Změna koncovky souboru na Flash disku na .Ink

Zpráva

Schizo77 · #1 Příspěvek od **Schizo77** » 07 čer 2016 11:49

Zdravím, mám tento problém . Procetl jsem postup u stejného tématu a provedl rkill.exe a Combofix.
Prosím o kontrolu všech txt. CHtěl jsem poslat jako přílohu,a le nelze poslat koncovku txt, omlouvam se , ale nejsem vyloženě IT typ.
USB fix :
############################## | UsbFix V 8.247 | [Research]

User: Satek (Administrator) # KVIK
Updated 25/05/2016 by SOSVirus
Started at 09:56:34 | 07/06/2016

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : http://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

CPU: Intel(R) Pentium(R) 4 CPU 3.40GHz
RAM -> [Total : 2047 Mo | Free : 1576 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Mozilla Firefox : 46.0.1

################## | Security Information |

FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 56 Gb (11 Gb free - 20%) [] # NTFS
D:\ -> Fixed disk # 93 Gb (12 Gb free - 13%) [Data] # NTFS
H:\ -> Removable disk # 7 Gb (2 Gb free - 33%) [KINGSTON] # FAT32
L:\ -> Removable disk # 4 Gb (4 Gb free - 100%) [STORE N GO] # FAT32

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
04 - HKCU\..\Run : [SetDefaultMIDI] MIDIDef.exe
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\Run : [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
04 - HKLM\..\Run : [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\Run : [igfxtray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [igfxpers] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
04 - HKLM\..\Run : [Gaming mouse] C:\Program Files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [BF2Hub Client] C:\Program Files\BF2Hub Client\bf2hub.exe
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [SetDefaultMIDI] MIDIDef.exe
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04GS - Microsoft Office.lnk : C:\Program Files\Microsoft Office\Office10\OSA.EXE

################## | Generic Research |

Found! H:\tmp465C.tmp.vbs
Found! L:\tmp465C.tmp.vbs
Found! H:\BOOTEX.lnk
Found! H:\2.lnk
Found! H:\FOUND.000.lnk
Found! H:\Bojová Technika.lnk
Found! H:\Odbaveni-RC1743079.lnk
Found! H:\Counter-Strike 1.6.lnk
Found! H:\Výživa F-sport.lnk
Found! H:\15_OKRESNI_PREBOR_SVADBA.lnk
Found! H:\.minecraft.lnk
Found! H:\System Volume Information.lnk
Found! H:\The KMPlayer.lnk
Found! H:\Rotaxmame.lnk
Found! H:\09_OKRESNI_PREBOR_NA VAHU.lnk
Found! H:\08_OKRESNI_PREBOR_SCHUZE.lnk
Found! H:\07_OKRESNI_PREBOR_KOPACAK.lnk
Found! H:\05_OKRESNI_PREBOR_FORBES.lnk
Found! H:\02_OKRESNI_PREBOR_NABOR.lnk
Found! H:\01_OKRESNI_PREBOR_POHREB.lnk
Found! L:\Denní příjem kalorií.lnk
Found! L:\NICKY Rotax.lnk
Found! L:\P1020896.lnk
Found! C:\Documents and Settings\Satek\Local Settings\Temp\tmp465C.tmp.vbs

Analysed in 157.3 seconds

################## | E.O.F | http://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

rkill :

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/07/2016 12:03:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
209.250.2.163 battlefield2.ms1.gamespy.com
209.250.2.163 battlefield2.ms2.gamespy.com
209.250.2.163 battlefield2.ms3.gamespy.com
209.250.2.163 battlefield2.ms4.gamespy.com
209.250.2.163 battlefield2.ms5.gamespy.com
209.250.2.163 battlefield2.ms6.gamespy.com
209.250.2.163 battlefield2.ms7.gamespy.com
209.250.2.163 battlefield2.ms8.gamespy.com
209.250.2.163 battlefield2.ms9.gamespy.com
209.250.2.163 battlefield2.ms10.gamespy.com
209.250.2.163 battlefield2.ms11.gamespy.com
209.250.2.163 battlefield2.ms12.gamespy.com
209.250.2.163 battlefield2.ms13.gamespy.com
209.250.2.163 battlefield2.ms15.gamespy.com
209.250.2.163 battlefield2.ms16.gamespy.com
209.250.2.163 battlefield2.ms17.gamespy.com
209.250.2.163 battlefield2.ms18.gamespy.com
209.250.2.163 battlefield2.ms19.gamespy.com
209.250.2.163 battlefield2.ms20.gamespy.com

20 out of 48 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 06/07/2016 12:04:09 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)

Combofix :

ComboFix 16-06-01.01 - Satek 07.06.2016 12:08:07.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1561 [GMT 2:00]
Spuštěný z: d:\upload\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Satek\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\system32\SET1409.tmp
c:\windows\system32\tmp317.tmp
c:\windows\system32\tmp318.tmp
c:\windows\system32\tmp59A8.tmp
c:\windows\system32\tmp59A9.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-07 do 2016-06-07 )))))))))))))))))))))))))))))))
.
.
2016-06-07 09:55 . 2016-06-07 09:55 -------- d--h--w- c:\windows\PIF
2016-06-07 07:54 . 2016-06-07 07:55 -------- d-----w- C:\UsbFix
2016-06-07 07:32 . 2016-06-07 07:32 -------- d-----w- c:\windows\system32\wbem\Repository
2016-06-06 12:19 . 2016-06-07 07:31 -------- d-----w- c:\program files\Ask.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-01 17:59 . 2013-05-05 13:19 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-06-01 17:59 . 2013-05-05 13:19 281152 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-06-01 17:59 . 2010-07-26 19:04 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-05-31 18:35 . 2013-05-05 13:19 281152 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-05-12 19:10 . 2012-07-23 09:06 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 19:10 . 2011-12-30 07:38 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"Gaming mouse"="c:\program files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe" [2012-07-06 289280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"BF2Hub Client"="c:\program files\BF2Hub Client\bf2hub.exe" [2015-12-19 1927680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2014-10-31 10:53 85864 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\documents and settings\Satek\Local Settings\Data aplikací\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BF2Hub Client]
2015-12-19 18:09 1927680 ----a-w- c:\program files\BF2Hub Client\bf2hub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 13:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2015-09-26 13:38 6815512 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\--- GAMES ---\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Satek\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2RG.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11.6.2010 20:16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11.6.2010 20:16 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.2.2010 12:30 691696]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [20.3.2013 17:02 21576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11.10.2013 0:54 142648]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/02/12 19:29];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 13:58 87536]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\--- games ---\Unturned\x86\RaInfo.sys --> d:\--- games ---\Unturned\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11.12.2014 11:30 315496]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [29.12.2011 18:22 5824]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys --> c:\windows\system32\DRIVERS\avchv.sys [?]
S3 cleanhlp;cleanhlp;\??\c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys --> c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Satek\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Satek\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [1.7.2010 21:34 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [1.7.2010 21:34 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [1.7.2010 21:34 94064]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.2.2012 12:17 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.2.2012 12:17 8576]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 19:10]
.
2015-11-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2016-06-07 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ulozto.cz
TCP: DhcpNameServer = 77.48.254.254 77.48.100.254
FF - ProfilePath - c:\documents and settings\Satek\Data aplikací\Mozilla\Firefox\Profiles\3prn2y9e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-RunOnce-<NO NAME> - (no file)
Notify-AtiExtEvent - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AdAwareTray - c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-LogMeIn GUI - d:\--- games ---\Unturned\x86\LogMeInSystray.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-TO2SSM_McciTrayApp - c:\program files\TO2SSM\McciTrayApp.exe
AddRemove-FlatOut Ultimate Carnage - j:\flatout uc\FlatOut Ultimate Carnage\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-07 12:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1606980848-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-527237240-1606980848-1801674531-1003\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2016-06-07 12:13:49
ComboFix-quarantined-files.txt 2016-06-07 10:13
.
Před spuštěním: Volných bajtů: 12 009 418 752
Po spuštění: Volných bajtů: 12 253 278 208
.
- - End Of File - - 36FE6B8FFB113C7D43C19A3F0FF893B1
413FC2A0C716421B3158746D63736515

Schizo77 · #2 Příspěvek od **Schizo77** » 07 čer 2016 12:06

Ještě LOG z RSIT :
Logfile of random's system information tool 1.10 (written by random/random)
Run by Satek at 2016-06-07 13:03:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (20%) free of 57 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:03:30, on 7.6.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe
C:\Program Files\BF2Hub Client\bf2hub.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\UPLOAD\RSIT.exe
C:\Program Files\trend micro\Satek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Gaming mouse] C:\Program Files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BF2Hub Client] C:\Program Files\BF2Hub Client\bf2hub.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.ulozto.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5592860109
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static ... .142.0.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6569 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Satek\Data aplikací\Mozilla\Firefox\Profiles\3prn2y9e.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.242 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\Satek\Data aplikací\Mozilla\Firefox\Profiles\3prn2y9e.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-17 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-17 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]
"Gaming mouse"=C:\Program Files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe [2012-07-06 289280]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"BF2Hub Client"=C:\Program Files\BF2Hub Client\bf2hub.exe [2015-12-19 1927680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-12-03 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Documents and Settings\Satek\Local Settings\Data aplikací\Akamai\netsession_win.exe [2013-06-05 4489472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BF2Hub Client]
C:\Program Files\BF2Hub Client\bf2hub.exe [2015-12-19 1927680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-09-26 6815512]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2014-10-31 85864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-08 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\--- GAMES ---\FlatOut2\FlatOut2.exe"="D:\--- GAMES ---\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\Satek\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Satek\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"C:\Program Files\EA Games\Battlefield 2\BF2.exe"="C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\EA Games\Battlefield 2\BF2RG.exe"="C:\Program Files\EA Games\Battlefield 2\BF2RG.exe:*:Enabled:BF2RG"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\bin\steamwebhelper.exe"="C:\Program Files\Steam\bin\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.ACDV"=ACDV.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-06-07 13:03:26 ----D---- C:\rsit
2016-06-07 13:03:26 ----D---- C:\Program Files\trend micro
2016-06-07 12:13:50 ----A---- C:\ComboFix.txt
2016-06-07 12:06:05 ----A---- C:\WINDOWS\zip.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\SWSC.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\SWREG.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\sed.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\PEV.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\NIRCMD.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\MBR.exe
2016-06-07 12:06:05 ----A---- C:\WINDOWS\grep.exe
2016-06-07 12:05:56 ----D---- C:\Qoobox
2016-06-07 12:05:45 ----D---- C:\WINDOWS\erdnt
2016-06-07 11:55:00 ----HD---- C:\WINDOWS\PIF
2016-06-07 09:54:57 ----D---- C:\UsbFix
2016-06-06 14:19:15 ----D---- C:\Program Files\Ask.com
2016-05-09 17:33:12 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-06-07 13:03:26 ----RD---- C:\Program Files
2016-06-07 12:57:44 ----D---- C:\WINDOWS\Prefetch
2016-06-07 12:57:28 ----A---- C:\WINDOWS\wincmd.ini
2016-06-07 12:13:58 ----D---- C:\WINDOWS\Temp
2016-06-07 12:13:12 ----SD---- C:\WINDOWS\Tasks
2016-06-07 12:12:26 ----D---- C:\WINDOWS
2016-06-07 12:12:26 ----A---- C:\WINDOWS\system.ini
2016-06-07 12:12:18 ----D---- C:\WINDOWS\system32\drivers\etc
2016-06-07 12:11:58 ----D---- C:\WINDOWS\system32
2016-06-07 12:10:34 ----D---- C:\WINDOWS\system32\drivers
2016-06-07 12:10:34 ----D---- C:\WINDOWS\AppPatch
2016-06-07 12:10:31 ----D---- C:\Program Files\Common Files
2016-06-07 12:06:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-06-07 12:03:34 ----D---- C:\WINDOWS\system32\CatRoot2
2016-06-07 09:32:28 ----D---- C:\WINDOWS\system32\config
2016-06-07 09:32:07 ----D---- C:\WINDOWS\system32\wbem
2016-06-07 09:32:06 ----D---- C:\WINDOWS\Registration
2016-06-07 09:31:50 ----SHD---- C:\WINDOWS\Installer
2016-06-03 20:08:28 ----D---- C:\Program Files\The KMPlayer
2016-06-01 19:59:16 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2016-05-12 21:10:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-10 13:40:22 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\system32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\system32\drivers\sfsync04.sys [2006-08-11 59776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-26 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/02/12 19:29:47]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-27 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-27 25416]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2014-10-31 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\--- GAMES ---\Unturned\x86\RaInfo.sys []
S3 a11v1dmf;a11v1dmf; C:\WINDOWS\system32\drivers\a11v1dmf.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 avchv;avchv Function Driver; C:\WINDOWS\system32\DRIVERS\avchv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Satek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cleanhlp;cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Satek\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-04 157696]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2010-07-01 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2010-07-01 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2010-07-01 94064]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-12-26 142648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-17 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-05-06 76888]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12 269504]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-05-09 146888]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 LMIMaint;LogMeIn Maintenance Service; D:\--- GAMES ---\Unturned\x86\RaMaint.exe []
S4 LogMeIn;LogMeIn; D:\--- GAMES ---\Unturned\x86\LogMeIn.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#3 Příspěvek od **JaRon** » 07 čer 2016 12:13

ahoj,
1. zopakuj USBFix - volba clean
2. vycisti PC s ADWCleanerom

Schizo77 · #4 Příspěvek od **Schizo77** » 07 čer 2016 12:22

Zdar,
USBfix se tentokrat nedokončil ?? nevím proč, ještě projedu adwercleanerem.

#5 Příspěvek od **JaRon** » 07 čer 2016 12:25

podla logu si pouzil USBFix volbu research

Schizo77 · #6 Příspěvek od **Schizo77** » 07 čer 2016 12:30

Jo to asi jo, jenže když jsem nyní, na tvou radu dal CLEAN . nedokončilo to, vyskočila chybová hláška uplně na konci a nevytvořil se txt ?
tady je Adwcleaner :
# AdwCleaner v5.119 - Log vytvořen 07/06/2016 v 13:24:49
# Aktualizováno 30/05/2016 by Xplode
# Databáze : 2016-06-07.1 [Server]
# Operační system : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Satek - KVIK
# Spuštěno z : D:\UPLOAD\AdwCleaner.exe
# Nastavení : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka Smazáno : C:\Documents and Settings\All Users\Nabídka Start\Programy\myfree codec
[-] Složka Smazáno : C:\Program Files\Ask.com
[-] Složka Smazáno : C:\Program Files\myfree codec

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
[-] Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0E899AB-F487-11D5-8D29-0050BA6940E3}]
[-] Klíč Smazáno : HKCU\Software\APN PIP
[-] Klíč Smazáno : HKCU\Software\eSupport.com
[-] Klíč Smazáno : HKCU\Software\Myfree Codec
[-] Klíč Smazáno : HKCU\Software\PIP
[-] Klíč Smazáno : HKCU\Software\Softonic
[-] Klíč Smazáno : HKCU\Software\AppDataLow\Software\adawarebp
[-] Klíč Smazáno : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Klíč Smazáno : HKLM\SOFTWARE\Myfree Codec
[-] Klíč Smazáno : HKLM\SOFTWARE\PIP
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{58BDFEDB-14A4-4560-A0FC-F7D1E418F8EC}

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4152 bytů] - [07/06/2016 13:24:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [5033 bytů] - [07/06/2016 13:24:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4298 bytů] ##########

Schizo77 · #7 Příspěvek od **Schizo77** » 07 čer 2016 12:31

A třeba se hloupě ptám, ty Flash disky mam mit pořád v PC ??

#8 Příspěvek od **JaRon** » 07 čer 2016 12:35

kedze presne nepoznam, co vsetko a ako si prevadzal na pocitaci - typ partizan

doporucujem
- napichat kluce do PC, spustit USBFix volba research a hned po ukonceni volba clean

Schizo77 · #9 Příspěvek od **Schizo77** » 07 čer 2016 12:44

Ta k jsem to udelal jak jsi napsal a tady :
############################## | UsbFix V 8.247 | [Research]

User: Satek (Administrator) # KVIK
Updated 25/05/2016 by SOSVirus
Started at 13:41:34 | 07/06/2016

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : http://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

CPU: Intel(R) Pentium(R) 4 CPU 3.40GHz
RAM -> [Total : 2047 Mo | Free : 1637 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Mozilla Firefox : 46.0.1

################## | Security Information |

FW: Windows Firewall [(!) Disabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 56 Gb (11 Gb free - 20%) [] # NTFS
D:\ -> Fixed disk # 93 Gb (12 Gb free - 13%) [Data] # NTFS
H:\ -> Removable disk # 7 Gb (2 Gb free - 33%) [KINGSTON] # FAT32
L:\ -> Removable disk # 4 Gb (4 Gb free - 100%) [STORE N GO] # FAT32

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
04 - HKCU\..\Run : [SetDefaultMIDI] MIDIDef.exe
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\Run : [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
04 - HKLM\..\Run : [igfxtray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [igfxpers] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
04 - HKLM\..\Run : [Gaming mouse] C:\Program Files\TESORO Gaming\SHRIKE Gaming Mouse\mousehid.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [BF2Hub Client] C:\Program Files\BF2Hub Client\bf2hub.exe
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [SetDefaultMIDI] MIDIDef.exe
04 - HKU\S-1-5-21-527237240-1606980848-1801674531-1003\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04GS - Microsoft Office.lnk : C:\Program Files\Microsoft Office\Office10\OSA.EXE

################## | Generic Research |

Analysed in 19.62 seconds

################## | E.O.F | http://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

Schizo77 · #10 Příspěvek od **Schizo77** » 07 čer 2016 12:51

Po ukonceni Reserch nelze volbu Clean dat. USB fix se vypne, pokud ho znova spustim a dam Clean, nedokonci se, nahodi to chybovou hlasku a to je cele

#11 Příspěvek od **JaRon** » 07 čer 2016 13:03

podla prvého vypisu:
################## | Generic Research |

Found! H:\tmp465C.tmp.vbs
Found! L:\tmp465C.tmp.vbs
Found! H:\BOOTEX.lnk
Found! H:\2.lnk
Found! H:\FOUND.000.lnk
Found! H:\Bojová Technika.lnk
Found! H:\Odbaveni-RC1743079.lnk
Found! H:\Counter-Strike 1.6.lnk
Found! H:\Výživa F-sport.lnk
Found! H:\15_OKRESNI_PREBOR_SVADBA.lnk
Found! H:\.minecraft.lnk
Found! H:\System Volume Information.lnk
Found! H:\The KMPlayer.lnk
Found! H:\Rotaxmame.lnk
Found! H:\09_OKRESNI_PREBOR_NA VAHU.lnk
Found! H:\08_OKRESNI_PREBOR_SCHUZE.lnk
Found! H:\07_OKRESNI_PREBOR_KOPACAK.lnk
Found! H:\05_OKRESNI_PREBOR_FORBES.lnk
Found! H:\02_OKRESNI_PREBOR_NABOR.lnk
Found! H:\01_OKRESNI_PREBOR_POHREB.lnk
Found! L:\Denní příjem kalorií.lnk
Found! L:\NICKY Rotax.lnk
Found! L:\P1020896.lnk
Found! C:\Documents and Settings\Satek\Local Settings\Temp\tmp465C.tmp.vbs

pokial ziadny z uvedených suborov neexistuje, tak ich nejaka utilita uz stihla zmazat
a tym padom mame hotovo, ak existuju, ZMAZ ich rucne

Schizo77 · #12 Příspěvek od **Schizo77** » 07 čer 2016 13:10

Melo by to byt OK, nic takoveho jsem uz nenasel...
DIKY MOOOOC

Ale stejna prace me ceka na tom Notebooku, odkud jsem si ten srac prinesl na flashce do stolniho PC

#13 Příspěvek od **JaRon** » 07 čer 2016 13:16

rado sa stalo

VIRY.CZ

Změna koncovky souboru na Flash disku na .Ink

Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink

Re: Změna koncovky souboru na Flash disku na .Ink