Prosím o pomoc

Zpráva

Simisek · #1 Příspěvek od **Simisek** » 08 lis 2013 14:14

Ahojte,

včera jsem se stal obětí hacknutí účtu na serveru Battlenet. Když jsem hrál Diablo 3.

Již mám vše vyřešené, mám na emailu dvoufázové heslo, na Battlenetu mám pořádné heslo, mám mobilní autentifikátor.

Ale lidé mi řekli, že je velká hrozba, že bych mohl mít v PC keylogger. Mohla by mi dobrá duše pomoct a navést, jako laika, jak postupovat v hledání, případném nalezení i jeho zničení, abych měl klid ?

Děkuji

#2 Příspěvek od **vyosek** » 08 lis 2013 16:04

Zdravim a vitam vas u nas

Dejte log z RSIT

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Simisek · #3 Příspěvek od **Simisek** » 08 lis 2013 16:30

Prozatím log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 17 GB (19%) free of 91 GB
Total RAM: 8109 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:12, on 8.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\HsMgr.exe
E:\HRY\Steam\Steam.exe
C:\Program Files (x86)\Seznam.cz\bin\postak.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\trend micro\HELLERcz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\bin\core.4.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "E:\HRY\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire2\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9612 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe" -s DefaultInstance
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\system\HsMgr64.exe" Envoke
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"E:\HRY\Steam\Steam.exe" -silent
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
"C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
WLIDSvcM.exe 2424
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe" -s DefaultInstance
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {A12D6DFF-E610-44E4-AA5A-B46ACEA52BB1}
"C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\QIP\qip.exe" /isolated
"C:\Program Files (x86)\Winamp\winamp.exe"
"taskhost.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2800.a7a1500.755019031 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2800 "\\.\pipe\gecko-crash-server-pipe.2800" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --proxy-stub-channel=Flash4424.69B4CA40.8844 --host-broker-channel=Flash4424.69B4CA40.24658 --host-pid=4424 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --channel=4616.005AF8F8.1967300164 --proxy-stub-channel=Flash4424.69B4CA40.8844 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" --host-npapi-version=27 --type=renderer
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe420_ Global\UsGthrCtrlFltPipeMssGthrPipe420 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 6AEED450-077C-BE28-11EC-6C581887490F -Reinvoke
"C:\Users\HELLERcz\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cebfccf942280a.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cebfccf964a4ac.job

=========Mozilla firefox=========

ProfilePath - C:\Users\HELLERcz\AppData\Roaming\Mozilla\Firefox\Profiles\wxgtjaoh.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1, {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0, nelinka@shabbi.cz:1.3.4, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, s.alfa@idev.com:1.01, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, video.downloader.plugin@ffpimp.com:3.3.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0, {8225d6f0-dfca-11df-85ca-0800200c9a66}:1.0.4.8"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.6&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Users\HELLERcz\AppData\Roaming\Mozilla\Firefox\Profiles\wxgtjaoh.default\searchplugins\
askcom.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-17 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-17 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files (x86)\Seznam.cz\bin\core.4.dll [2012-01-10 1151520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"=C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [2012-01-20 227328]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-19 439064]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-19 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-19 398616]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-14 6325424]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"Steam"=E:\HRY\Steam\steam.exe [2013-10-30 1820584]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-09-26 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\Users\HELLERcz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire2\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.XFR1"=xfcodec64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-08 16:09:06 ----D---- C:\rsit
2013-11-08 16:09:06 ----D---- C:\Program Files\trend micro
2013-11-06 18:47:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-10-18 21:34:33 ----D---- C:\ProgramData\Oracle
2013-10-18 21:33:48 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-10-18 21:33:44 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-10-18 21:33:44 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-10-18 21:33:44 ----A---- C:\Windows\SYSWOW64\java.exe
2013-10-11 14:16:23 ----D---- C:\Program Files (x86)\Diablo III
2013-10-10 16:33:31 ----D---- C:\Users\HELLERcz\AppData\Roaming\Battle.net
2013-10-10 06:01:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-10 06:01:21 ----A---- C:\Windows\system32\ieui.dll
2013-10-10 06:01:20 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-10 06:01:20 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-10 06:01:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-10 06:01:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-10 06:01:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-10 06:01:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 06:01:20 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-10 06:01:20 ----A---- C:\Windows\system32\iesetup.dll
2013-10-10 06:01:20 ----A---- C:\Windows\system32\iertutil.dll
2013-10-10 06:01:20 ----A---- C:\Windows\system32\iernonce.dll
2013-10-10 06:01:20 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-10 06:01:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-10 06:01:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-10 06:01:19 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-10 06:01:19 ----A---- C:\Windows\system32\jscript.dll
2013-10-10 06:01:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-10 06:01:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-10 06:01:18 ----A---- C:\Windows\system32\urlmon.dll
2013-10-10 06:01:18 ----A---- C:\Windows\system32\jscript9.dll
2013-10-10 06:01:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-10 06:01:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-10 06:01:17 ----A---- C:\Windows\system32\wininet.dll
2013-10-10 06:01:17 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-10 06:01:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-10 06:01:16 ----A---- C:\Windows\system32\ieframe.dll
2013-10-10 06:01:15 ----A---- C:\Windows\system32\mshtml.dll
2013-10-10 06:01:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-10 05:52:14 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-10 05:52:14 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-10 05:52:14 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-10 05:52:14 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-10 05:52:14 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-10 05:52:14 ----A---- C:\Windows\system32\lpk.dll
2013-10-10 05:52:14 ----A---- C:\Windows\system32\fontsub.dll
2013-10-10 05:52:14 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-10 05:52:14 ----A---- C:\Windows\system32\dciman32.dll
2013-10-10 05:52:14 ----A---- C:\Windows\system32\atmlib.dll
2013-10-10 05:52:14 ----A---- C:\Windows\system32\atmfd.dll
2013-10-10 05:52:13 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-10 05:52:13 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-10 05:52:13 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-10 05:52:13 ----A---- C:\Windows\system32\tdh.dll
2013-10-10 05:52:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-10 05:52:13 ----A---- C:\Windows\system32\advapi32.dll
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-10 05:52:12 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-10 05:52:12 ----A---- C:\Windows\system32\wow64.dll
2013-10-10 05:52:12 ----A---- C:\Windows\system32\ntdll.dll
2013-10-10 05:52:11 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-10 05:52:11 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-10 05:52:11 ----A---- C:\Windows\system32\comctl32.dll
2013-10-10 05:52:10 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-10 05:52:10 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-10 05:52:10 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-10 05:52:10 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-10 05:52:10 ----A---- C:\Windows\system32\mswsock.dll
2013-10-10 05:52:10 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-10 05:52:10 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-10 05:52:10 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-10 05:52:10 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-10 05:52:10 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-10 05:52:10 ----A---- C:\Windows\system32\davclnt.dll
2013-10-10 05:52:09 ----A---- C:\Windows\system32\win32k.sys
2013-10-10 05:51:59 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-10 05:51:59 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-10 05:51:56 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:51:56 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:35:49 ----D---- C:\ProgramData\ATI
2013-10-09 14:35:48 ----D---- C:\Program Files (x86)\AMD AVT

======List of files/folders modified in the last 1 month======

2013-11-08 16:09:12 ----D---- C:\Windows\Prefetch
2013-11-08 16:09:10 ----D---- C:\Windows\Temp
2013-11-08 16:09:06 ----RD---- C:\Program Files
2013-11-08 15:55:27 ----D---- C:\Windows\system32\config
2013-11-08 15:10:13 ----D---- C:\Users\HELLERcz\AppData\Roaming\Skype
2013-11-08 00:31:20 ----SHD---- C:\System Volume Information
2013-11-07 20:40:16 ----D---- C:\Windows\Logs
2013-11-07 20:40:16 ----D---- C:\Windows\inf
2013-11-07 20:40:16 ----D---- C:\Windows
2013-11-07 20:40:16 ----D---- C:\Users\HELLERcz\AppData\Roaming\Winamp
2013-11-07 20:40:16 ----D---- C:\Users\HELLERcz\AppData\Roaming\DAEMON Tools Lite
2013-11-07 20:32:00 ----HD---- C:\ProgramData
2013-11-07 20:32:00 ----D---- C:\ProgramData\Origin
2013-11-07 20:31:42 ----RD---- C:\Program Files (x86)
2013-11-07 18:10:09 ----SHD---- C:\Windows\Installer
2013-11-07 18:10:09 ----SHD---- C:\Config.Msi
2013-11-07 18:10:09 ----D---- C:\ProgramData\Skype
2013-11-07 18:10:08 ----RD---- C:\Program Files (x86)\Skype
2013-11-07 16:26:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 15:59:04 ----RSD---- C:\Windows\assembly
2013-11-07 15:56:46 ----D---- C:\Windows\System32
2013-11-07 15:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-05 07:07:44 ----D---- C:\Windows\Microsoft.NET
2013-11-05 06:50:09 ----D---- C:\ProgramData\Microsoft Help
2013-11-04 14:10:33 ----D---- C:\Windows\winsxs
2013-11-04 14:10:19 ----D---- C:\Windows\system32\catroot2
2013-11-04 14:10:19 ----D---- C:\Windows\system32\catroot
2013-10-18 21:33:49 ----D---- C:\Program Files (x86)\Common Files
2013-10-18 21:33:48 ----D---- C:\Windows\SysWOW64
2013-10-18 21:33:44 ----D---- C:\Program Files (x86)\Java
2013-10-14 22:55:14 ----SD---- C:\Users\HELLERcz\AppData\Roaming\Microsoft
2013-10-12 23:42:01 ----D---- C:\Windows\Panther
2013-10-12 23:42:01 ----D---- C:\Windows\debug
2013-10-12 23:37:42 ----SD---- C:\ProgramData\Microsoft
2013-10-10 13:25:53 ----D---- C:\Windows\rescache
2013-10-10 12:47:37 ----D---- C:\Windows\system32\drivers
2013-10-10 12:47:37 ----D---- C:\Windows\AppPatch
2013-10-10 12:47:37 ----D---- C:\Program Files\Internet Explorer
2013-10-10 12:47:37 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-10 12:47:36 ----D---- C:\Windows\system32\DriverStore
2013-10-10 06:04:09 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-10 05:56:27 ----D---- C:\Windows\system32\MRT
2013-10-10 05:55:30 ----A---- C:\Windows\system32\MRT.exe
2013-10-10 05:53:59 ----D---- C:\Windows\system32\cs-CZ
2013-10-09 15:00:56 ----D---- C:\AMD
2013-10-09 14:45:32 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-10-09 14:35:48 ----D---- C:\ProgramData\AMD
2013-10-09 14:35:11 ----D---- C:\Program Files\ATI Technologies
2013-10-09 14:33:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-10-09 14:32:03 ----D---- C:\Windows\SYSWOW64\en-US
2013-10-09 14:32:03 ----D---- C:\Windows\system32\en-US
2013-10-09 01:16:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-19 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-03-12 314016]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 189208]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-03-12 43680]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2012-05-29 28320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-09-26 12760576]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-09-26 619008]
R3 busenum;SteelBusSvc; C:\Windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
R3 cmudaxp;ASUS Xonar DX Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-19 14745600]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
R3 SAlphamHid;SteelHIDSvc; C:\Windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv64.sys [2009-12-08 512512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-08-01 38632]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]
S3 XFDriver64;XFDriver64; \??\C:\Program Files\Xfire2\XFDriver64.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-09-26 239616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2012-05-18 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-03 76888]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2012-05-18 2785280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 50921648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-24 541608]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 08 lis 2013 16:38

Pockam jeste na vysledek MBAM

Jen se zeptam, na ten ESET mate radne zakoupenou licenci

Simisek · #5 Příspěvek od **Simisek** » 08 lis 2013 17:11

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721

8.11.2013 16:29:04
MBAM-log-2013-11-08 (17-09-51).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 465282
Uplynulý čas: 33 minut, 52 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 20
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-1984557484-1077928997-3746556699-1000\$R0ODMFZ\Xilisoft\Patch\Patch.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-1984557484-1077928997-3746556699-1000\$RG4FCZL\CWDVDP_CORE_Double_Trouble\CORE10k.EXE (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-1984557484-1077928997-3746556699-1000\$RG4FCZL\CWDVDP_CORE_Double_Trouble\keygen.exe (Trojan.Dropper.PGen) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-1984557484-1077928997-3746556699-1000\$RSWVLZN\FlashFXP 3.8 (3.7.6 Build 1305)\KeyGen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-1984557484-1077928997-3746556699-1000\$RUWUQ9C\MiNOD\bdl3961.exe (Riskware.KG) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-2265874009-1888578754-274400177-1000\$R5OMELV.EXE (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-2604516497-397738077-677240245-1000\$RNTT2S4\Universal Patch v2.2-XXXXX\universal.dvdfab.platinum.5-patch.2.2.exe (Trojan.Patcher) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-2604516497-397738077-677240245-1000\$RRSY7TR\3Dmark 2006\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-2604516497-397738077-677240245-1000\$RRSY7TR\3Dmark 2006\3D Mark 06\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\$RECYCLE.BIN\S-1-5-21-2604516497-397738077-677240245-1000\$RXG2AM0\DFX Audio Enhancer v9.103 CrYs18 www.dl4all.com\Keygen.exe (Trojan.Dropper.PGen) -> Nebyla provedena žádná instrukce.
E:\Hry_download\Live for Speed S2\_zvuky aut\Engine_Sound.exe (PUP.Optional.4Shared) -> Nebyla provedena žádná instrukce.
E:\Programy_download\ACDsee\ACDSee.Photo.Manager.12.0.344\keygen.exe (Trojan.Dropper.PGen) -> Nebyla provedena žádná instrukce.
E:\Programy_download\ESET\Eset Smart Security 7 & ESET NOD32 Antivirus 7 CZ\2) (B) Aktivace přes TNODUP & MiNODLogin\Instalace Programu.exe (Riskware.KG) -> Nebyla provedena žádná instrukce.
E:\Programy_download\Photoshop CZ\CS5 2011\Adobe.Photoshop.CS5.Extended.v12.0.Keymaker-EMBRACE.exe (Malware.Gen) -> Nebyla provedena žádná instrukce.
E:\Programy_download\Photoshop CZ\CS6 2012 CZ\amtlib.dll\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
E:\Programy_download\Photoshop CZ\CS6 2012 CZ\amtlib.dll\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
E:\Programy_download\TopStyle4\TopStyle v4.0.0.81\Patch\Patch.exe (RiskWare.Tool.HCK) -> Nebyla provedena žádná instrukce.
E:\Programy_download\winRAR\WINRAR_3.93_PRO_Fully_Activated_Latest\WINRAR_3.93_PRO_Fully_Activated_Latest\Winrar3.93.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Programy_download\Zvuky_uprava\Keygen.exe (PUP.Riskware.Keygen) -> Nebyla provedena žádná instrukce.

(konec)

Simisek · #6 Příspěvek od **Simisek** » 08 lis 2013 17:12

Doufám, že se nebudete moc zlobit, když napíšu, že nemám.

#7 Příspěvek od **vyosek** » 08 lis 2013 17:27

Vidim ze autorska prava moc neresite

Ja se zlobit nebudu, me je to nejak jedno co tam mate, me na dvere pripadne klepat nebudou

Dle pravidel fora se vsak PC s nelegalnim bezpecnostnim SW nezabyvame. Hodlate nejak bezpecnostni SW (antivir) zmenit na nejakou bezplatnou verzi??

Simisek · #8 Příspěvek od **Simisek** » 08 lis 2013 17:31

Hned po neděli mám v plánu reinstalace windowsů, provedu i instalaci bezplatné verze antiviru.
Za ty problémy mi to nestojí.

Jen mě zajímalo, zda můžu do pondělka na tom počítači pracovat, aniž by se něco extra nestalo.

#9 Příspěvek od **vyosek** » 08 lis 2013 20:11

Pak teda nevim proc to pracne budem opravovat, kdyz to chcete reinstalovat

VIRY.CZ

Prosím o pomoc

Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc