Malwarebytes anti-malware hlási napadnutie Vyřešeno

[cobr4in]

Combofix + script log


ComboFix 12-05-29.01 - CoBain_SK . 05. 2012 19:40:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8167.6652 [GMT 2:00]
Running from: c:\users\CoBain_SK\Desktop\ComboFix.exe
Command switches used :: c:\users\CoBain_SK\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-28 11:20 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-27 12:15 . 2012-05-27 12:15 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 12:15 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 00:52 . 2012-05-23 00:52 -------- d-sh--w- c:\windows\ftpcache
2012-05-22 19:40 . 2012-05-22 19:48 -------- d-----w- c:\programdata\NVIDIA
2012-05-22 19:40 . 2012-05-22 19:40 -------- d-----w- c:\users\UpdatusUser
2012-05-22 19:40 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-22 19:37 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-22 19:37 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-22 19:37 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-22 19:37 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-22 19:37 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-22 19:37 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-22 19:37 . 2012-05-22 19:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\windows\Sun
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Oracle
2012-05-20 20:07 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-20 20:07 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-20 20:07 . 2012-05-20 20:07 -------- d-----w- c:\program files (x86)\Java
2012-05-19 11:45 . 2012-05-19 12:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-19 11:02 . 2012-05-20 09:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-17 09:45 . 2012-05-16 11:49 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-05-17 06:05 . 2012-05-26 01:13 1752 ----a-w- C:\user.js
2012-05-17 06:05 . 2012-05-17 06:05 -------- d-----w- c:\programdata\Babylon
2012-05-10 04:17 . 2012-05-10 04:17 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 04:17 . 2012-05-10 04:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-08 16:07 . 2012-05-08 16:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 16:07 . 2012-05-08 16:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 16:07 . 2012-05-08 16:07 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-08 16:07 . 2012-05-08 16:07 -------- d-----w- c:\windows\system32\Macromed
2012-05-08 14:27 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2012-05-08 14:27 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2012-05-07 18:20 . 2012-05-07 18:20 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-06 20:50 . 2007-12-10 00:00 55808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ZIMFPRNT.DLL
2012-05-06 20:50 . 2012-05-06 20:50 -------- d-----w- c:\program files\HP
2012-05-06 20:50 . 2007-12-10 00:00 49664 ----a-w- c:\windows\system32\ZTAG.DLL
2012-05-06 20:50 . 2007-12-10 00:00 127488 ----a-w- c:\windows\system32\ZSPOOL.DLL
2012-05-06 20:50 . 2007-12-10 00:00 61952 ----a-w- c:\windows\system32\ZIMF.DLL
2012-05-06 20:50 . 2007-12-10 00:00 567808 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-05-06 20:50 . 2007-12-10 00:00 115200 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-05-05 20:50 . 2012-05-05 20:50 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2012-05-05 20:50 . 2012-05-05 20:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-04 22:22 . 2012-05-26 20:25 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-04 22:21 . 2012-05-04 22:21 -------- d-----w- c:\programdata\EA Core
2012-05-04 22:21 . 2012-05-05 13:41 -------- d-----w- c:\programdata\EA Logs
2012-05-04 21:30 . 2012-05-04 21:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 21:29 . 2012-05-04 21:32 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-05-04 20:03 . 2012-05-04 13:14 -------- d-----w- c:\windows\Panther
2012-05-04 19:57 . 2012-05-04 19:57 -------- d-----w- c:\program files (x86)\Futuremark
2012-05-04 19:32 . 2012-05-04 19:33 -------- d-----w- c:\program files\Core Temp
2012-05-04 18:17 . 2011-05-23 21:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-05-04 18:17 . 2011-05-23 21:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-05-04 17:14 . 2012-05-04 17:14 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-04 17:11 . 2012-05-16 13:53 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-04 16:41 . 2012-05-08 14:51 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-04 16:41 . 2012-05-08 14:51 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-04 16:41 . 2012-05-08 14:51 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-04 16:41 . 2012-05-08 14:51 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 16:41 . 2012-05-04 16:41 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-04 16:40 . 2008-01-11 10:20 192512 ----a-w- c:\windows\system\CMGxSrv.dll
2012-05-04 16:40 . 2007-12-19 02:41 20480 ----a-w- c:\windows\system\CMGxMon.exe
2012-05-04 16:40 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3d.dll
2012-05-04 16:40 . 2012-05-08 14:51 -------- d-----w- c:\program files\ASUS Xonar DX Audio
2012-05-04 16:40 . 2011-02-24 14:52 805376 ------w- c:\windows\system32\Cmeauoxy.exe
2012-05-04 16:40 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2012-05-04 16:09 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-04 16:09 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-04 16:09 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-04 16:09 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-04 16:09 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-04 16:09 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-04 16:09 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-04 16:09 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-05-04 16:09 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-05-04 16:09 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-05-04 16:09 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-05-04 16:08 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-04 16:08 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-04 16:08 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-05-04 16:08 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-05-04 16:08 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-05-04 16:08 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-04 16:08 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-05-04 15:58 . 2012-05-04 15:58 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-04 15:58 . 2012-05-04 15:58 -------- d-----w- c:\windows\system32\Wat
2012-05-04 15:57 . 2012-05-04 15:57 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-04 15:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-04 15:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-04 15:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-04 15:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-04 15:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-04 15:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-04 15:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-04 15:37 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-04 15:37 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-04 15:36 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-04 15:36 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-04 15:32 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-04 15:31 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-05-04 15:30 . 2012-05-04 15:30 -------- d-----w- c:\program files\ASUS
2012-05-04 15:30 . 2011-10-07 09:34 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2012-05-04 15:30 . 2008-12-02 18:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2012-05-04 15:29 . 2012-05-04 15:29 -------- d-----w- c:\programdata\ASUS
2012-05-04 15:29 . 2011-10-07 09:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2012-05-04 15:29 . 2011-10-07 09:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-05-04 15:29 . 2012-05-04 15:29 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-05-04 15:28 . 2012-05-04 15:30 -------- d-----w- c:\program files (x86)\ASUS
2012-05-04 15:28 . 2011-10-07 09:34 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-05-04 15:28 . 2011-10-07 09:34 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-05-04 15:28 . 2011-06-29 08:51 171688 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-05-04 15:27 . 2012-05-04 15:27 -------- d-----w- c:\program files\Intel
2012-05-04 15:24 . 2011-07-20 07:37 342704 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-05-04 15:24 . 2011-06-29 23:13 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2012-05-04 15:24 . 2011-06-15 23:02 98496 ----a-w- c:\windows\system32\NicInstC.dll
2012-05-04 15:24 . 2009-05-26 08:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2012-05-04 15:22 . 2012-05-04 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9438564-EBD0-46CE-9910-B3B04F241E72}\gapaengine.dll
2012-05-04 15:13 . 2012-05-04 15:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-04 15:13 . 2012-05-04 15:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 14:45 . 2009-08-19 14:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-05-04 14:45 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-05-04 14:30 . 2012-05-04 14:31 -------- d-----w- c:\programdata\Origin
2012-05-04 14:30 . 2012-05-04 14:30 -------- d-----w- c:\program files (x86)\Origin Games
2012-05-04 14:24 . 2012-05-04 19:56 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-05-04 14:21 . 2012-05-04 22:21 -------- d-----w- c:\programdata\Electronic Arts
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_21.51.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-29 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-28 16:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-28 16:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 14:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 16:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-29 14:31 31366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-29 14:31 31626 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-04 19:07 . 2012-05-29 15:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-04 19:07 . 2012-05-26 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-04 19:07 . 2012-05-26 01:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-04 19:07 . 2012-05-29 15:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 15:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-26 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-04 13:18 . 2012-05-29 14:31 4720 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2310595054-3507103353-3374046893-1000_UserData.bin
- 2012-05-28 21:51 . 2012-05-28 21:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-29 17:43 . 2012-05-29 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-24 20:52 . 2012-05-29 14:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-24 20:52 . 2012-05-28 16:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2012-05-28 11:15 617910 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 14:35 617910 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-28 11:15 107190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-29 14:35 107190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-28 21:51 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-29 17:42 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-04 16:32 . 2012-05-28 21:51 5118716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310595054-3507103353-3374046893-1000-12288.dat
+ 2012-05-04 16:32 . 2012-05-29 17:42 5118716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310595054-3507103353-3374046893-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\programy\Origin\Origin.exe" [2012-05-28 3407496]
"Steam"="d:\programy\Steam\steam.exe" [2012-05-04 1242448]
"Dxtory Update Checker 2.0"="d:\programy\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 ALSysIO;ALSysIO;c:\users\COBAIN~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-10-07 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-07 586880]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 16:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"combofix"="c:\combofix\CF1309.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
Trusted Zone: ukf.sk
Trusted Zone: ukf.sk
TCP: DhcpNameServer = 192.168.4.1
.
.
------------------------ Other Running Processes ------------------------
.
d:\programy\Fraps\fraps.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Completion time: 2012-05-29 19:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-29 17:43
ComboFix2.txt 2012-05-28 21:52
.
Pre-Run: 25 177 788 416 bytes free
Post-Run: 24 956 305 408 bytes free
.
- - End Of File - - 6A7EE5E2D83AA042BA1DE661C712152D

[Reklama]

[cobr4in]

HJT log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:47:13, on 29. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programy\Fraps\fraps.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
D:\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EADM] "D:\Programy\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Steam] "D:\Programy\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] D:\Programy\Dxtory Software\Dxtory2.0\UpdateChecker.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-2310595054-3507103353-3374046893-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.ukf.sk
O15 - Trusted Zone: *.ukf.sk (HKLM)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6333 bytes

[cobr4in]

OTL log po oprave (defaultné nastavenia, nič som nemenil ako v prípade predchádzajúceho logu v OTL)


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ukf.sk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ukf.sk\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ukf.sk\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ukf.sk\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
File E:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec1f02e5-961b-11e1-be83-806e6f6e6963}\ not found.
File E:\Directx\dxsetup.exe not found.
File/Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP folder deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
C:\Users\CoBain_SK\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CoBain_SK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 544232 bytes
->Java cache emptied: 76145 bytes
->Google Chrome cache emptied: 339379164 bytes
->Flash cache emptied: 16315 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 26889 bytes

Total Files Cleaned = 324,00 mb


OTL by OldTimer - Version 3.2.43.2 log created on 05292012_195129

Files\Folders moved on Reboot...
C:\Users\CoBain_SK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[cobr4in]

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.1--znáš tu IP?

Nepoznám, ale nepoznám žiadnu IP, vlastne ani tú svoju. Môže byť nebezpečná?

[jaro3]

to asi nebude Tvoje. , Zkontroluj si zde:
http://www.mojeip.cz/

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.



Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.1

:Files

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[cobr4in]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CoBain_SK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 57585014 bytes
->Flash cache emptied: 1739 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55,00 mb


OTL by OldTimer - Version 3.2.43.2 log created on 05292012_211815

Files\Folders moved on Reboot...
C:\Users\CoBain_SK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[jaro3]

Spusť OTL a klikni na Vyčisti.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
PC je čisté , jinak s tím útokem nic neuděláme , měj zapnutý MbAM , nebo si pořiď firewall , robot Tě po čase vyřadí sám.

[cobr4in]

Díky, díky moc.
Ešte by som mal pár otázok, ak by nevadilo:
- môžem naraz používať Malwarebytes anti-malware a Microsoft Security Essentials bez zvýšenej záťaže PC? Nemyslím samozrejme scan naraz, len ich mať na pozadí zapnuté.
- po týchto "čistkách" mi zostalo v PC veľa rôznych súborov a priečinkov, ktoré tu predtým neboli. Je nejaká cesta, ako ich vymazať naraz pomocou nejakého programu? Sám neviem, čo môžem a čo nemôžem zmazať, poprípade čo 100%tne bolo vytvorené práve pri používaní programov OTL, Comblfix, atď.

[Žbeky]

1. Můžeš. MbAM není rezident
2. Pokud jsi provedl všechny kroky, měly se odstanit prakticky samy. Alespoň CF, OTL. HJT musíš smazat sám, stejně tak T-Cleaner

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[cobr4in]

Okej, tak si nechám aj ten Mbam.
Ešte raz dík.