Prosím o kontrolu

Zpráva

lavega · #1 Příspěvek od **lavega** » 20 bře 2016 21:55

Logfile of random's system information tool 1.10 (written by random/random)
Run by MATRIX at 2016-03-20 21:53:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (12%) free of 114 GB
Total RAM: 3562 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:53:51, on 20.3.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\ProgramFILE\SystemExplorer\SystemExplorer.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe
C:\Program Files\IMAP Monitor\imapmon.exe
C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
C:\Program Files\HaoZip\HaoZipCD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ProgramFILE\SystemExplorer\service\SystemExplorerService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UCBrowser\Application\UCService.exe
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
C:\WINDOWS\System32\svchost.exe
C:\ProgramFILE\Q-Dir\Q-Dir.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\! BACK_UP\! PrvaPomoc PC\SOS\RSIT.exe
C:\Program Files\trend micro\MATRIX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://systemexplorer.net/installdone.p ... 6.3.0.5309
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\ProgramFILE\SystemExplorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe"
O4 - HKLM\..\Run: [IMAP Monitor] C:\Program Files\IMAP Monitor\imapmon.exe
O4 - HKCU\..\Run: [f.lux] "C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [haozipcd] C:\Program Files\HaoZip\HaoZipCD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30F26F8B-C7C3-4247-95D1-D41F5F91C84E}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{30F26F8B-C7C3-4247-95D1-D41F5F91C84E}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{30F26F8B-C7C3-4247-95D1-D41F5F91C84E}: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UC Browser Service (UCBrowserSvc) - Unknown owner - C:\Program Files\UCBrowser\Application\UCService.exe

--
End of file - 7730 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\UCBrowserUpdater.job - C:\Program Files\UCBrowser\Application\update_task.exe /update
C:\WINDOWS\tasks\{6B524366-2492-928B-8461-BA0C972BF213}.job - C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\DOCUME~1\ALLUSE~1\DATAAP~1\5f12e9e9\558866de.dll"

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1221171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll

C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\extensions\
support@lastpass.com

C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\searchplugins\
kickassto.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-10-15 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-10-15 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"=C:\ProgramFILE\SystemExplorer\SystemExplorer.exe [2015-01-17 3391200]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2010-10-29 618496]
"3200 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe [2010-05-18 1989120]
"IMAP Monitor"=C:\Program Files\IMAP Monitor\imapmon.exe [2015-12-10 345088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [2013-10-23 1017224]
"haozipcd"=C:\Program Files\HaoZip\HaoZipCD.exe [2012-07-25 256264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-11-17 50137728]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-11-30 3280728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO"
"D:\ProgramFILE\utorrent-portable\utorrent.exe"="D:\ProgramFILE\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"D:\ProgramFILE\SkypePortable\App\Skype\Phone\Skype.exe"="D:\ProgramFILE\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "
"D:\! PETER\game\World_of_Tanks\WOTLauncher.exe"="D:\! PETER\game\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:ACBSP"
"D:\GREYLINK0.61\greylink.exe"="D:\GREYLINK0.61\greylink.exe:*:Enabled:greylink"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"D:\! PETER\game\World_of_Tanks\WorldOfTanks.exe"="D:\! PETER\game\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\! BACK_UP\AMIKOO\PCSoft\dcc296\DCC.exe"="D:\! BACK_UP\AMIKOO\PCSoft\dcc296\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\UCBrowser\Application\UCBrowser.exe"="C:\Program Files\UCBrowser\Application\UCBrowser.exe:*:Enabled:UCæµè§ˆå™¨"
"C:\Program Files\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"="C:\Program Files\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe:*:Enabled:è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°"
"C:\ProgramFILE\utorrent-portable\utorrent.exe"="C:\ProgramFILE\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\MetaTrader 5\metatester.exe"="C:\Program Files\MetaTrader 5\metatester.exe:*:Enabled:MetaTrader 5 Strategy Tester Agent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.ffds"=ff_vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.x264"=x264vfw.dll
"vidc.lags"=lagarith.dll
"msacm.divxa32"=DivXa32.acm

======List of files/folders created in the last 1 month======

2016-03-20 21:53:49 ----D---- C:\rsit
2016-03-20 21:53:49 ----D---- C:\Program Files\trend micro
2016-03-20 21:41:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-20 21:41:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2016-03-20 21:41:10 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2016-03-20 21:40:23 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-03-20 21:32:35 ----SHD---- C:\RECYCLER
2016-03-20 21:31:30 ----SD---- C:\ComboFix
2016-03-20 14:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\0cba6185-4763-0
2016-03-20 14:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\0cba6185-07e7-1
2016-03-15 14:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\0cba6185-5ae5-0
2016-03-15 06:19:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\5f12e9e9
2016-03-15 06:19:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\0cba6185-1b63-0
2016-03-15 06:19:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\{0b74b86d-712c-0}
2016-03-15 06:19:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\{0215fb9e-612c-1}
2016-03-15 06:19:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\{0215fb9e-612c-0}
2016-03-13 17:08:55 ----D---- C:\Documents and Settings\MATRIX\Data aplikací\dBpoweramp
2016-03-13 08:00:26 ----D---- C:\Program Files\ASIO4ALL v2
2016-03-13 07:17:10 ----A---- C:\Documents and Settings\All Users\Data aplikací\GeorgeYohngVST.ini
2016-03-13 07:16:06 ----A---- C:\WINDOWS\system32\ospitray.exe
2016-03-10 22:52:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2016-03-10 22:52:29 ----D---- C:\Program Files\Adobe
2016-02-25 23:02:49 ----D---- C:\Program Files\Plus500
2016-02-25 18:03:48 ----D---- C:\Program Files\xStation
2016-02-21 17:40:54 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-03-20 21:53:49 ----RD---- C:\Program Files
2016-03-20 21:50:37 ----D---- C:\WINDOWS\system32
2016-03-20 21:50:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-20 21:46:32 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-20 21:46:27 ----D---- C:\WINDOWS\Temp
2016-03-20 21:46:06 ----D---- C:\WINDOWS\system32\drivers
2016-03-20 21:45:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-03-20 21:45:35 ----D---- C:\Documents and Settings\MATRIX\Data aplikací\E38F90FB-CDD9-483E-9E9B-217EF3612BB6
2016-03-20 21:45:29 ----D---- C:\WINDOWS
2016-03-20 21:32:43 ----D---- C:\WINDOWS\AppPatch
2016-03-20 21:32:40 ----D---- C:\Program Files\Common Files
2016-03-20 21:31:32 ----D---- C:\Qoobox
2016-03-20 21:31:31 ----D---- C:\WINDOWS\Prefetch
2016-03-20 21:30:15 ----D---- C:\WINDOWS\Debug
2016-03-18 23:21:31 ----D---- C:\Documents and Settings\MATRIX\Data aplikací\vlc
2016-03-18 08:17:34 ----A---- C:\WINDOWS\PRMANPCF.INI
2016-03-18 06:45:01 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-17 21:21:37 ----D---- C:\Documents and Settings\MATRIX\Data aplikací\Skype
2016-03-15 06:31:38 ----SD---- C:\WINDOWS\Tasks
2016-03-15 06:19:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\da1a1bfd-7211-0
2016-03-15 06:19:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\da1a1bfd-69a1-1
2016-03-13 17:48:15 ----D---- C:\Program Files\IronFX MetaTrader 4
2016-03-13 06:44:07 ----D---- C:\ProgramFILE
2016-03-11 19:08:15 ----HD---- C:\WINDOWS\inf
2016-03-11 16:53:06 ----D---- C:\Program Files\Electronic Arts
2016-03-11 16:53:02 ----RSD---- C:\WINDOWS\assembly
2016-03-11 16:53:02 ----D---- C:\WINDOWS\system32\DirectX
2016-03-11 16:11:28 ----HD---- C:\Program Files\InstallShield Installation Information
2016-03-10 22:52:29 ----SHD---- C:\WINDOWS\Installer
2016-03-10 11:34:41 ----D---- C:\Nová složka
2016-03-08 22:23:15 ----D---- C:\Program Files\Rockstar Games
2016-03-08 22:21:48 ----D---- C:\Program Files\Ubisoft
2016-03-06 17:05:40 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Nadim;NAD Proto Driver; C:\WINDOWS\system32\DRIVERS\nadim.sys [2008-11-08 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-03 3300864]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2010-03-18 511064]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2010-03-18 528472]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2010-03-18 14424]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2010-03-18 157272]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys [2016-01-07 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\system32\DRIVERS\dtliteusbbus.sys [2016-01-07 40504]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2010-03-18 92760]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2010-03-18 798808]
R3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\HaoZipVirtualCDBus.sys [2012-07-24 115288]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2010-03-18 189528]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2013-06-20 98504]
R3 MEI;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\HECI.sys [2013-09-16 56280]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2010-03-18 127576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MATRIX\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2010-03-18 347144]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2010-03-18 162904]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NLNdisMP;NLNdisMP; C:\WINDOWS\system32\DRIVERS\nlndis.sys []
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\WINDOWS\system32\DRIVERS\nlndis.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2013-04-17 42728]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2013-04-17 201104]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2013-04-17 32912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 10242176]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbser;DJI USB Virtual COM Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-08-08 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-03 573440]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 595968]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [2015-09-27 186760]
R2 UCBrowserSvc;UC Browser Service; C:\Program Files\UCBrowser\Application\UCService.exe [2016-01-26 517112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-11-30 1082200]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-02 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-19 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2015-09-10 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-19 144200]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 642520]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 20 bře 2016 21:57

Zdravím,
něco prohnilého zde vidím, ale určitě nevidím vše, když jste už použil combofix a malwarebytes. poprosím o logy z nich.

lavega · #3 Příspěvek od **lavega** » 20 bře 2016 22:15

COMBO FIX

ComboFix 14-10-24.01 - MATRIX 20.03.2016 22:09:25.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3562.2420 [GMT 1:00]
Spuštěný z: d:\! back_up\! PrvaPomoc PC\SOS\ComboFix\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . chybí !!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-20 do 2016-03-20 )))))))))))))))))))))))))))))))
.
.
2016-03-20 20:53 . 2016-03-20 20:53 -------- d-----w- C:\rsit
2016-03-20 20:53 . 2016-03-20 20:53 -------- d-----w- c:\program files\trend micro
2016-03-20 20:41 . 2016-03-20 20:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2016-03-20 20:41 . 2016-03-20 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2016-03-20 20:41 . 2016-03-20 20:41 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-20 20:40 . 2016-03-20 20:40 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-20 13:00 . 2016-03-20 13:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\0cba6185-4763-0
2016-03-20 13:00 . 2016-03-20 13:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\0cba6185-07e7-1
2016-03-15 13:00 . 2016-03-20 07:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\0cba6185-5ae5-0
2016-03-15 05:19 . 2016-03-20 20:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\5f12e9e9
2016-03-15 05:19 . 2016-03-20 07:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\0cba6185-1b63-0
2016-03-15 05:19 . 2016-03-15 05:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{0b74b86d-712c-0}
2016-03-15 05:19 . 2016-03-15 05:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{0215fb9e-612c-1}
2016-03-15 05:19 . 2016-03-15 05:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{0215fb9e-612c-0}
2016-03-13 16:08 . 2016-03-13 16:08 -------- d-----w- c:\documents and settings\MATRIX\Data aplikací\dBpoweramp
2016-03-13 07:00 . 2016-03-13 07:00 -------- d-----w- c:\program files\ASIO4ALL v2
2016-03-13 06:16 . 2003-12-04 18:43 77824 ----a-w- c:\windows\system32\ospitray.exe
2016-03-12 16:38 . 2016-03-12 16:38 -------- d-----w- c:\documents and settings\MATRIX\Plocha
2016-03-10 21:52 . 2016-03-10 21:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2016-02-25 22:02 . 2016-02-25 22:02 -------- d-----w- c:\documents and settings\MATRIX\Local Settings\Data aplikací\Plus500
2016-02-25 22:02 . 2016-02-25 22:02 -------- d-----w- c:\program files\Plus500
2016-02-25 17:03 . 2016-02-25 17:23 -------- d-----w- c:\program files\xStation
2016-02-20 21:26 . 2016-02-20 21:26 -------- d-----w- c:\program files\eyeblink
2016-02-20 07:28 . 2016-02-20 07:28 -------- d-----w- c:\program files\Candleworks
2016-02-20 06:35 . 2016-02-20 06:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2016-02-19 23:07 . 2016-02-19 23:07 -------- d-sh--w- c:\documents and settings\MATRIX\PrivacIE
2016-02-19 22:17 . 2016-02-19 22:17 -------- d-----w- c:\documents and settings\MATRIX\Data aplikací\Saxo Bank
2016-02-19 22:17 . 2016-02-19 22:17 -------- d-----w- c:\documents and settings\MATRIX\Local Settings\Data aplikací\Saxo Bank
2016-02-19 22:17 . 2016-02-20 21:24 -------- d-----w- c:\program files\Saxo Bank
2016-02-19 22:14 . 2016-02-19 22:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2016-02-19 22:13 . 2016-02-19 22:13 -------- d-sh--w- c:\documents and settings\MATRIX\IETldCache
2016-02-19 22:03 . 2016-02-19 22:04 -------- dc-h--w- c:\windows\ie8
2016-02-19 21:55 . 2014-02-05 23:08 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2016-02-19 21:55 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2016-02-19 21:55 . 2014-02-05 23:08 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2016-02-19 21:55 . 2014-02-05 23:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2016-02-19 21:55 . 2014-02-05 23:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2016-02-19 21:55 . 2014-02-05 23:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2016-02-19 21:55 . 2014-02-05 23:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2016-02-19 21:55 . 2014-02-05 23:08 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2016-02-19 21:55 . 2014-02-05 23:08 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-18 05:45 . 2015-09-10 18:30 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-18 05:45 . 2015-09-10 18:30 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-07 21:15 . 2016-01-07 21:15 40504 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-01-07 21:15 . 2016-01-07 21:15 26168 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-01-06 11:53 . 2015-10-29 10:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\documents and settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"haozipcd"="c:\program files\HaoZip\HaoZipCD.exe" [2012-07-25 256264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-11-17 50137728]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-11-30 3280728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\programfile\SystemExplorer\SystemExplorer.exe" [2015-01-17 3391200]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-10-29 618496]
"3200 Scan2PC"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 1989120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-06-08 17:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"d:\\ProgramFILE\\utorrent-portable\\utorrent.exe"=
"d:\\ProgramFILE\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"d:\\! PETER\\game\\World_of_Tanks\\WOTLauncher.exe"=
"d:\\GREYLINK0.61\\greylink.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\! PETER\\game\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\! BACK_UP\\AMIKOO\\PCSoft\\dcc296\\DCC.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\UCBrowser\\Application\\UCBrowser.exe"=
"c:\\Program Files\\UCBrowser\\Application\\Downloader\\download\\MiniThunderPlatform.exe"=
"c:\\ProgramFILE\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [27.8.2013 13:22 595968]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [10.9.2015 18:17 169432]
R2 Nadim;NAD Proto Driver;c:\windows\system32\drivers\nadim.sys [14.9.2015 18:05 18688]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.7.2015 12:14 327296]
R2 UCBrowserSvc;UC Browser Service;c:\program files\UCBrowser\Application\UCService.exe [27.1.2016 21:20 517112]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 19:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 19:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 19:39 566360]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [30.11.2015 10:52 1082200]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [7.1.2016 22:15 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\drivers\dtliteusbbus.sys [7.1.2016 22:15 40504]
R3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;c:\windows\system32\drivers\HaoZipVirtualCDBus.sys [24.7.2012 3:55 115288]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [16.3.2014 21:53 98504]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [10.9.2015 18:17 56280]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 19:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10.9.2015 18:41 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 19:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 19:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 19:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 19:39 566360]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [27.8.2013 13:23 642520]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [4.1.2016 16:58 42728]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [4.1.2016 16:59 201104]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [4.1.2016 16:59 32912]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [21.9.2015 17:22 10242176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
2016-01-27 20:20 1239032 ----a-w- c:\program files\UCBrowser\Application\5.5.9936.1231\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-15 00:17 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-19 20:43]
.
2016-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-19 20:43]
.
2016-03-20 c:\windows\Tasks\UCBrowserUpdater.job
- c:\program files\UCBrowser\Application\update_task.exe [2016-01-27 12:57]
.
2016-03-20 c:\windows\Tasks\{6B524366-2492-928B-8461-BA0C972BF213}.job
- c:\windows\system32\regsvr32.exe [2008-04-14 06:52]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://systemexplorer.net/installdone.php?t=portable&v=6.3.0.5309
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30F26F8B-C7C3-4247-95D1-D41F5F91C84E}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\documents and settings\All Users\Data aplikací\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-20 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1563985344-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,1e,74,81,8c,7e,4c,d1,d5,cc,12,c7,01,7c,7b,f5,78,bb,9a,2e,d4,35,a6,
35,a1,b8,6e,81,34,28,ed,23,a1,01,0d,95,d6,4e,4a,bb,e7,89,6a,61,f2,0a,79,32,\
"??"=hex:be,a5,4f,22,61,ee,16,24,96,df,dc,4c,f7,71,42,02
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\programfile\SystemExplorer\service\SystemExplorerService.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Photodex\ProShow Gold\ScsiAccess.exe
c:\windows\system32\wscntfy.exe
c:\program files\UCBrowser\Application\UCBrowser.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2016-03-20 22:12:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-20 21:12
ComboFix2.txt 2016-01-06 12:30
.
Před spuštěním: Volných bajtů: 14 052 397 056
Po spuštění: Volných bajtů: 13 999 104 000
.
- - End Of File - - 92B20B6C6A64561D712F59A01C78BD50
413FC2A0C716421B3158746D63736515

lavega · #4 Příspěvek od **lavega** » 20 bře 2016 22:20

MALWAREBYTES
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Non-administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.092000 GHz
Memory total: 3735064576, free: 2660294656

Downloaded database version: v2016.03.20.05
Downloaded database version: v2016.03.12.01
Downloaded database version: v2016.03.18.01
=======================================
Initializing...
------------ Kernel report ------------
03/20/2016 21:41:11
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\l1c51x86.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\HaoZipVirtualCDBus.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtliteusbbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hap17v2k.sys
\SystemRoot\system32\drivers\ha10kx2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\COMMONFX.SYS
\SystemRoot\System32\drivers\CTAUDFX.SYS
\SystemRoot\System32\drivers\CTSBLFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\nadim.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8b01aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\
Lower Device Object: 0xffffffff8b03ab00
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8afd6ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8b03bd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8afd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b038930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8afd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8afdaf18, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b03bd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 870DCD73

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 234420417
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b01aab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b02de08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b01aab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b040940, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b03ab00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97704479

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Documents and Settings\All Users\Data aplikací\5f12e9e9\558866de.dll --> [Adware.Adposhel]
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\WINDOWS\kernel32.dll --> [Trojan.FakeMS.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer --> [Trojan.DNSChanger.DNSRst]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

#5 Příspěvek od **motji** » 20 bře 2016 22:24

Ve složce c/combofix byste měl mít ještě první log z combofixu, když jste ho spouštěl poprvé. Log z malwarebytesu najdete , když zapnete mbam a dáte log nebo tak něco, musíte ho uložit na disk.

lavega · #6 Příspěvek od **lavega** » 20 bře 2016 22:30

c/combofix je prazdny, log bol v korenovom adresary C/combofix.txt Malwarebytes my ukazuje iba tento log, co dom sem dal.

#7 Příspěvek od **motji** » 20 bře 2016 22:33

A ten malwarebytes proběhl a smazal jste v něm něco?

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

lavega · #8 Příspěvek od **lavega** » 20 bře 2016 22:37

Malwarebytes som nechal prebehnut a potom dal clean.

lavega · #9 Příspěvek od **lavega** » 20 bře 2016 22:42

# AdwCleaner v5.103 - Logfile created 20/03/2016 at 22:39:59
# Updated 20/03/2016 by Xplode
# Database : 2016-03-20.7 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : MATRIX - HOME-COMPIK
# Running from : D:\FOTOGRAFIE\2015\Triedeneie\Plocha\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : UCBrowserSvc

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\0cba6185-07e7-1
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\0cba6185-1b63-0
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\0cba6185-4763-0
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\0cba6185-5ae5-0
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\5f12e9e9
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\da1a1bfd-69a1-1
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\da1a1bfd-7211-0
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\{0215fb9e-612c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\{0215fb9e-612c-1}
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\{0b74b86d-712c-0}
[-] Folder Deleted : C:\Documents and Settings\MATRIX\Data aplikací\Solvusoft
[-] Folder Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Hola
[-] Folder Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\TNT2

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5f12e9e9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC
[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKLM\SOFTWARE\Secure

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3826 bytes] - [20/03/2016 22:39:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [3936 bytes] - [20/03/2016 22:39:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3972 bytes] ##########

#10 Příspěvek od **motji** » 20 bře 2016 22:55

fajn, poprosím o nový log z Frstu. jak je na tom pc?

lavega · #11 Příspěvek od **lavega** » 20 bře 2016 23:00

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by MATRIX (administrator) on HOME-COMPIK (20-03-2016 22:59:25)
Running from D:\FOTOGRAFIE\2015\Triedeneie\Plocha
Loaded Profiles: MATRIX (Available Profiles: MATRIX)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Mister Group) C:\ProgramFILE\SystemExplorer\SystemExplorer.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
() C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe
(Flux Software LLC) C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mister Group) C:\ProgramFILE\SystemExplorer\service\SystemExplorerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
() C:\ProgramFILE\Palemoon\Palemoon-Portable.exe
(Moonchild Productions) C:\ProgramFILE\Palemoon\Bin\Palemoon\palemoon.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Hola Networks Ltd.) C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Hola\firefox\app\hola_plugin.exe
(Nenad Hrg (SoftwareOK.com)) C:\ProgramFILE\Q-Dir\Q-Dir.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SystemExplorerAutoStart] => "C:\ProgramFILE\SystemExplorer\SystemExplorer.exe" /TRAY
HKLM\...\Run: [Samsung PanelMgr] => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [618496 2010-10-29] ()
HKLM\...\Run: [3200 Scan2PC] => C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe [1989120 2010-05-18] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\...\Run: [f.lux] => C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-25] (瑞创网络)
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3280728 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{30F26F8B-C7C3-4247-95D1-D41F5F91C84E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-1563985344-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-10-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-10-15] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default
FF Homepage: hxxps://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-18] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-10-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-10-15] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-1563985344-682003330-1003: @hola.org/FlashPlayer -> C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2016-03-20] ()
FF Plugin HKU\S-1-5-21-1715567821-1563985344-682003330-1003: @hola.org/vlc -> C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Hola\firefox\app\vlc\npvlc.dll [2016-03-20] (Hola)
FF SearchPlugin: C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\searchplugins\kickassto.xml [2016-03-20]
FF Extension: Thumbnail Zoom Plus - C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\extensions\thumbnailZoom@dadler.github.com.xpi [2016-02-27]
FF Extension: LastPass - C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: HTML5 Video Everywhere! - C:\Documents and Settings\MATRIX\Data aplikací\Mozilla\Firefox\Profiles\613076wh.default\Extensions\html5-video-everywhere@lejenome.me.xpi [2016-02-26]

Chrome:
=======
CHR Profile: C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Google Search) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Gmail) - C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [573440 2008-09-03] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-02] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-09-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082200 2015-11-30] (Disc Soft Ltd)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-09-27] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3300864 2008-09-03] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2016-01-07] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2016-01-07] (Disc Soft Ltd)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
R3 HaozipVirtualCDBus; C:\WINDOWS\System32\DRIVERS\HaoZipVirtualCDBus.sys [115288 2012-07-24] (Shanghai RuiChuang)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
R3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [98504 2013-06-20] (Atheros Communications, Inc.)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R2 Nadim; C:\WINDOWS\System32\DRIVERS\nadim.sys [18688 2008-11-08] (MetaProducts corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RTL2832UBDA; C:\WINDOWS\System32\drivers\RTL2832UBDA.sys [201104 2013-04-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [32912 2013-04-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\WINDOWS\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2013-04-17] (Realtek)
S3 SNP325; C:\WINDOWS\System32\DRIVERS\snp325.sys [10242176 2007-01-27] (Sonix Co. Ltd.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; no ImagePath
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 22:59 - 2016-03-20 22:59 - 00000000 ____D C:\FRST
2016-03-20 22:42 - 2016-03-20 22:42 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Hola
2016-03-20 22:38 - 2016-03-20 22:39 - 00000000 ____D C:\AdwCleaner
2016-03-20 22:25 - 2016-03-20 22:26 - 00000000 ____D C:\Documents and Settings\MATRIX\Dokumenty\Nová složka (4)
2016-03-20 22:25 - 2016-03-20 22:25 - 00000000 ____D C:\Documents and Settings\MATRIX\Dokumenty\Nová složka (3)
2016-03-20 22:18 - 2016-03-20 22:18 - 00000000 ____D C:\Documents and Settings\MATRIX\Dokumenty\Nová složka (2)
2016-03-20 22:12 - 2016-03-20 22:12 - 00016824 _____ C:\ComboFix.txt
2016-03-20 22:12 - 2016-03-20 22:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-03-20 22:12 - 2016-03-20 22:12 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-03-20 22:08 - 2016-03-20 22:12 - 00000000 ____D C:\ComboFix
2016-03-20 21:53 - 2016-03-20 21:53 - 00000000 ____D C:\rsit
2016-03-20 21:53 - 2016-03-20 21:53 - 00000000 ____D C:\Program Files\trend micro
2016-03-20 21:41 - 2016-03-20 22:27 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 21:41 - 2016-03-20 22:27 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2016-03-20 21:41 - 2016-03-20 21:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-20 21:40 - 2016-03-20 22:26 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-18 11:41 - 2016-03-18 11:41 - 00031744 _____ C:\Documents and Settings\MATRIX\Dokumenty\Rescue.asd
2016-03-15 06:19 - 2016-03-20 14:23 - 00000440 _____ C:\WINDOWS\Tasks\{6B524366-2492-928B-8461-BA0C972BF213}.job
2016-03-13 17:08 - 2016-03-13 17:08 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\dBpoweramp
2016-03-13 08:00 - 2016-03-13 08:00 - 00000000 ____D C:\Program Files\ASIO4ALL v2
2016-03-13 08:00 - 2016-03-13 08:00 - 00000000 ____D C:\Documents and Settings\MATRIX\Nabídka Start\Programy\ASIO4ALL v2
2016-03-13 07:17 - 2016-03-13 08:44 - 00000168 _____ C:\Documents and Settings\All Users\Data aplikací\GeorgeYohngVST.ini
2016-03-13 07:16 - 2003-12-04 19:43 - 00077824 _____ C:\WINDOWS\system32\ospitray.exe
2016-03-13 06:47 - 2016-03-13 06:47 - 00000000 ____D C:\Documents and Settings\MATRIX\Nabídka Start\Programy\Aqualizer
2016-03-13 06:46 - 2016-03-13 06:46 - 00000000 ____D C:\Documents and Settings\MATRIX\Dokumenty\Nová složka
2016-03-12 17:38 - 2016-03-12 17:38 - 00000000 ____D C:\Documents and Settings\MATRIX\Plocha
2016-03-12 07:51 - 2016-03-12 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\PHANTOM
2016-03-12 07:50 - 2016-03-12 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Peťo(2)
2016-03-12 07:50 - 2016-03-12 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Peťo fotky (4)
2016-03-12 07:50 - 2016-03-12 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Nová složka (6)
2016-03-12 07:50 - 2016-03-12 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Nová složka (5)
2016-03-12 07:50 - 2016-03-12 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Nová složka (4)
2016-03-12 07:49 - 2016-03-16 17:21 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Iveta
2016-03-12 07:49 - 2016-03-12 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Nová složka
2016-03-12 07:49 - 2016-03-12 07:49 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Nepoužívané odkazy plochy
2016-03-12 07:49 - 2016-03-12 07:49 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\MONIKA
2016-03-12 07:45 - 2016-03-12 07:49 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\GTA_IV
2016-03-12 07:45 - 2016-03-12 07:45 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Blaze-Video-HDTV-Player-6-+-serial
2016-03-12 07:45 - 2016-03-12 07:45 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\backups
2016-03-12 07:43 - 2016-03-12 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\AUDIO
2016-03-12 07:43 - 2016-03-12 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\!!!!!
2016-03-12 07:37 - 2016-03-12 07:38 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\števko
2016-03-12 07:37 - 2016-03-12 07:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\PREUKAZ
2016-03-12 07:08 - 2016-03-12 07:09 - 27334956 _____ C:\Documents and Settings\All Users\Plocha\dBpoweramp-Music-Converter-Reference-v14.4-Portable.rar
2016-03-10 22:52 - 2016-03-10 22:52 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-03-10 22:52 - 2016-03-10 22:52 - 00000000 ____D C:\Program Files\Adobe
2016-03-10 22:52 - 2016-03-10 22:52 - 00000000 ____D C:\Documents and Settings\Default User\Data aplikací\Macromedia
2016-03-10 22:32 - 2016-03-10 22:34 - 18667480 _____ (Adobe Systems Inc.) C:\Documents and Settings\All Users\Plocha\AdobeAIRInstaller.exe
2016-03-10 20:21 - 2016-03-10 21:25 - 925691633 _____ C:\Documents and Settings\All Users\Plocha\3T-čkári v zázname z priameho prenosu z 8.1.2016 z Mestského divadla Žilina - YouTube [720p].mp4
2016-03-10 20:19 - 2016-03-10 21:28 - 1039394399 _____ C:\Documents and Settings\All Users\Plocha\3T záznam z Mestského divadla Žilina 16.10.2015 - YouTube [720p].mp4
2016-03-10 18:25 - 2016-03-10 19:07 - 965412169 _____ C:\Documents and Settings\All Users\Plocha\Tri tvorivé tvory v Kasárňach_Kulturparku - YouTube [720p].mp4
2016-03-09 19:58 - 2016-03-09 19:58 - 01171985 _____ C:\Documents and Settings\All Users\Plocha\bookmarks03 2016.html
2016-03-05 12:28 - 2016-03-05 13:26 - 2018213888 _____ C:\Documents and Settings\All Users\Plocha\Akvaristika-Tetra-DVD---Zařízení-akvária-(2004).iso
2016-02-25 23:03 - 2016-02-25 23:03 - 00000000 ____D C:\Documents and Settings\MATRIX\Nabídka Start\Programy\Plus500
2016-02-25 23:02 - 2016-02-25 23:02 - 00000000 ____D C:\Program Files\Plus500
2016-02-25 23:02 - 2016-02-25 23:02 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Plus500
2016-02-25 18:23 - 2016-02-25 18:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\XTB xStation
2016-02-25 18:22 - 2016-02-25 18:22 - 07259512 _____ C:\Documents and Settings\All Users\Plocha\XTB xStation.exe
2016-02-25 18:03 - 2016-02-25 18:23 - 00000000 ____D C:\Program Files\xStation
2016-02-25 18:01 - 2016-02-25 18:01 - 07038984 _____ C:\Documents and Settings\All Users\Plocha\xStation.exe
2016-02-25 17:40 - 2016-02-25 17:40 - 00327810 _____ C:\Documents and Settings\All Users\Plocha\Dukascopy.rar
2016-02-24 18:42 - 2016-02-24 18:42 - 04681718 _____ C:\Documents and Settings\All Users\Plocha\FW__(1).zip
2016-02-21 17:40 - 2016-03-20 10:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-20 22:26 - 2016-02-20 22:26 - 00000000 ____D C:\Program Files\eyeblink
2016-02-20 22:26 - 2016-02-20 22:26 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\eyeblink
2016-02-20 08:28 - 2016-02-20 08:28 - 00000000 ____D C:\Program Files\Candleworks
2016-02-20 07:35 - 2016-02-20 07:35 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2016-02-20 00:07 - 2016-02-20 00:07 - 00000000 __SHD C:\Documents and Settings\MATRIX\PrivacIE
2016-02-19 23:30 - 2016-02-19 23:30 - 00809925 _____ C:\Documents and Settings\MATRIX\Dokumenty\Multiprodukt.cs2
2016-02-19 23:17 - 2016-02-20 22:24 - 00000000 ____D C:\Program Files\Saxo Bank
2016-02-19 23:17 - 2016-02-19 23:17 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Saxo Bank
2016-02-19 23:17 - 2016-02-19 23:17 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\Saxo Bank
2016-02-19 23:14 - 2016-02-19 23:14 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 __SHD C:\Documents and Settings\MATRIX\IETldCache
2016-02-19 23:05 - 2016-02-19 23:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$
2016-02-19 23:05 - 2016-02-19 23:05 - 00000000 ____D C:\WINDOWS\ie8updates
2016-02-19 23:04 - 2009-01-07 18:20 - 00017952 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2016-02-19 23:03 - 2016-02-19 23:04 - 00000000 __HDC C:\WINDOWS\ie8
2016-02-19 22:57 - 2016-02-19 22:57 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 22:55 - 2014-02-06 00:08 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2016-02-19 22:55 - 2014-02-06 00:08 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2016-02-19 22:55 - 2011-08-16 11:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2016-02-19 18:18 - 2016-02-19 18:18 - 00000730 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 22:59 - 2016-01-06 13:30 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\temp
2016-03-20 22:59 - 2015-10-19 21:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 22:45 - 2015-09-10 19:51 - 01188478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-20 22:45 - 2001-10-25 13:00 - 00491210 _____ C:\WINDOWS\system32\perfh005.dat
2016-03-20 22:45 - 2001-10-25 13:00 - 00098542 _____ C:\WINDOWS\system32\perfc005.dat
2016-03-20 22:42 - 2015-09-10 18:13 - 00000000 ___HD C:\Documents and Settings\MATRIX\Local Settings\Data aplikací
2016-03-20 22:41 - 2015-10-19 21:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-20 22:41 - 2015-09-10 18:52 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\LastPass
2016-03-20 22:41 - 2015-09-10 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-20 22:40 - 2015-09-10 19:18 - 00030624 _____ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000008-10011102}.rfx
2016-03-20 22:40 - 2015-09-10 19:18 - 00030624 _____ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000000-00001102-00000008-10011102}.rfx
2016-03-20 22:40 - 2015-09-10 19:18 - 00029772 _____ C:\WINDOWS\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000008-10011102}.rfx
2016-03-20 22:40 - 2015-09-10 19:18 - 00029772 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000008-10011102}.rfx
2016-03-20 22:40 - 2015-09-10 19:18 - 00011564 _____ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000008-10011102}.rfx
2016-03-20 22:40 - 2015-09-10 18:13 - 00000178 ___SH C:\Documents and Settings\MATRIX\ntuser.ini
2016-03-20 22:40 - 2015-09-10 18:12 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-20 22:40 - 2015-09-08 21:13 - 00045668 _____ C:\WINDOWS\system32\ativvaxx.cap
2016-03-20 22:39 - 2015-09-10 19:50 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-03-20 22:37 - 2016-01-27 21:21 - 00000446 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-03-20 22:25 - 2015-09-10 18:13 - 00000000 ___RD C:\Documents and Settings\MATRIX\Dokumenty
2016-03-20 22:12 - 2016-01-06 13:27 - 00000000 ____D C:\Qoobox
2016-03-20 22:11 - 2016-01-06 13:27 - 00000000 ____D C:\WINDOWS\erdnt
2016-03-20 22:11 - 2015-09-10 19:50 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2016-03-20 22:11 - 2015-09-10 19:50 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2016-03-20 22:11 - 2015-09-10 19:49 - 27787264 _____ C:\WINDOWS\system32\config\software.bak
2016-03-20 22:11 - 2015-09-10 19:49 - 06291456 _____ C:\WINDOWS\system32\config\system.bak
2016-03-20 22:11 - 2015-09-10 19:49 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2016-03-20 22:11 - 2001-10-25 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-03-20 22:09 - 2015-09-10 18:13 - 00000000 __RHD C:\Documents and Settings\MATRIX\Data aplikací
2016-03-20 22:01 - 2015-09-10 19:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-20 21:46 - 2015-09-10 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-03-20 21:46 - 2015-09-10 19:42 - 00000000 ____D C:\WINDOWS\Connection Wizard
2016-03-20 21:45 - 2015-12-10 16:49 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\E38F90FB-CDD9-483E-9E9B-217EF3612BB6
2016-03-20 21:30 - 2015-09-10 18:13 - 00000000 ____D C:\Documents and Settings\MATRIX
2016-03-20 21:26 - 2015-09-10 19:50 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-03-20 08:03 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-19 21:03 - 2015-09-16 19:37 - 00017408 _____ C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-18 23:21 - 2015-09-14 18:14 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\vlc
2016-03-18 08:17 - 2015-09-17 11:31 - 00001760 _____ C:\WINDOWS\PRMANPCF.INI
2016-03-18 08:15 - 2015-09-17 11:31 - 00000000 _____ C:\Ajeto.dml
2016-03-18 06:49 - 2015-09-10 19:29 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Adobe
2016-03-18 06:45 - 2015-09-10 19:30 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-18 06:45 - 2015-09-10 19:30 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-03-17 21:21 - 2015-09-20 16:32 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\Skype
2016-03-15 01:18 - 2015-10-19 21:46 - 00001819 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2016-03-13 17:48 - 2016-02-17 16:39 - 00001647 _____ C:\Documents and Settings\All Users\Plocha\IronFX MetaTrader 4.lnk
2016-03-13 17:48 - 2016-01-19 16:15 - 00000000 ____D C:\Program Files\IronFX MetaTrader 4
2016-03-13 08:00 - 2015-09-10 18:13 - 00000000 ___RD C:\Documents and Settings\MATRIX\Nabídka Start\Programy
2016-03-13 06:44 - 2016-01-17 07:40 - 00000000 ____D C:\ProgramFILE
2016-03-11 19:08 - 2015-09-10 19:42 - 00000000 ___HD C:\WINDOWS\inf
2016-03-11 16:58 - 2016-02-01 20:00 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Electronic Arts
2016-03-11 16:56 - 2016-02-01 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Electronic Arts
2016-03-11 16:53 - 2016-02-01 19:29 - 00000000 ____D C:\Program Files\Electronic Arts
2016-03-11 16:53 - 2015-09-10 19:50 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2016-03-11 16:53 - 2015-09-10 18:03 - 00000000 ____D C:\WINDOWS\system32\DirectX
2016-03-11 16:11 - 2016-02-07 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA Games
2016-03-11 16:11 - 2015-09-10 18:17 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-10 22:52 - 2015-09-10 19:50 - 00000000 __RHD C:\Documents and Settings\Default User\Data aplikací
2016-03-10 11:34 - 2015-11-03 13:55 - 00000000 ____D C:\Nová složka
2016-03-08 22:44 - 2015-10-19 19:22 - 00655336 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2016-03-08 22:44 - 2015-09-10 18:12 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2016-03-08 22:23 - 2016-01-06 12:40 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-08 22:23 - 2016-01-06 12:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Rockstar Games
2016-03-08 22:22 - 2015-09-10 18:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Creative
2016-03-08 22:21 - 2015-09-28 18:04 - 00000000 ____D C:\Program Files\Ubisoft
2016-03-07 18:23 - 2015-10-14 10:43 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-29 19:50 - 2015-09-10 18:13 - 00000000 ___RD C:\Documents and Settings\MATRIX\Dokumenty\Obrázky
2016-02-27 17:28 - 2016-02-01 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Plocha\Mbank
2016-02-20 07:35 - 2015-09-10 18:12 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-20 00:12 - 2016-01-01 23:20 - 03077435 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1715567821-1563985344-682003330-1003-0.dat
2016-02-20 00:12 - 2016-01-01 23:20 - 00279222 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2016-02-19 23:14 - 2015-09-10 18:10 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-19 23:13 - 2015-09-10 19:42 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-19 23:13 - 2015-09-10 19:42 - 00000000 ____D C:\WINDOWS\Media
2016-02-19 23:13 - 2015-09-10 19:42 - 00000000 ____D C:\WINDOWS\Help
2016-02-19 23:13 - 2015-09-10 18:13 - 00000803 _____ C:\Documents and Settings\MATRIX\Nabídka Start\Programy\Internet Explorer.lnk
2016-02-19 23:13 - 2015-09-10 18:13 - 00000000 ___RD C:\Documents and Settings\MATRIX\Dokumenty\Hudba
2016-02-19 23:05 - 2015-11-15 22:15 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-02-19 18:39 - 2016-02-17 22:13 - 00000000 ____D C:\Program Files\XTB xStation
2016-02-19 18:39 - 2016-02-14 09:11 - 00000000 ____D C:\Documents and Settings\MATRIX\Dokumenty\NinjaTrader 7
2016-02-19 18:19 - 2015-10-26 18:46 - 00000000 ____D C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\Mozilla
2016-02-19 18:19 - 2015-09-10 18:51 - 00000000 ____D C:\Documents and Settings\MATRIX\Data aplikací\Mozilla

==================== Files in the root of some directories =======

2015-09-16 19:37 - 2016-03-19 21:03 - 0017408 _____ () C:\Documents and Settings\MATRIX\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-13 07:17 - 2016-03-13 08:44 - 0000168 _____ () C:\Documents and Settings\All Users\Data aplikací\GeorgeYohngVST.ini
2016-01-04 20:53 - 2016-02-01 17:00 - 0003415 _____ () C:\Documents and Settings\All Users\Data aplikací\LmeUSB.log
2016-01-04 20:53 - 2016-02-01 17:00 - 0003354 _____ () C:\Documents and Settings\All Users\Data aplikací\LmeZJSW.log
2016-01-04 20:53 - 2016-02-01 17:00 - 0003416 _____ () C:\Documents and Settings\All Users\Data aplikací\LSDmbTH.log
2016-02-14 09:13 - 2016-02-14 09:13 - 0000107 _____ () C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
2016-01-04 20:53 - 2016-02-01 17:00 - 0003648 _____ () C:\Documents and Settings\All Users\Data aplikací\PipShareTuner.log

Files to move or delete:
====================
C:\Windows\Tasks\{6B524366-2492-928B-8461-BA0C972BF213}.job

Some files in TEMP:
====================
C:\Documents and Settings\MATRIX\Local Settings\temp\Hola-Setup-Plugin-1.12.239.exe
C:\Documents and Settings\MATRIX\Local Settings\temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#12 Příspěvek od **motji** » 20 bře 2016 23:09

Tento program znáte?
HaoZipCD

Složky jako nová složka3,4 a složka !!!! - to jste tvořil sám?

lavega · #13 Příspěvek od **lavega** » 20 bře 2016 23:10

Haozip je ok používam dlhodobo to iste ako WinRar alebo WinZip. Nove složky su moje.

#14 Příspěvek od **motji** » 20 bře 2016 23:18

Tak vydržte chvilku, napíšu ještě mazací skript

#15 Příspěvek od **motji** » 20 bře 2016 23:26

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
C:\WINDOWS\Tasks\{6B524366-2492-928B-8461-BA0C972BF213}.job
Folder::
C:\Documents and Settings\MATRIX\Data aplikací\E38F90FB-CDD9-483E-9E9B-217EF3612BB6
Restore::
c:\windows\system32\drivers\i8042prt.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu