Trojan Horse Generic

Zpráva

Maroš · #1 Příspěvek od **Maroš** » 20 zář 2014 09:05

Prosím o kontrolu logu. AVG nalezl MalSign.Generic.6A8
PC pomalé.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ga&Sa at 2014-09-20 10:01:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 94 GB (31%) free of 305 GB
Total RAM: 2047 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:26, on 20.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Ga&Sa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe"
O4 - HKLM\..\Run: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9005 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-9344-c53458082d26 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 22604128
\??\C:\Windows\system32\conhost.exe "2091474804-321022294947142224-272770872245616714-2069186906979532215-559702731
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Ralink\Common\RaRegistry.exe"
"C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2760
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
ctfmon.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2888
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.avgthreatlabs.com/virus-and- ... MwOWIuZXhl"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2600.0.393893551\936897505" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17 --gpu-vendor-id=0x1002 --gpu-device-id=0x9588 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.7000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2600.1.989898159\454644562" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2600.5.305293092\1588466842" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2600.9.937123117\1696186417" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\Ga&Sa\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Ga&Sa\AppData\Roaming\Mozilla\Firefox\Profiles\i3bbclh9.default

prefs.js - "browser.startup.homepage" - "www.google.com"
prefs.js - "keyword.URL" - "https://www.google.com/search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Users\Ga&Sa\AppData\Roaming\Mozilla\Firefox\Profiles\i3bbclh9.default\searchplugins\
Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-08 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-08 211368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-07-19 2780776]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01 13662936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker]
C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe [2013-08-25 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\386EB9~1.130\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ga&Sa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"UVCSti"=C:\Program Files (x86)\UVC Video Camera\UVCSti.exe [2010-03-25 245760]
"RunUVC"=C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe [2010-06-18 7548928]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2014-09-05 3593744]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bjmyprt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickstart.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbase.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scalc.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdraw.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\simpress.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smath.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soffice.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swriter.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uvctray.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\videocap.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-09-19 22:54:34 ----N---- C:\bootsqm.dat
2014-09-19 14:47:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-13 15:27:19 ----D---- C:\Users\Ga&Sa\AppData\Roaming\TS3Client
2014-09-13 15:26:28 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2014-09-10 19:08:11 ----D---- C:\Program Files\CCleaner
2014-09-10 19:02:44 ----D---- C:\Users\Ga&Sa\AppData\Roaming\RHEng
2014-09-10 19:01:54 ----D---- C:\Users\Ga&Sa\AppData\Roaming\rmi
2014-09-10 19:01:16 ----A---- C:\Windows\system32\ieui.dll
2014-09-10 19:01:15 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-09-10 19:01:13 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-09-10 19:01:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-09-10 19:01:13 ----A---- C:\Windows\system32\iernonce.dll
2014-09-10 19:01:12 ----A---- C:\Windows\system32\jscript9diag.dll
2014-09-10 19:01:12 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 19:01:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-09-10 19:01:11 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-09-10 19:01:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-09-10 19:01:11 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-09-10 19:01:11 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-09-10 19:01:11 ----A---- C:\Windows\system32\vbscript.dll
2014-09-10 19:01:11 ----A---- C:\Windows\system32\ieUnatt.exe
2014-09-10 19:01:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 19:01:11 ----A---- C:\Windows\system32\dxtrans.dll
2014-09-10 19:01:11 ----A---- C:\Windows\system32\dxtmsft.dll
2014-09-10 19:01:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-09-10 19:01:10 ----A---- C:\Windows\system32\msrating.dll
2014-09-10 19:01:10 ----A---- C:\Windows\system32\mshtmled.dll
2014-09-10 19:01:09 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-09-10 19:01:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-09-10 19:01:09 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-09-10 19:01:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-09-10 19:01:09 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-09-10 19:01:09 ----A---- C:\Windows\system32\msfeeds.dll
2014-09-10 19:01:09 ----A---- C:\Windows\system32\jsproxy.dll
2014-09-10 19:01:09 ----A---- C:\Windows\system32\iesetup.dll
2014-09-10 19:01:09 ----A---- C:\Windows\system32\iedkcs32.dll
2014-09-10 19:01:09 ----A---- C:\Windows\system32\ie4uinit.exe
2014-09-10 19:01:08 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-09-10 19:01:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-09-10 19:01:06 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-09-10 19:01:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-09-10 19:01:06 ----A---- C:\Windows\system32\mshtml.dll
2014-09-10 19:01:05 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-09-10 19:01:05 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-09-10 19:01:05 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-09-10 19:01:05 ----A---- C:\Windows\system32\ieapfltr.dll
2014-09-10 19:01:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 19:01:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-09-10 19:01:02 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-09-10 19:01:01 ----A---- C:\Windows\system32\wininet.dll
2014-09-10 19:01:01 ----A---- C:\Windows\system32\iertutil.dll
2014-09-10 19:01:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-09-10 19:00:59 ----A---- C:\Windows\system32\jscript9.dll
2014-09-10 19:00:58 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-09-10 19:00:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-09-10 19:00:57 ----A---- C:\Windows\system32\urlmon.dll
2014-09-10 19:00:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-09-10 19:00:49 ----A---- C:\Windows\system32\ieframe.dll
2014-09-10 19:00:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-09-10 18:21:24 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 18:21:23 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-09-10 17:59:44 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-09-10 17:59:43 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-09-10 17:59:25 ----A---- C:\Windows\system32\d3d10warp.dll
2014-09-10 17:59:24 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-09-10 17:59:06 ----A---- C:\Windows\system32\kerberos.dll
2014-09-10 17:59:05 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-09-10 17:59:05 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-09-10 17:59:05 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-09-10 17:59:05 ----A---- C:\Windows\system32\lsasrv.dll
2014-09-10 17:58:57 ----A---- C:\Windows\system32\aepdu.dll
2014-09-10 17:58:56 ----A---- C:\Windows\system32\aeinv.dll
2014-09-10 17:54:05 ----D---- C:\Users\Ga&Sa\AppData\Roaming\AVG2015
2014-09-10 17:47:12 ----HD---- C:\$AVG
2014-09-10 17:47:11 ----D---- C:\ProgramData\AVG2015
2014-08-28 14:28:30 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 14:28:29 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-28 14:28:29 ----A---- C:\Windows\system32\gdi32.dll
2014-08-24 11:10:50 ----A---- C:\Windows\system32\wups2.dll
2014-08-24 11:10:50 ----A---- C:\Windows\system32\wucltux.dll
2014-08-24 11:10:50 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-24 11:10:49 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-24 11:10:28 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-24 11:10:28 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-24 11:10:28 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-24 11:10:28 ----A---- C:\Windows\system32\wups.dll
2014-08-24 11:10:28 ----A---- C:\Windows\system32\wudriver.dll
2014-08-24 11:10:28 ----A---- C:\Windows\system32\wuapi.dll
2014-08-24 11:10:07 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-24 11:10:07 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-24 11:10:06 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-24 11:10:06 ----A---- C:\Windows\system32\wuapp.exe
2014-08-22 12:54:30 ----D---- C:\ProgramData\Ralink
2014-08-22 12:53:11 ----A---- C:\Windows\system32\ssleay32.dll
2014-08-22 12:53:11 ----A---- C:\Windows\system32\libeay32.dll
2014-08-22 12:52:08 ----A---- C:\Windows\SYSWOW64\RaCoInst.dat
2014-08-22 12:52:08 ----A---- C:\Windows\system32\RaCoInst.dat
2014-08-22 12:52:08 ----A---- C:\Windows\system32\drivers\netr28ux.sys
2014-08-22 12:52:06 ----D---- C:\ProgramData\Ralink Driver
2014-08-22 12:52:06 ----A---- C:\Windows\system32\RaCoInstx.dll
2014-08-22 12:51:31 ----D---- C:\Program Files (x86)\Cisco
2014-08-22 12:50:43 ----D---- C:\Windows\system32\RaLanguages
2014-08-22 12:50:43 ----A---- C:\Windows\SYSWOW64\RAIHV.dll
2014-08-22 12:50:43 ----A---- C:\Windows\SYSWOW64\RAEXTUI.dll
2014-08-22 12:50:43 ----A---- C:\Windows\SYSWOW64\RaCertMgr.dll
2014-08-22 12:50:43 ----A---- C:\Windows\SYSWOW64\DiagFunc.ini
2014-08-22 12:50:43 ----A---- C:\Windows\system32\RAIHV.dll
2014-08-22 12:50:43 ----A---- C:\Windows\system32\RAEXTUI.dll
2014-08-22 12:50:43 ----A---- C:\Windows\system32\RaCertMgr.dll
2014-08-22 12:50:43 ----A---- C:\Windows\system32\DiagFunc.ini
2014-08-22 12:50:43 ----A---- C:\Windows\system32\DiagFunc.dll
2014-08-22 12:50:40 ----A---- C:\Windows\SYSWOW64\DiagFunc.dll
2014-08-22 12:50:32 ----D---- C:\Program Files (x86)\Ralink
2014-08-22 09:32:24 ----A---- C:\Windows\SYSWOW64\drivers\bcmwl5.sys
2014-08-22 09:32:21 ----D---- C:\Program Files (x86)\Broadcom

======List of files/folders modified in the last 1 month======

2014-09-20 10:01:23 ----D---- C:\Program Files\trend micro
2014-09-20 09:57:18 ----D---- C:\Windows\Temp
2014-09-20 09:22:41 ----D---- C:\Users\Ga&Sa\AppData\Roaming\Skype
2014-09-20 09:02:59 ----D---- C:\Windows\system32\config
2014-09-20 08:54:46 ----D---- C:\ProgramData\MFAData
2014-09-20 08:52:56 ----D---- C:\Windows\Prefetch
2014-09-20 08:30:50 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 08:30:48 ----RD---- C:\Program Files (x86)
2014-09-20 08:22:18 ----SHD---- C:\Windows\Installer
2014-09-20 08:22:18 ----D---- C:\ProgramData\Skype
2014-09-20 08:22:12 ----RD---- C:\Program Files (x86)\Skype
2014-09-20 08:22:12 ----D---- C:\Program Files (x86)\Common Files
2014-09-20 08:11:10 ----SHD---- C:\Boot
2014-09-20 08:11:08 ----D---- C:\Windows
2014-09-19 20:33:50 ----D---- C:\Users\Ga&Sa\AppData\Roaming\Spotify
2014-09-19 20:21:56 ----D---- C:\Windows\Minidump
2014-09-19 14:28:45 ----D---- C:\Windows\system32\Tasks
2014-09-18 20:18:36 ----D---- C:\Windows\System32
2014-09-18 20:18:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-18 20:18:35 ----D---- C:\Windows\inf
2014-09-18 18:54:01 ----D---- C:\Windows\SysWOW64
2014-09-18 18:36:30 ----HD---- C:\ProgramData
2014-09-18 18:36:07 ----D---- C:\Windows\Tasks
2014-09-13 17:12:09 ----D---- C:\Users\Ga&Sa\AppData\Roaming\.minecraft
2014-09-13 12:37:11 ----D---- C:\Windows\Microsoft.NET
2014-09-13 10:59:43 ----RSD---- C:\Windows\assembly
2014-09-12 21:16:31 ----D---- C:\Users\Ga&Sa\AppData\Roaming\PhotoScape
2014-09-11 22:13:09 ----D---- C:\ProgramData\Origin
2014-09-11 19:24:32 ----D---- C:\Program Files (x86)\Origin
2014-09-11 19:14:58 ----D---- C:\Windows\winsxs
2014-09-10 21:37:08 ----D---- C:\Program Files\Internet Explorer
2014-09-10 21:37:07 ----D---- C:\Windows\SYSWOW64\en-US
2014-09-10 21:37:04 ----D---- C:\Windows\system32\en-US
2014-09-10 21:37:02 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-10 21:14:02 ----D---- C:\Windows.old
2014-09-10 19:46:58 ----D---- C:\Program Files (x86)\Assassins Creed IV Black Flag
2014-09-10 19:19:07 ----D---- C:\Windows\pss
2014-09-10 19:13:40 ----D---- C:\Users\Ga&Sa\AppData\Roaming\DAEMON Tools Lite
2014-09-10 19:11:55 ----D---- C:\Windows\Panther
2014-09-10 19:11:54 ----D---- C:\Windows\Logs
2014-09-10 19:11:54 ----D---- C:\Windows\debug
2014-09-10 19:08:11 ----D---- C:\Program Files
2014-09-10 19:03:02 ----D---- C:\Windows\system32\catroot
2014-09-10 19:03:01 ----D---- C:\Windows\system32\catroot2
2014-09-10 18:51:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-09-10 18:44:45 ----D---- C:\Windows\system32\MRT
2014-09-10 18:32:54 ----SHD---- C:\System Volume Information
2014-09-10 18:27:36 ----A---- C:\Windows\system32\MRT.exe
2014-09-10 18:20:40 ----SD---- C:\Windows\system32\CompatTel
2014-09-10 17:50:45 ----D---- C:\Windows\system32\drivers
2014-09-10 17:44:19 ----D---- C:\Program Files (x86)\AVG
2014-09-10 17:27:42 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-10 17:25:18 ----D---- C:\Users\Ga&Sa\AppData\Roaming\Dropbox
2014-09-10 17:25:10 ----D---- C:\Users\Ga&Sa\AppData\Roaming\DropboxMaster
2014-09-10 17:19:46 ----D---- C:\Users\Ga&Sa\AppData\Roaming\AVAST Software
2014-09-10 17:19:44 ----D---- C:\Program Files\AVAST Software
2014-08-25 08:34:38 ----D---- C:\Program Files (x86)\Origin Games
2014-08-25 08:32:44 ----D---- C:\ProgramData\EA Logs
2014-08-25 08:28:57 ----D---- C:\Program Files (x86)\Ubisoft
2014-08-25 08:27:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-08-25 08:27:30 ----D---- C:\Users\Ga&Sa\AppData\Roaming\Ubisoft
2014-08-25 08:18:19 ----A---- C:\Windows\SIERRA.INI
2014-08-25 08:12:18 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-25 08:12:18 ----D---- C:\Windows\system32\cs-CZ
2014-08-22 12:52:36 ----D---- C:\Windows\system32\DriverStore
2014-08-22 12:52:09 ----D---- C:\Windows\SYSWOW64\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-18 190744]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-07-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-08-06 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-06 381440]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2000-01-01 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2000-01-01 26776]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-07-24 247576]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-08-20 243480]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-07-02 270616]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-06 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-07-21 29208]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 359936]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetn62a.sys [2011-04-25 57968]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 3707864]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2013-09-06 2273072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 a9t0h7bw;a9t0h7bw; C:\Windows\system32\drivers\a9t0h7bw.sys []
S3 AtiDCM;AtiDCM; \??\C:\Users\Ga [2013-05-16 2589256]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-01-22 21712]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 57840]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 687136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS []
S3 TVICHW64;TVICHW64; \??\C:\Windows\SysWOW64\Drivers\TVICHW64.SYS [2007-03-12 21200]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 238080]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-09-05 3364368]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-09-05 293448]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-05-31 75136]
R2 RalinkRegistryWriter;RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2013-06-26 391472]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2013-06-26 452912]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-12-10 2409272]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-28 116648]
S2 RaMediaServer;Ralink UPnP Media Server; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-07-06 1863680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-28 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-19 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 20 zář 2014 10:15

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

Maroš · #3 Příspěvek od **Maroš** » 23 zář 2014 10:06

je zde:

# AdwCleaner v3.310 - Report created 23/09/2014 at 10:54:07
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ga&Sa - PC-POKOJ
# Running from : C:\Users\Ga&Sa\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Ga&Sa\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Ga&Sa\AppData\Local\genienext
Folder Deleted : C:\Users\Ga&Sa\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Ga&Sa\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Ga&Sa\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Ga&Sa\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Ga&Sa\daemonprocess.txt
File Deleted : C:\Users\Ga&Sa\AppData\Roaming\Mozilla\Firefox\Profiles\i3bbclh9.default\invalidprefs.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.2 (x86 cs)

[ File : C:\Users\Ga&Sa\AppData\Roaming\Mozilla\Firefox\Profiles\i3bbclh9.default\prefs.js ]

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Ga&Sa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5081 octets] - [27/04/2014 13:50:04]
AdwCleaner[R1].txt - [2463 octets] - [23/09/2014 10:34:13]
AdwCleaner[S0].txt - [4703 octets] - [27/04/2014 13:51:17]
AdwCleaner[S1].txt - [2327 octets] - [23/09/2014 10:54:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2387 octets] ##########

#4 Příspěvek od **Rudy** » 23 zář 2014 18:25

Dejte nový log RSIT.

VIRY.CZ

Trojan Horse Generic

Trojan Horse Generic

Re: Trojan Horse Generic

Re: Trojan Horse Generic

Re: Trojan Horse Generic