20:50 . 2007-12-10 00:00 127488 ----a-w- c:\windows\system32\ZSPOOL.DLL
2012-05-06 20:50 . 2007-12-10 00:00 61952 ----a-w- c:\windows\system32\ZIMF.DLL
2012-05-06 20:50 . 2007-12-10 00:00 567808 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-05-06 20:50 . 2007-12-10 00:00 115200 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-05-05 20:50 . 2012-05-05 20:50 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2012-05-05 20:50 . 2012-05-05 20:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-04 22:22 . 2012-05-26 20:25 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-04 22:21 . 2012-05-04 22:21 -------- d-----w- c:\programdata\EA Core
2012-05-04 22:21 . 2012-05-05 13:41 -------- d-----w- c:\programdata\EA Logs
2012-05-04 21:30 . 2012-05-04 21:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 21:29 . 2012-05-04 21:32 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-05-04 20:03 . 2012-05-04 13:14 -------- d-----w- c:\windows\Panther
2012-05-04 19:57 . 2012-05-04 19:57 -------- d-----w- c:\program files (x86)\Futuremark
2012-05-04 19:32 . 2012-05-04 19:33 -------- d-----w- c:\program files\Core Temp
2012-05-04 18:17 . 2011-05-23 21:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-05-04 18:17 . 2011-05-23 21:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-05-04 17:14 . 2012-05-04 17:14 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-04 17:11 . 2012-05-16 13:53 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-04 16:41 . 2012-05-08 14:51 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-04 16:41 . 2012-05-08 14:51 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-04 16:41 . 2012-05-08 14:51 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-04 16:41 . 2012-05-08 14:51 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 16:41 . 2012-05-04 16:41 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-04 16:40 . 2008-01-11 10:20 192512 ----a-w- c:\windows\system\CMGxSrv.dll
2012-05-04 16:40 . 2007-12-19 02:41 20480 ----a-w- c:\windows\system\CMGxMon.exe
2012-05-04 16:40 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3d.dll
2012-05-04 16:40 . 2012-05-08 14:51 -------- d-----w- c:\program files\ASUS Xonar DX Audio
2012-05-04 16:40 . 2011-02-24 14:52 805376 ------w- c:\windows\system32\Cmeauoxy.exe
2012-05-04 16:40 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2012-05-04 16:09 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-04 16:09 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-04 16:09 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-04 16:09 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-04 16:09 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-04 16:09 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-04 16:09 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-04 16:09 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-05-04 16:09 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-05-04 16:09 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-05-04 16:09 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-05-04 16:08 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-04 16:08 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-04 16:08 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-05-04 16:08 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-05-04 16:08 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-05-04 16:08 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-04 16:08 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-05-04 15:58 . 2012-05-04 15:58 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-04 15:58 . 2012-05-04 15:58 -------- d-----w- c:\windows\system32\Wat
2012-05-04 15:57 . 2012-05-04 15:57 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-04 15:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-04 15:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-04 15:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-04 15:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-04 15:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-04 15:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-04 15:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-04 15:37 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-04 15:37 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-04 15:36 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-04 15:36 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-04 15:32 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-04 15:31 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-05-04 15:30 . 2012-05-04 15:30 -------- d-----w- c:\program files\ASUS
2012-05-04 15:30 . 2011-10-07 09:34 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2012-05-04 15:30 . 2008-12-02 18:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2012-05-04 15:29 . 2012-05-04 15:29 -------- d-----w- c:\programdata\ASUS
2012-05-04 15:29 . 2011-10-07 09:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2012-05-04 15:29 . 2011-10-07 09:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-05-04 15:29 . 2012-05-04 15:29 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-05-04 15:28 . 2012-05-04 15:30 -------- d-----w- c:\program files (x86)\ASUS
2012-05-04 15:28 . 2011-10-07 09:34 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-05-04 15:28 . 2011-10-07 09:34 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-05-04 15:28 . 2011-06-29 08:51 171688 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-05-04 15:27 . 2012-05-04 15:27 -------- d-----w- c:\program files\Intel
2012-05-04 15:24 . 2011-07-20 07:37 342704 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-05-04 15:24 . 2011-06-29 23:13 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2012-05-04 15:24 . 2011-06-15 23:02 98496 ----a-w- c:\windows\system32\NicInstC.dll
2012-05-04 15:24 . 2009-05-26 08:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2012-05-04 15:22 . 2012-05-04 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9438564-EBD0-46CE-9910-B3B04F241E72}\gapaengine.dll
2012-05-04 15:13 . 2012-05-04 15:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-04 15:13 . 2012-05-04 15:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 14:45 . 2009-08-19 14:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-05-04 14:45 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-05-04 14:30 . 2012-05-04 14:31 -------- d-----w- c:\programdata\Origin
2012-05-04 14:30 . 2012-05-04 14:30 -------- d-----w- c:\program files (x86)\Origin Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\programy\Origin\Origin.exe" [2012-05-28 3407496]
"Steam"="d:\programy\Steam\steam.exe" [2012-05-04 1242448]
"Dxtory Update Checker 2.0"="d:\programy\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 136176]
R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 ALSysIO;ALSysIO;c:\users\COBAIN~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-10-07 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-07 586880]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 16:07]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 13:24]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 13:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
Trusted Zone: ukf.sk
Trusted Zone: ukf.sk
TCP: DhcpNameServer = 192.168.4.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye - d:\hry\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\programy\Fraps\fraps.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Completion time: 2012-05-28 23:52:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 21:52
.
Pre-Run: 24 945 688 576 bytes free
Post-Run: 25 283 989 504 bytes free
.
- - End Of File - - 27767281DC8A8A429BB237D09A2D015D

[jaro3]

Odinstaluj:
Babylon


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

File::
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
gupdatem

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=100512_3_&babsrc=SP_ss&mntrId=86806920000000000000c8600075bac1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: ukf.sk ([]* in Důvěryhodné servery)
O15:64bit: - ..Trusted Domains: ukf.sk ([]https in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: ukf.sk ([]* in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: ukf.sk ([]https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: ukf.sk ([]* in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: ukf.sk ([]https in Důvěryhodné servery)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Users\CoBain_SK\AppData\Roaming\Babylon
C:\ProgramData\Babylon

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.1--znáš tu IP?