DorkBot.D

Zpráva

Leonko · #1 Příspěvek od **Leonko** » 06 led 2014 19:09

Dobrý deň,...

Dnes mi po 2 týždňoch bratranec vrátil externý disk a po otvorení na mňa ESET vyskočil asi s 80 hláškami, že je tam Dorkbot vírus a všetky súbory sú v karanténe. V živote som nemal na PC vírus, takže vôbec nemám šajnu čo ďalej,... takže moje otázky :

Dajú sa súbory nejak vyliečiť aby som ich mohol používať ďalej?
Alebo len rovno zmazať a nič sa s tím nedá robiť?

Mám tam toho asi 250GB, dosť vzácne vecí, čo už tak ľahko (niektoré už vôbec) nezoženiem, takže nerád by som o to prišiel.

#2 Příspěvek od **vyosek** » 06 led 2014 19:16

Zdravim

No uvidime co se s tim da delat

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Leonko · #3 Příspěvek od **Leonko** » 06 led 2014 19:27

Tak tu sú logy,... ešte napíšem vopred,... že keď som spustil USBfir, tak mi pozatváralo väčšinu procesov (čo proste asi tak má byť

),... ale hlavná vec, že teraz už môžem prehliadať zložky na tom Externom disku (pred tým ich hodilo do karantény). Nemám ale zapnutý ESET, ten vyplo tiež. Takže logy tu :

USBFix :

############################## | UsbFix V 7.134 | [Deletion]

User: Matúš (Administrator) # MATÚŠ-PC
Updated 06/09/2013 by El Desaparecido
Started at 19:21:17 | 06/01/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: ASUSTeK Computer Inc. (K50IJ ) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz (2101)
RAM -> [Total : 3037 | Free : 1803]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.16476

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 7.0 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 44 Gb (13 Mb free - 30%) [] # NTFS
D:\ -> Fixed drive # 254 Gb (2 Mb free - 1%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (5 Mb free - 62%) [NOVÝ ZVÄZOK] # FAT32
H:\ -> Fixed drive # 298 Gb (82 Mb free - 27%) [MATÚŠ ČIGÁŠ] # NTFS

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SysVContoller32] - C:\Windows\System32\svcl32\svcl32.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [CTFMon] - C:\Windows\System32\CTF\ctfmon.exe
HKLM\SOFTWARE | Run : [egui] - "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\_Programy\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [DU Meter] - "C:\_Programy\DU Meter\DUMeter.exe" /autostart
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\_Programy\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [AshSnap] - C:\_Programy\Ashampoo Snap 6\ashsnap.exe
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [IDMan] - C:\_Programy\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [Easy-Hide-IP] - C:\_Programy\Easy-Hide-IP\easy-hide-ip.exe
HKU\S-1-5-21-2713317602-194128439-3607372724-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

################## | Stopped processes |

Stopped! C:\Windows\system32\fsproflt.exe (1152)
Stopped! C:\Windows\System32\spoolsv.exe (1380)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1556)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1580)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (1616)
Stopped! C:\_Programy\DU Meter\DUMeterSvc.exe (1660)
Stopped! C:\Windows\system32\taskhost.exe (1752)
Stopped! C:\_Programy\My Lockbox\mylbx.exe (1784)
Stopped! C:\Program Files\ESET\ESET Smart Security\ekrn.exe (1996)
Stopped! C:\_Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe (388)
Stopped! C:\Windows\System32\WUDFHost.exe (2336)
Stopped! C:\_PROGR~1\DUMETE~1\DUMeter.exe (2504)
Stopped! C:\Windows\System32\igfxtray.exe (2612)
Stopped! C:\Windows\System32\hkcmd.exe (2620)
Stopped! C:\Windows\System32\igfxpers.exe (2632)
Stopped! C:\Program Files\DivX\DivX Update\DivXUpdate.exe (2644)
Stopped! C:\Program Files\ESET\ESET Smart Security\egui.exe (2756)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (2780)
Stopped! C:\_Programy\iTunes\iTunesHelper.exe (2792)
Stopped! C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (2812)
Stopped! C:\_Programy\DAEMON Tools Lite\DTLite.exe (2840)
Stopped! C:\_Programy\Ashampoo Snap 6\ashsnap.exe (2876)
Stopped! C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe (2924)
Stopped! C:\_Programy\Internet Download Manager\IDMan.exe (2936)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (2956)
Stopped! C:\Users\Matúš\AppData\Roaming\Dropbox\bin\Dropbox.exe (2968)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3284)
Stopped! C:\Windows\system32\SearchIndexer.exe (3384)
Stopped! C:\_Programy\Internet Download Manager\IEMonitor.exe (3472)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3704)
Stopped! C:\_Programy\Total Commander\TOTALCMD.EXE (3760)
Stopped! C:\_Programy\Opera\opera.exe (2328)
Stopped! D:\Matus\Programy\Miranda\Miranda32.exe (1968)
Stopped! C:\_Programy\Thunderbird\thunderbird.exe (4676)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (5100)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5156)

################## | Files # Infected Folders |

Deleted ! H:\Thumbs.db

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CTFMON

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{49d4c0af-2329-11e1-8ffc-485b394f88c1}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a6c55c1e-623f-11e3-b1a5-485b394f88c1}

################## | Listing |

[12/11/2012 - 01:44:02 | SHD ] C:\$Recycle.Bin
[06/01/2014 - 18:53:31 | D ] C:\AdwCleaner
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[06/01/2014 - 18:51:51 | ASH | 2388459520] C:\hiberfil.sys
[03/12/2011 - 01:17:30 | D ] C:\Intel
[10/04/2012 - 01:27:42 | N | 0] C:\IO.SYS
[10/04/2012 - 01:27:42 | N | 0] C:\MSDOS.SYS
[22/04/2013 - 20:56:48 | RHD ] C:\MSOCache
[06/01/2014 - 18:51:53 | ASH | 3184615424] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[06/01/2014 - 19:11:57 | D ] C:\Program Files
[06/01/2014 - 17:41:46 | HD ] C:\ProgramData
[03/12/2011 - 00:36:03 | SHD ] C:\Recovery
[06/01/2014 - 19:12:07 | D ] C:\rsit
[03/01/2014 - 19:22:38 | SHD ] C:\System Volume Information
[15/12/2013 - 12:08:44 | D ] C:\Temp
[06/01/2014 - 19:23:16 | D ] C:\UsbFix
[06/01/2014 - 19:23:37 | A | 7480] C:\UsbFix [Clean 1] MATÚŠ-PC.txt
[09/12/2011 - 21:36:28 | D ] C:\Users
[06/01/2014 - 18:32:55 | D ] C:\Windows
[21/12/2013 - 19:32:36 | D ] C:\_Programy
[10/03/2013 - 17:36:23 | D ] C:\_Rovio
[19/02/2013 - 00:08:18 | D ] D:\!DropBox
[04/01/2014 - 00:03:04 | D ] D:\!Pro
[09/12/2011 - 21:36:35 | SHD ] D:\$RECYCLE.BIN
[05/01/2014 - 01:10:30 | N | 472692] D:\09.gif
[19/12/2013 - 11:42:39 | N | 2090241] D:\aEw0Dqx_460sa.gif
[01/12/2013 - 16:48:16 | N | 1453359] D:\aXbrWyV_460sa.gif
[04/01/2014 - 20:21:29 | N | 1728169] D:\bvkjbkn_klm.gif
[04/01/2014 - 20:21:32 | N | 1464365] D:\community_image_1388581306.gif
[08/12/2013 - 12:04:49 | N | 1212688] D:\cotijebe.gif
[04/01/2014 - 20:21:23 | N | 1047507] D:\cqbiKil.gif
[22/05/2013 - 10:19:06 | N | 749590] D:\default.gif
[01/01/2014 - 12:45:16 | D ] D:\Matus
[06/01/2014 - 19:18:29 | D ] D:\some_shit_from_internet
[08/12/2011 - 17:22:43 | SHD ] D:\System Volume Information
[01/01/2014 - 23:46:23 | N | 234366] D:\tracker_k0sTi_v1.3.1.xls
[04/01/2014 - 20:21:26 | N | 910988] D:\tumblr_mxpopcmMKF1rmg7i2o1_400.gif
[06/01/2014 - 15:12:17 | D ] D:\_Filmy
[06/12/2013 - 12:00:48 | D ] D:\_Hudba
[25/10/2013 - 20:31:38 | D ] D:\_Serialy
[01/12/2013 - 01:10:18 | N | 861807] D:\židia , cigani a 7 sekund pravdy.webm
[01/01/2013 - 18:13:28 | D ] F:\DCIM
[07/11/2013 - 12:04:36 | D ] F:\Star.Trek.Into.Darkness.2013.BDRip.XviD.AC3.CZ-TreZzoR
[18/11/2013 - 11:51:05 | SHD ] H:\$RECYCLE.BIN
[04/03/2013 - 03:43:07 | D ] H:\Bol Raz Jeden Zivot-SK.CZ.multidub
[04/06/2013 - 19:52:49 | D ] H:\Half-Life 2 Anthology
[12/08/2012 - 08:31:29 | D ] H:\Hviezdne vojny - komplet - CZ
[06/02/2010 - 16:09:09 | D ] H:\Karlik a
[10/06/2009 - 20:43:09 | D ] H:\Maly Toaster
[25/08/2013 - 13:38:39 | D ] H:\Microsoft Office Professional Plus 2007 sk
[18/09/2012 - 23:56:53 | D ] H:\msdownld.tmp
[09/09/2013 - 21:30:26 | D ] H:\Mucha
[08/12/2009 - 17:05:28 | D ] H:\Obecna skola
[07/03/2009 - 16:25:53 | D ] H:\PRCICKY 5 - Naha mile
[11/08/2013 - 22:54:15 | D ] H:\priiatelia
[31/05/2009 - 21:25:53 | D ] H:\Recycled
[13/03/2012 - 20:50:35 | D ] H:\Sexbomba od vedla (2004)
[27/11/2013 - 16:54:43 | SHD ] H:\System Volume Information
[23/08/2013 - 11:44:21 | D ] H:\Transformers.BOXSET.2007-2011.DVDRip.x264.AC3.CZ-bBr
[27/01/2011 - 19:12:43 | D ] H:\ZLATO
[20/12/2013 - 20:23:20 | D ] H:\_Alf
[09/09/2013 - 20:32:00 | D ] H:\_doku
[22/07/2013 - 20:30:47 | D ] H:\_Futurama
[25/06/2013 - 13:10:40 | D ] H:\_Game.of.Thrones
[24/10/2012 - 16:12:52 | D ] H:\_Ultimate Survival

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Matúš at 2014-01-06 19:24:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 13 GB (30%) free of 45 GB
Total RAM: 3037 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:32, on 6. 1. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\_PROGR~1\DUMETE~1\DUMeter.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\_Programy\Total Commander\TOTALCMD.EXE
D:\some_shit_from_internet\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\Matúš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_Programy\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysVContoller32] C:\Windows\System32\svcl32\svcl32.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\_Programy\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [DU Meter] "C:\_Programy\DU Meter\DUMeter.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\_Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\_Programy\Ashampoo Snap 6\ashsnap.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [IDMan] C:\_Programy\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Easy-Hide-IP] C:\_Programy\Easy-Hide-IP\easy-hide-ip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\_Programy\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\_Programy\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA1FB58-13C2-4CC7-8957-544C386F104D}: NameServer = 147.175.111.15
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\_Programy\DU Meter\DUMeterSvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: HitmanPro 3.7 Crusader (Boot) (HitmanPro37CrusaderBoot) - Unknown owner - D:\some_shit_from_internet\HitmanPro.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\_Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\_Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 6649 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\_Programy\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\_Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\_Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\_Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default\extensions\
ich@maltegoetz.de

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\_Programy\Internet Download Manager\IDMIECC.dll [2012-10-26 230872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-10-26 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-22 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-22 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SysVContoller32"=C:\Windows\System32\svcl32\svcl32.exe []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-08-19 5110160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"iTunesHelper"=C:\_Programy\iTunes\iTunesHelper.exe [2013-11-02 152392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"=DevDetect.exe -autorun []
"DU Meter"=C:\_Programy\DU Meter\DUMeter.exe [2013-03-06 3814368]
"DAEMON Tools Lite"=C:\_Programy\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"AshSnap"=C:\_Programy\Ashampoo Snap 6\ashsnap.exe [2012-11-06 3804568]
"Facebook Update"=C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-29 138096]
"IDMan"=C:\_Programy\Internet Download Manager\IDMan.exe [2012-10-31 3540416]
"Easy-Hide-IP"=C:\_Programy\Easy-Hide-IP\easy-hide-ip.exe []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-29 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-02-04 447152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matúš^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
C:\Users\MAT~1\AppData\Local\Facebook\MESSEN~1\214623~1.0\FACEBO~1.EXE []

C:\Users\Matúš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Matúš\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\_Programy\xchat\xchat.exe"="C:\_Programy\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-06 19:23:37 ----RASHD---- C:\Autorun.inf
2014-01-06 19:21:17 ----A---- C:\UsbFix [Clean 1] MATÚŠ-PC.txt
2014-01-06 19:20:25 ----D---- C:\UsbFix
2014-01-06 19:11:57 ----D---- C:\rsit
2014-01-06 19:11:57 ----D---- C:\Program Files\trend micro
2014-01-06 18:47:11 ----D---- C:\AdwCleaner
2014-01-06 18:33:06 ----D---- C:\Program Files\Enigma Software Group
2014-01-06 18:32:55 ----D---- C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 18:32:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-01-06 17:57:55 ----A---- C:\Windows\system32\bootdelete.exe
2014-01-06 17:41:46 ----D---- C:\ProgramData\HitmanPro
2013-12-18 10:43:49 ----D---- C:\Users\Matúš\AppData\Roaming\Opera Software
2013-12-15 12:07:49 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-15 12:07:49 ----A---- C:\Windows\system32\drivers\ANDROIDUSB.sys
2013-12-15 12:07:44 ----D---- C:\Temp
2013-12-15 12:07:06 ----D---- C:\ProgramData\HTC
2013-12-15 11:05:50 ----D---- C:\Program Files\mp3DirectCut
2013-12-11 09:36:09 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-11 09:36:08 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-11 09:36:08 ----A---- C:\Windows\system32\ieui.dll
2013-12-11 09:36:08 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 09:36:07 ----A---- C:\Windows\system32\jscript9diag.dll
2013-12-11 09:36:07 ----A---- C:\Windows\system32\iesetup.dll
2013-12-11 09:36:07 ----A---- C:\Windows\system32\iernonce.dll
2013-12-11 09:36:07 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-11 09:36:06 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-11 09:36:06 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-12-11 09:36:06 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-12-11 09:36:05 ----A---- C:\Windows\system32\wininet.dll
2013-12-11 09:36:04 ----A---- C:\Windows\system32\urlmon.dll
2013-12-11 09:36:04 ----A---- C:\Windows\system32\iertutil.dll
2013-12-11 09:36:03 ----A---- C:\Windows\system32\ieframe.dll
2013-12-11 09:36:02 ----A---- C:\Windows\system32\mshtml.dll
2013-12-11 09:36:02 ----A---- C:\Windows\system32\jscript9.dll
2013-12-11 09:31:54 ----A---- C:\Windows\system32\wmp.dll
2013-12-11 09:31:53 ----A---- C:\Windows\system32\wmploc.DLL
2013-12-11 09:30:34 ----A---- C:\Windows\system32\msieftp.dll
2013-12-11 09:30:24 ----A---- C:\Windows\system32\wscript.exe
2013-12-11 09:30:24 ----A---- C:\Windows\system32\scrrun.dll
2013-12-11 09:30:23 ----A---- C:\Windows\system32\cscript.exe
2013-12-11 09:30:21 ----A---- C:\Windows\system32\WMPhoto.dll
2013-12-11 09:30:05 ----A---- C:\Windows\system32\tzres.dll
2013-12-11 09:29:46 ----A---- C:\Windows\system32\imagehlp.dll
2013-12-11 09:29:11 ----A---- C:\Windows\system32\win32k.sys
2013-12-11 09:29:01 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-11 09:29:01 ----A---- C:\Windows\system32\drivers\drmk.sys

======List of files/folders modified in the last 1 month======

2014-01-06 19:24:28 ----D---- C:\Windows\Temp
2014-01-06 19:20:22 ----D---- C:\Users\Matúš\AppData\Roaming\DMCache
2014-01-06 19:11:57 ----D---- C:\Program Files
2014-01-06 19:06:24 ----D---- C:\Windows\system32\config
2014-01-06 18:52:43 ----D---- C:\Users\Matúš\AppData\Roaming\Dropbox
2014-01-06 18:48:53 ----D---- C:\Windows\System32
2014-01-06 18:41:27 ----SHD---- C:\Windows\Installer
2014-01-06 18:41:26 ----D---- C:\Windows\system32\Tasks
2014-01-06 18:39:58 ----D---- C:\Windows\system32\drivers
2014-01-06 18:32:55 ----D---- C:\Windows
2014-01-06 18:32:53 ----D---- C:\Program Files\Common Files
2014-01-06 18:32:11 ----D---- C:\Windows\Prefetch
2014-01-06 18:01:02 ----D---- C:\Users\Matúš\AppData\Roaming\IDM
2014-01-06 17:48:26 ----D---- C:\Windows\en-US
2014-01-06 17:47:27 ----D---- C:\Users\Matúš\AppData\Roaming\uTorrent
2014-01-06 17:47:15 ----D---- C:\Users\Matúš\AppData\Roaming\Winamp
2014-01-06 17:41:46 ----HD---- C:\ProgramData
2014-01-06 17:41:17 ----D---- C:\Users\Matúš\AppData\Roaming\vlc
2014-01-06 17:27:59 ----D---- C:\Windows\inf
2014-01-06 17:27:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-03 19:22:38 ----SHD---- C:\System Volume Information
2013-12-27 10:09:58 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-21 21:34:14 ----D---- C:\Windows\Panther
2013-12-21 21:34:14 ----D---- C:\Windows\Logs
2013-12-21 21:34:14 ----D---- C:\Windows\debug
2013-12-21 19:32:36 ----D---- C:\_Programy
2013-12-16 21:20:34 ----D---- C:\Windows\LiveKernelReports
2013-12-16 01:27:24 ----D---- C:\Windows\Tasks
2013-12-16 01:27:16 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-12-16 01:25:24 ----D---- C:\Windows\system32\catroot
2013-12-16 01:21:26 ----D---- C:\Users\Matúš\AppData\Roaming\DAEMON Tools Lite
2013-12-15 12:13:24 ----D---- C:\Windows\system32\DriverStore
2013-12-11 15:11:44 ----D---- C:\Windows\rescache
2013-12-11 09:40:35 ----D---- C:\Windows\winsxs
2013-12-11 09:38:02 ----D---- C:\Program Files\Internet Explorer
2013-12-11 09:38:01 ----D---- C:\Windows\system32\sk-SK
2013-12-11 09:38:00 ----D---- C:\Program Files\Windows Media Player
2013-12-11 09:36:21 ----D---- C:\Windows\system32\catroot2
2013-12-11 09:35:54 ----D---- C:\ProgramData\Microsoft Help
2013-12-11 09:34:31 ----D---- C:\Windows\system32\MRT
2013-12-11 09:32:11 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-08-20 49240]
R0 FSProFilter;FSPro File Filter; C:\Windows\System32\Drivers\FSPFltd.sys [2010-07-22 41912]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-03 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-08-20 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-08-20 134248]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-08-20 37416]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-08-20 174400]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2012-09-27 99192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-06-27 2191872]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\_Programy\DU Meter\DUMETR32.SYS [2012-11-08 19504]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-08-23 48640]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aad2q4cp;aad2q4cp; C:\Windows\system32\drivers\aad2q4cp.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\Windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 98560]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-01-05 32768]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 DUMeterSvc;DU Meter Service; C:\_Programy\DU Meter\DUMeterSvc.exe [2013-03-06 2054624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-08-19 1337240]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 fsproflt;FSPro Filter Service; C:\Windows\system32\fsproflt.exe [2010-08-26 68832]
S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot); D:\some_shit_from_internet\HitmanPro.exe /crusader:boot []
S2 MBAMService;MBAMService; C:\_Programy\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\_Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 108032]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 553288]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 06 led 2014 20:03

Ano, to ukonceni procesu udelal USBFix

Nedavejte porsim logy do code, spatne se to lusti a boli z toho oci, code slouzi pouze radcum pro opravne skripty

Jeste budeme ale cistit dal

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Leonko · #5 Příspěvek od **Leonko** » 06 led 2014 20:26

hej s tým ComboFixom už som sa tu dočítal dosť toho, než som založil príspevok,... ako ho tu niektorý používajú na vlastnú päsť

anyway, tu sú logy :

CmboFix

ComboFix 14-01-04.03 - Matúš . 01. 2014 20:13:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3037.1919 [GMT 1:00]
Running from: c:\users\Matúš\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\CTF
c:\windows\system32\CTF\ctfmon.txt
c:\windows\system32\CTF\Links\OtherProducts.html
c:\windows\system32\CTF\Serial.key
c:\windows\system32\frapsvid.dll
c:\windows\system32\nsbF4DD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-12-06 to 2014-01-06 )))))))))))))))))))))))))))))))
.
.
2014-01-06 19:22 . 2014-01-06 19:22 -------- d-----w- c:\users\Matúš\AppData\Local\temp
2014-01-06 19:22 . 2014-01-06 19:22 -------- d-----w- c:\users\Usery\AppData\Local\temp
2014-01-06 19:22 . 2014-01-06 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 18:42 . 2014-01-06 18:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5D88BD-FD35-4726-AFCF-B75089EE52B7}\offreg.dll
2014-01-06 18:11 . 2014-01-06 18:24 -------- d-----w- c:\program files\trend micro
2014-01-06 17:33 . 2014-01-06 17:33 -------- d-----w- c:\program files\Enigma Software Group
2014-01-06 17:32 . 2014-01-06 17:41 -------- d-----w- c:\windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 17:32 . 2014-01-06 17:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-01-06 16:57 . 2014-01-06 16:57 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-01-06 16:41 . 2014-01-06 16:58 -------- d-----w- c:\programdata\HitmanPro
2014-01-03 18:22 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5D88BD-FD35-4726-AFCF-B75089EE52B7}\mpengine.dll
2013-12-18 09:43 . 2013-12-18 09:43 -------- d-----w- c:\users\Matúš\AppData\Local\Opera Software
2013-12-18 09:43 . 2013-12-18 09:43 -------- d-----w- c:\users\Matúš\AppData\Roaming\Opera Software
2013-12-15 11:07 . 2009-10-26 15:54 25088 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2013-12-15 11:07 . 2009-06-09 13:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-12-15 11:07 . 2013-12-15 11:07 -------- d-----w- c:\programdata\HTC
2013-12-15 10:05 . 2013-12-15 10:06 -------- d-----w- c:\program files\mp3DirectCut
2013-12-11 08:31 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 08:31 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 08:30 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 08:30 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 08:30 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 08:30 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 08:30 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 08:30 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 08:30 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 08:29 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 08:29 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 08:29 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 08:29 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 00:27 . 2012-04-02 09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-16 00:27 . 2011-12-02 23:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 02:33 . 2011-12-03 00:06 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 20:17 . 2013-11-12 20:17 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 20:17 . 2013-11-12 20:17 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 20:17 . 2013-11-12 20:17 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 20:17 . 2013-11-12 20:17 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 20:17 . 2013-11-12 20:17 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 20:17 . 2013-11-12 20:17 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 20:17 . 2013-11-12 20:17 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 20:17 . 2013-11-12 20:17 337408 ----a-w- c:\windows\system32\html.iec
2013-11-12 20:17 . 2013-11-12 20:17 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 20:17 . 2013-11-12 20:17 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 20:17 . 2013-11-12 20:17 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 20:17 . 2013-11-12 20:17 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 20:17 . 2013-11-12 20:17 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 20:17 . 2013-11-12 20:17 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 20:16 . 2013-11-12 20:16 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 20:16 . 2013-11-12 20:16 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 20:16 . 2013-11-12 20:16 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 20:16 . 2013-11-12 20:16 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-12 20:16 . 2013-11-12 20:16 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 20:16 . 2013-11-12 20:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-22 20:39 . 2013-10-22 20:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-12 02:03 . 2013-11-12 19:54 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 19:54 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-12 19:54 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matúš\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matúš\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matúš\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matúš\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\_programy\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"DU Meter"="c:\_programy\DU Meter\DUMeter.exe" [2013-03-06 3814368]
"DAEMON Tools Lite"="c:\_programy\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AshSnap"="c:\_programy\Ashampoo Snap 6\ashsnap.exe" [2012-11-06 3804568]
"Facebook Update"="c:\users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-29 138096]
"IDMan"="c:\_programy\Internet Download Manager\IDMan.exe" [2012-10-31 3540416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-08-19 5110160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\_programy\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Matúš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matúš\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Matúš^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Matúš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-05-29 09:13 138096 ----atw- c:\users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-02-04 15:39 447152 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
R2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);d:\some_shit_from_internet\HitmanPro.exe [x]
R2 MBAMService;MBAMService;c:\_programy\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-08-20 49240]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 41912]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-03 691696]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-08-20 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-08-20 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-08-20 37416]
S2 DUMeterSvc;DU Meter Service;c:\_programy\DU Meter\DUMeterSvc.exe [2013-03-06 2054624]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-08-19 1337240]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-08-26 68832]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 99192]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\_programy\DU Meter\DUMETR32.SYS [2012-11-08 19504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\_programy\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\_programy\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDA1FB58-13C2-4CC7-8957-544C386F104D}: NameServer = 147.175.111.15
FF - ProfilePath - c:\users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
HKCU-Run-Easy-Hide-IP - c:\_programy\Easy-Hide-IP\easy-hide-ip.exe
HKLM-Run-SysVContoller32 - c:\windows\System32\svcl32\svcl32.exe
AddRemove-Miranda IM - d:\!prosight\Miranda Micro 1.4\Uninstall.exe
AddRemove-Usbfix - c:\usbfix\Un-UsbFix.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\_programy\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro37CrusaderBoot]
"ImagePath"="\"d:\some_shit_from_internet\HitmanPro.exe\" /crusader:boot"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2713317602-194128439-3607372724-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2713317602-194128439-3607372724-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rw2"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6a,5f,db,af,13,b9,34,3b,8f,cb,5c,6d,10,ac,7c,b9,bd,ab,4f,2a,6c,
3d,58,13,41,bb,db,30,28,f7,a0,a1,9f,0a,4b,56,06,d6,6a,99,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2713317602-194128439-3607372724-1000_Classes\CLSID\{aad778c9-fb6e-4762-a3bb-59c21d87f2bb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005c
"Therad"=dword:00000018
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-06 20:25:18
ComboFix-quarantined-files.txt 2014-01-06 19:25
.
Pre-Run: 14 418 321 408 bytes free
Post-Run: 14 174 973 952 bytes free
.
- - End Of File - - 5888E5B8C69586D20ED345660DE1910A
A36C5E4F47E84449FF07ED3517B43A31

Rkill

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/06/2014 08:06:31 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/06/2014 08:08:30 PM
Execution time: 0 hours(s), 1 minute(s), and 59 seconds(s)

#6 Příspěvek od **vyosek** » 07 led 2014 00:00

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Leonko · #7 Příspěvek od **Leonko** » 07 led 2014 00:09

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by Matúš (administrator) on MATÚŠ-PC on 07-01-2014 00:06:48
Running from C:\Users\Matúš\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: 041B
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(FSPro Labs) C:\Windows\System32\fsproflt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hagel Technologies Ltd.) C:\_Programy\DU Meter\DUMeterSvc.exe
(FSPro Labs) C:\_Programy\My Lockbox\mylbx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Malwarebytes Corporation) C:\_Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\_Programy\iTunes\iTunesHelper.exe
(ACD Systems) C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
(DT Soft Ltd) C:\_Programy\DAEMON Tools Lite\DTLite.exe
(Ashampoo Media GmbH & Co. KG) C:\_Programy\Ashampoo Snap 6\ashsnap.exe
(Tonec Inc.) C:\_Programy\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ghisler Software GmbH) C:\_Programy\Total Commander\TOTALCMD.EXE
(Opera Software) C:\_Programy\Opera\opera.exe
(Hagel Technologies Ltd.) C:\_Programy\DU Meter\DUMeter.exe
(VideoLAN) C:\_Programy\VLC\vlc.exe
(Mozilla Corporation) C:\_Programy\Thunderbird\thunderbird.exe
(Miranda NG Team) D:\Matus\Programy\Miranda\Miranda32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110160 2013-08-19] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\_Programy\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [] - [x]
HKCU\...\Run: [Device Detector] - DevDetect.exe -autorun
HKCU\...\Run: [DU Meter] - C:\_Programy\DU Meter\DUMeter.exe [3814368 2013-03-06] (Hagel Technologies Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\_Programy\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [AshSnap] - C:\_Programy\Ashampoo Snap 6\ashsnap.exe [3804568 2012-11-06] (Ashampoo Media GmbH & Co. KG)
HKCU\...\Run: [Facebook Update] - C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-29] (Facebook Inc.)
HKCU\...\Run: [IDMan] - C:\_Programy\Internet Download Manager\IDMan.exe [3540416 2012-10-31] (Tonec Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Matúš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matúš\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CD36446EF81CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKLM - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_Programy\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name - {259F616C-A300-44F5-B04A-ED001A26C85C} - No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BDA1FB58-13C2-4CC7-8957-544C386F104D}: [NameServer]147.175.111.15

FireFox:
========
FF ProfilePath: C:\Users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\_Programy\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\_Programy\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\_Programy\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\_Programy\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Matúš\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Extension: ProxTube - Unblock YouTube - C:\Users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default\Extensions\ich@maltegoetz.de
FF Extension: Download YouTube Videos as MP4 - C:\Users\Matúš\AppData\Roaming\Mozilla\Firefox\Profiles\yyd3hh2v.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Matúš\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Matúš\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Matúš\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Matúš\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - C:\_Programy\Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DUMeterSvc; C:\_Programy\DU Meter\DUMeterSvc.exe [2054624 2013-03-06] (Hagel Technologies Ltd.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337240 2013-08-19] (ESET)
R2 fsproflt; C:\Windows\system32\fsproflt.exe [68832 2010-08-26] (FSPro Labs)
R2 MBAMScheduler; C:\_Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\_Programy\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 HitmanPro37CrusaderBoot; "D:\some_shit_from_internet\HitmanPro.exe" /crusader:boot [x]

==================== Drivers (Whitelisted) ====================

R3 DUMeterDrv; C:\_Programy\DU Meter\DUMETR32.SYS [19504 2012-11-08] (Hagel Technologies Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-20] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-08-20] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-08-20] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-08-20] (ESET)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-12-03] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
U3 akucw6i7; C:\Windows\System32\Drivers\akucw6i7.sys [0 ] (Microsoft Corporation)
U3 catchme; \??\C:\Users\MAT~1\AppData\Local\Temp\catchme.sys [x]
U3 DfSdkS;
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-07 00:06 - 2014-01-07 00:07 - 00011272 _____ C:\Users\Matúš\Desktop\FRST.txt
2014-01-07 00:05 - 2014-01-07 00:05 - 01064805 _____ (Farbar) C:\Users\Matúš\Desktop\FRST.exe
2014-01-07 00:05 - 2014-01-07 00:05 - 00000000 ____D C:\FRST
2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\UsbFix
2014-01-06 20:25 - 2014-01-06 20:25 - 00035987 _____ C:\ComboFix.txt
2014-01-06 20:09 - 2014-01-06 20:25 - 00000000 ____D C:\Qoobox
2014-01-06 20:09 - 2014-01-06 20:23 - 00000000 ____D C:\Windows\erdnt
2014-01-06 20:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 20:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 20:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 20:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 20:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 20:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 20:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 20:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 20:06 - 2014-01-06 20:08 - 00002040 _____ C:\Users\Matúš\Desktop\Rkill.txt
2014-01-06 20:06 - 2014-01-06 20:06 - 05160001 ____R (Swearware) C:\Users\Matúš\Desktop\ComboFix.exe
2014-01-06 20:05 - 2014-01-06 20:05 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Matúš\Desktop\rkill.exe
2014-01-06 19:20 - 2014-01-06 19:18 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Matúš\Desktop\UsbFix.exe
2014-01-06 19:11 - 2014-01-06 19:24 - 00000000 ____D C:\Program Files\trend micro
2014-01-06 18:33 - 2014-01-06 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-06 18:32 - 2014-01-06 18:41 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 18:32 - 2014-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-06 17:57 - 2014-01-06 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-06 17:57 - 2014-01-06 17:57 - 00000316 _____ C:\Windows\system32\.crusader
2014-01-06 17:48 - 2014-01-06 17:48 - 00001600 _____ C:\Windows\PFRO.log
2014-01-06 17:41 - 2014-01-06 17:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-27 10:10 - 2014-01-06 19:30 - 00000448 _____ C:\Windows\setupact.log
2013-12-27 10:10 - 2013-12-27 10:10 - 00000000 _____ C:\Windows\setuperr.log
2013-12-18 10:43 - 2013-12-18 10:43 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\Opera Software
2013-12-18 10:43 - 2013-12-18 10:43 - 00000000 ____D C:\Users\Matúš\AppData\Local\Opera Software
2013-12-15 12:09 - 2013-12-15 12:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2013-12-15 12:07 - 2013-12-15 12:07 - 00000000 ____D C:\ProgramData\HTC
2013-12-15 12:07 - 2009-10-26 16:54 - 00025088 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2013-12-15 12:07 - 2009-06-09 14:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-15 11:05 - 2013-12-15 11:06 - 00000000 ____D C:\Program Files\mp3DirectCut
2013-12-11 09:36 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 09:36 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 09:36 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 09:36 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 09:36 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 09:36 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 09:36 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 09:36 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 09:36 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 09:36 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 09:36 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 09:36 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 09:36 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 09:36 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 09:36 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 09:36 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 09:36 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 09:36 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 09:36 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 09:31 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 09:31 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 09:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:30 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:29 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:29 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:29 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-07 00:07 - 2014-01-07 00:06 - 00011272 _____ C:\Users\Matúš\Desktop\FRST.txt
2014-01-07 00:05 - 2014-01-07 00:05 - 01064805 _____ (Farbar) C:\Users\Matúš\Desktop\FRST.exe
2014-01-07 00:05 - 2014-01-07 00:05 - 00000000 ____D C:\FRST
2014-01-07 00:05 - 2011-12-03 02:06 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\DMCache
2014-01-06 23:40 - 2012-01-10 14:29 - 00000000 ____D C:\Users\Matúš\AppData\Local\Apps\2.0
2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\UsbFix
2014-01-06 21:30 - 2012-02-24 10:13 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\vlc
2014-01-06 20:25 - 2014-01-06 20:25 - 00035987 _____ C:\ComboFix.txt
2014-01-06 20:25 - 2014-01-06 20:09 - 00000000 ____D C:\Qoobox
2014-01-06 20:25 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-06 20:25 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2014-01-06 20:23 - 2014-01-06 20:09 - 00000000 ____D C:\Windows\erdnt
2014-01-06 20:22 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-06 20:08 - 2014-01-06 20:06 - 00002040 _____ C:\Users\Matúš\Desktop\Rkill.txt
2014-01-06 20:06 - 2014-01-06 20:06 - 05160001 ____R (Swearware) C:\Users\Matúš\Desktop\ComboFix.exe
2014-01-06 20:05 - 2014-01-06 20:05 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Matúš\Desktop\rkill.exe
2014-01-06 20:05 - 2011-12-03 02:26 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\uTorrent
2014-01-06 20:03 - 2011-12-03 00:39 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 19:41 - 2011-12-03 00:32 - 01620894 _____ C:\Windows\WindowsUpdate.log
2014-01-06 19:37 - 2009-07-14 05:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 19:37 - 2009-07-14 05:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 19:30 - 2013-12-27 10:10 - 00000448 _____ C:\Windows\setupact.log
2014-01-06 19:30 - 2012-05-27 01:22 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\Dropbox
2014-01-06 19:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 19:24 - 2014-01-06 19:11 - 00000000 ____D C:\Program Files\trend micro
2014-01-06 19:18 - 2014-01-06 19:20 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Matúš\Desktop\UsbFix.exe
2014-01-06 18:41 - 2014-01-06 18:32 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 18:33 - 2014-01-06 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-06 18:32 - 2014-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-06 18:01 - 2013-05-14 15:31 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\IDM
2014-01-06 17:58 - 2014-01-06 17:41 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-06 17:57 - 2014-01-06 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-06 17:57 - 2014-01-06 17:57 - 00000316 _____ C:\Windows\system32\.crusader
2014-01-06 17:48 - 2014-01-06 17:48 - 00001600 _____ C:\Windows\PFRO.log
2014-01-06 17:47 - 2011-12-03 02:09 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\Winamp
2013-12-30 21:30 - 2013-09-23 18:27 - 00000000 ___RD C:\Users\Matúš\Desktop\i
2013-12-27 10:10 - 2013-12-27 10:10 - 00000000 _____ C:\Windows\setuperr.log
2013-12-27 10:09 - 2012-07-02 10:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 21:34 - 2011-12-03 00:29 - 00000000 ____D C:\Windows\Panther
2013-12-21 21:22 - 2012-12-30 15:11 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Binding of Isaac
2013-12-21 19:32 - 2011-12-03 00:48 - 00000000 ____D C:\_Programy
2013-12-18 10:48 - 2012-02-11 13:00 - 00000000 ____D C:\Users\Matúš\AppData\Local\Mozilla
2013-12-18 10:43 - 2013-12-18 10:43 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\Opera Software
2013-12-18 10:43 - 2013-12-18 10:43 - 00000000 ____D C:\Users\Matúš\AppData\Local\Opera Software
2013-12-16 21:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-12-16 01:27 - 2012-04-02 10:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-16 01:27 - 2011-12-03 00:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-16 01:21 - 2011-12-03 02:22 - 00000000 ____D C:\Users\Matúš\AppData\Roaming\DAEMON Tools Lite
2013-12-15 12:09 - 2013-12-15 12:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2013-12-15 12:09 - 2011-12-03 01:45 - 00000000 ____D C:\Users\Matúš\AppData\Local\Downloaded Installations
2013-12-15 12:07 - 2013-12-15 12:07 - 00000000 ____D C:\ProgramData\HTC
2013-12-15 11:06 - 2013-12-15 11:05 - 00000000 ____D C:\Program Files\mp3DirectCut
2013-12-11 15:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-11 09:40 - 2009-07-14 05:33 - 00411064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 09:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\sk-SK
2013-12-11 09:35 - 2011-12-03 02:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 09:34 - 2013-07-10 14:21 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 09:32 - 2011-12-03 03:33 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Matúš\AppData\Local\temp\catchme.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-03 19:01

==================== End Of Log ============================

#8 Příspěvek od **vyosek** » 07 led 2014 11:04

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\_Programy\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [] - [x]
HKCU\...\Run: [Device Detector] - DevDetect.exe -autorun
HKCU\...\Run: [DAEMON Tools Lite] - C:\_Programy\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [AshSnap] - C:\_Programy\Ashampoo Snap 6\ashsnap.exe [3804568 2012-11-06] (Ashampoo Media GmbH & Co. KG)
HKCU\...\Run: [Facebook Update] - C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-29] (Facebook Inc.)
HKCU\...\Run: [IDMan] - C:\_Programy\Internet Download Manager\IDMan.exe [3540416 2012-10-31] (Tonec Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CD36446EF81CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKLM - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {259F616C-A300-44F5-B04A-ED001A26C85C} - No File

S2 HitmanPro37CrusaderBoot; "D:\some_shit_from_internet\HitmanPro.exe" /crusader:boot [x]
U3 akucw6i7; C:\Windows\System32\Drivers\akucw6i7.sys [0 ] (Microsoft Corporation)
U3 catchme; \??\C:\Users\MAT~1\AppData\Local\Temp\catchme.sys [x]
U3 DfSdkS;
U3 mbr; \??\C:\ComboFix\mbr.sys 

2014-01-06 18:33 - 2014-01-06 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-06 18:32 - 2014-01-06 18:41 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 18:32 - 2014-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-06 17:57 - 2014-01-06 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-06 17:57 - 2014-01-06 17:57 - 00000316 _____ C:\Windows\system32\.crusader
2014-01-06 17:41 - 2014-01-06 17:58 - 00000000 ____D C:\ProgramData\HitmanPro

AlternateDataStreams: C:\ProgramData\TEMP:82F50D1C
AlternateDataStreams: C:\ProgramData\TEMP:8927A071

D:\some_shit_from_internet\HitmanPro.exe

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Leonko · #9 Příspěvek od **Leonko** » 07 led 2014 11:10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-01-2014
Ran by Matúš at 2014-01-07 11:09:46 Run:1
Running from C:\Users\Matúš\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\_Programy\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [] - [x]
HKCU\...\Run: [Device Detector] - DevDetect.exe -autorun
HKCU\...\Run: [DAEMON Tools Lite] - C:\_Programy\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [AshSnap] - C:\_Programy\Ashampoo Snap 6\ashsnap.exe [3804568 2012-11-06] (Ashampoo Media GmbH & Co. KG)
HKCU\...\Run: [Facebook Update] - C:\Users\Matúš\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-29] (Facebook Inc.)
HKCU\...\Run: [IDMan] - C:\_Programy\Internet Download Manager\IDMan.exe [3540416 2012-10-31] (Tonec Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CD36446EF81CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKLM - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {259F616C-A300-44F5-B04A-ED001A26C85C} - No File

S2 HitmanPro37CrusaderBoot; "D:\some_shit_from_internet\HitmanPro.exe" /crusader:boot [x]
U3 akucw6i7; C:\Windows\System32\Drivers\akucw6i7.sys [0 ] (Microsoft Corporation)
U3 catchme; \??\C:\Users\MAT~1\AppData\Local\Temp\catchme.sys [x]
U3 DfSdkS;
U3 mbr; \??\C:\ComboFix\mbr.sys

2014-01-06 18:33 - 2014-01-06 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-06 18:32 - 2014-01-06 18:41 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-06 18:32 - 2014-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-06 17:57 - 2014-01-06 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-06 17:57 - 2014-01-06 17:57 - 00000316 _____ C:\Windows\system32\.crusader
2014-01-06 17:41 - 2014-01-06 17:58 - 00000000 ____D C:\ProgramData\HitmanPro

AlternateDataStreams: C:\ProgramData\TEMP:82F50D1C
AlternateDataStreams: C:\ProgramData\TEMP:8927A071

D:\some_shit_from_internet\HitmanPro.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AshSnap => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search bar => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C} => Key deleted successfully.
HKCR\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C} => Key not found.
HitmanPro37CrusaderBoot => Service deleted successfully.
akucw6i7 => Service deleted successfully.
catchme => Service deleted successfully.
DfSdkS => Service deleted successfully.
mbr => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP => Moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard => Moved successfully.
C:\Windows\system32\bootdelete.exe => Moved successfully.
C:\Windows\system32\.crusader => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\ProgramData\TEMP => ":82F50D1C" ADS removed successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
"D:\some_shit_from_internet\HitmanPro.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#10 Příspěvek od **vyosek** » 07 led 2014 11:46

Jak se chova PC??

Leonko · #11 Příspěvek od **Leonko** » 07 led 2014 11:51

No rovnako ako pred tým

s PC nebol problém, nič neseká, browser svižný,... akurát som chcel vyriešiť ten problém s dorkbotom na externom disku.

#12 Příspěvek od **vyosek** » 07 led 2014 11:52

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Leonko · #13 Příspěvek od **Leonko** » 07 led 2014 12:09

Ešte by som sa chcel spýtať :

1. Čo vlastne spravil ten USBFix ? Lebo vyzerá to, že po jeho použití problém zmizol a znova som sa dostal na externý disk k súborom, a eset ich už neoznačoval ako nakazený.

2. Čo odporúčate používať na prevenciu PC. Používam raz do týždňa CCleaner, Malwarebytes a raz týždenne kontrolujem ESET-om. Ešte niečo ?

#14 Příspěvek od **vyosek** » 07 led 2014 12:11

USBFix je nastroj urceny predevsim na leceni flash disku. Odstranil malware, ktery zapricinil, ze kazdy soubor byl oznacovan jako bordel

Vami pouzivane nastroje staci dostatecne

Leonko · #15 Příspěvek od **Leonko** » 07 led 2014 12:22

oki

ešte posledná otázka

Ostali mi na obidvoch particiách, aj na externom disku zložky Autorun.inf,... nejaký zbytok po USBFix,... ale nejdú odstrániť. Píše to

Obrázek

Dá sa toho nejak zbaviť ?

VIRY.CZ

DorkBot.D

DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D

Re: DorkBot.D