VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

https://forum.viry.cz:443/viewtopic.php?t=141134

Stránka 1 z 4

Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 01:57
od navajo
Dnes jsem svou neopatrností spustil exe s nějakym hackem.Vše jsem zakázal po spuštění než se chtěl restartovat.všechny programy dnes nainstalované jsem odinstaloval.search and destroy nemůže odstranit jeden soubor,že nejsem administrátor(momentálně ho už nenašel,jmenoval se myslím "adware PUPS C". pc hazí v seznamu vyskakovací okna,ale prázdná a průhledná a trošku zadrhává,ale to je asi těmi vyskakujícími okny.Děkuji za pomoc!!!


Logfile of random's system information tool 1.10 (written by random/random)
Run by Startrek Galaxy at 2014-11-07 01:34:00
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 167 GB (35%) free of 477 GB
Total RAM: 4094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:34:47, on 7.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Startrek Galaxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5649 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"c:\Program Files\Microsoft Security Client\NisSrv.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3524.0.2114060695\8418562" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16,44 --gpu-vendor-id=0x10de --gpu-device-id=0x05e2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1422 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/PP_Ethersuggest_A2_Stable_R8/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_21/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="3524.4.1112330297\1993846792" /prefetch:673131151
"C:\Users\Startrek Galaxy\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AOZWMIG.job - C:\Users\Startrek Galaxy\AppData\Roaming\AOZWMIG.exe /infocmdline=C0pFkZZzAOPLhBkJYSKrzI038sSMgkf0c1YfAVun0548wBgGaWU13xNA+BMluPfzW+C9HHIpEDF1x6JJ6sLXRJ9+1PzS+qEgwKVRGw+H+xxYLsb49TPbnSIuhL64pYyTjKKi+qf9i5msTmqxVfWe2+WJEai91juuLq520E+Go/ozMz6HpVTVpdVB/IuSaB2rhz5uwUMNmNHgk2IUNOIqWmrItaV5hTO7ybrF5enFs/yzcwdYFjRV+ET0bltlw+jdYXRgvvjprECZXBas7A7C/Z0DxDdT4HzzPrY+y0urfIIdCXd74ctMZNYTR8JoTDu2EAFZ/8kEhYURcpCstEnXHhtAokNw5PyLRS6aW7gP4xZrLr6EAOqrJYrefykfJPPGx+tA1XJ4ZTvahQBoAjWcIMu44B1JgeYzOrpAJruLIU6whkZyPVDIKeuwVxCqRNGNAMQGBr2SbuEh5ma/YI7ohvIiQ2bgZtVplzAyfOTOAgSRtShgcEfIRtWJS26RMZj+qA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\SNYCHJ.job - C:\Users\Startrek Galaxy\AppData\Roaming\SNYCHJ.exe /infocmdline=F0DSJaIEPipz89pT9spURgDis/uTxDWFoVgjPn+sIYKCdnHuylUY9mHDa0eXvu3OXZIsDj19GSTIZxClfz5PqitkFQpfH4yIntotKM4npv7bmgofrMAwMwEWczEKhfnymjuW0/nIW8gGOyh8ZdwDhQqGa6c4PByvMbQZt77DGykXhaxXsdGNoE6F2snwWq0kTSePCRuX+g4VrKgSH+0LYE0EcSnjspaxjNiOY7qe//aWOo9bpXVxebQsbVgTogtcqqrvpM9lYeggNsIkYoaiKJWyLIijHYPC8Z2nPR2XehG28kXiaI1C8iXuGkIcHcK5I7Qf3HrrOcKzRsVJbx+yTqNSXg+XRe/iFCYZm9liloI7qAnMH3j12ahZKbXfAeusD97GB0k76NqCqlNpPJUeuvYuAV9xMjcZspJqmA42p9MThmOGmU9dL9vxvgzGCegqK4bRuvL8qgJcADl90DYHKjBzF48ZokRwP/Lr9delosCazI5WwuTsi2+tOaI1ij8P

=========Mozilla firefox=========

ProfilePath - C:\Users\Startrek Galaxy\AppData\Roaming\Mozilla\Firefox\Profiles\z1pfgwdy.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.189 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.118.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.96.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00]
"Description"=Plug-in to check PlayStation(R)Network Downloader.
"Path"=C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.189 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\components\
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npDivxPlayerPlugin.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class

C:\Users\Startrek Galaxy\AppData\Roaming\Mozilla\Firefox\Profiles\z1pfgwdy.default\extensions\
0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com
2020Player_IKEA@2020Technologies.com
sepherdwilbur@aol.com

C:\Users\Startrek Galaxy\AppData\Roaming\Mozilla\Firefox\Profiles\z1pfgwdy.default\searchplugins\
daemon-search.xml
mapycz.xml
multisharecz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12 6308736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12 4532096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2010-08-20 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Startrek Galaxy\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Startrek Galaxy\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2014-02-22 3598680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:7282ca85fea33c5ea870f58a7885de58]
C:\Users\STARTR~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Startrek Galaxy\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-09-01 468192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-11-09 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"vidc.XVID"=xvidvfw.dll
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-07 01:34:00 ----D---- C:\rsit
2014-11-07 01:34:00 ----D---- C:\Program Files\trend micro
2014-11-06 15:08:50 ----A---- C:\Users\Startrek Galaxy\AppData\Roaming\SNYCHJ.exe
2014-11-06 15:08:17 ----A---- C:\Users\Startrek Galaxy\AppData\Roaming\AOZWMIG.exe
2014-11-06 15:08:04 ----D---- C:\Program Files (x86)\globalUpdate
2014-11-06 15:07:24 ----D---- C:\Program Files (x86)\Seznam.cz
2014-11-06 15:07:16 ----D---- C:\Users\Startrek Galaxy\AppData\Roaming\Seznam.cz
2014-10-21 09:39:26 ----D---- C:\Program Files (x86)\Google
2014-10-15 15:16:09 ----A---- C:\Windows\system32\win32k.sys
2014-10-15 15:16:06 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-15 15:16:06 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-15 15:16:06 ----A---- C:\Windows\system32\mscorier.dll
2014-10-15 15:16:06 ----A---- C:\Windows\system32\dfshim.dll
2014-10-15 15:16:05 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-15 15:16:05 ----A---- C:\Windows\system32\mscories.dll
2014-10-15 15:15:46 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2014-10-15 15:15:46 ----A---- C:\Windows\system32\blackbox.dll
2014-10-15 15:15:45 ----A---- C:\Windows\system32\drmv2clt.dll
2014-10-15 15:15:44 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2014-10-15 15:15:42 ----A---- C:\Windows\system32\wmp.dll
2014-10-15 15:15:40 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 15:15:40 ----A---- C:\Windows\system32\wmdrmsdk.dll
2014-10-15 15:15:40 ----A---- C:\Windows\system32\mf.dll
2014-10-15 15:15:39 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-15 15:15:39 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-10-15 15:15:36 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-10-15 15:15:36 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2014-10-15 15:15:36 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 15:15:36 ----A---- C:\Windows\system32\drmmgrtn.dll
2014-10-15 15:15:36 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-10-15 15:15:36 ----A---- C:\Windows\system32\ci.dll
2014-10-15 15:15:35 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-10-15 15:15:35 ----A---- C:\Windows\system32\wintrust.dll
2014-10-15 15:15:35 ----A---- C:\Windows\system32\winresume.exe
2014-10-15 15:15:35 ----A---- C:\Windows\system32\winload.exe
2014-10-15 15:15:35 ----A---- C:\Windows\system32\quartz.dll
2014-10-15 15:15:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-15 15:15:35 ----A---- C:\Windows\system32\cryptsvc.dll
2014-10-15 15:15:35 ----A---- C:\Windows\system32\AudioEng.dll
2014-10-15 15:15:34 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 15:15:34 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-10-15 15:15:34 ----A---- C:\Windows\system32\evr.dll
2014-10-15 15:15:34 ----A---- C:\Windows\system32\EncDump.dll
2014-10-15 15:15:34 ----A---- C:\Windows\system32\crypt32.dll
2014-10-15 15:15:34 ----A---- C:\Windows\system32\AudioSes.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\evr.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2014-10-15 15:15:33 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-10-15 15:15:33 ----A---- C:\Windows\system32\srcore.dll
2014-10-15 15:15:33 ----A---- C:\Windows\system32\pcasvc.dll
2014-10-15 15:15:33 ----A---- C:\Windows\system32\mfplat.dll
2014-10-15 15:15:33 ----A---- C:\Windows\system32\cryptui.dll
2014-10-15 15:15:33 ----A---- C:\Windows\system32\audiosrv.dll
2014-10-15 15:15:32 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2014-10-15 15:15:32 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-10-15 15:15:32 ----A---- C:\Windows\system32\msscp.dll
2014-10-15 15:15:32 ----A---- C:\Windows\system32\cryptsp.dll
2014-10-15 15:15:31 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-10-15 15:15:31 ----A---- C:\Windows\SYSWOW64\msscp.dll
2014-10-15 15:15:31 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2014-10-15 15:15:31 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-10-15 15:15:31 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2014-10-15 15:15:31 ----A---- C:\Windows\system32\rstrui.exe
2014-10-15 15:15:31 ----A---- C:\Windows\system32\rrinstaller.exe
2014-10-15 15:15:31 ----A---- C:\Windows\system32\msnetobj.dll
2014-10-15 15:15:31 ----A---- C:\Windows\system32\mfps.dll
2014-10-15 15:15:31 ----A---- C:\Windows\system32\drivers\appid.sys
2014-10-15 15:15:31 ----A---- C:\Windows\system32\audiodg.exe
2014-10-15 15:15:31 ----A---- C:\Windows\system32\appidsvc.dll
2014-10-15 15:15:31 ----A---- C:\Windows\system32\appidapi.dll
2014-10-15 15:15:30 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-10-15 15:15:30 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-10-15 15:15:30 ----A---- C:\Windows\system32\srclient.dll
2014-10-15 15:15:30 ----A---- C:\Windows\system32\spwmp.dll
2014-10-15 15:15:30 ----A---- C:\Windows\system32\setbcdlocale.dll
2014-10-15 15:15:30 ----A---- C:\Windows\system32\mfpmp.exe
2014-10-15 15:15:30 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 15:15:30 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 15:15:29 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-15 15:15:29 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2014-10-15 15:15:29 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-10-15 15:15:29 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2014-10-15 15:15:29 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-15 15:15:29 ----A---- C:\Windows\system32\mferror.dll
2014-10-15 15:15:29 ----A---- C:\Windows\system32\dxmasf.dll
2014-10-15 15:15:19 ----A---- C:\Windows\system32\generaltel.dll
2014-10-15 15:15:19 ----A---- C:\Windows\system32\aepdu.dll
2014-10-15 15:15:18 ----A---- C:\Windows\system32\aeinv.dll
2014-10-15 15:15:17 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-15 15:15:17 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-15 15:15:17 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-15 15:15:17 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 15:15:16 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-15 15:15:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-15 15:15:16 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:15:16 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-15 15:15:16 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-15 15:15:16 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:15:16 ----A---- C:\Windows\system32\iernonce.dll
2014-10-15 15:15:16 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-15 15:15:16 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-15 15:15:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-15 15:15:14 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-15 15:15:14 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-15 15:15:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-15 15:15:14 ----A---- C:\Windows\system32\urlmon.dll
2014-10-15 15:15:14 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 15:15:14 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-15 15:15:14 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-15 15:15:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-15 15:15:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-15 15:15:13 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-15 15:15:13 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-15 15:15:13 ----A---- C:\Windows\system32\iesetup.dll
2014-10-15 15:15:13 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-15 15:15:12 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 15:15:12 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-15 15:15:12 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-15 15:15:12 ----A---- C:\Windows\system32\iertutil.dll
2014-10-15 15:15:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-15 15:15:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-15 15:15:11 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-15 15:15:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-15 15:15:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-15 15:15:11 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-15 15:15:11 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-15 15:15:10 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-15 15:15:10 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-15 15:15:10 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-15 15:15:10 ----A---- C:\Windows\system32\ieui.dll
2014-10-15 15:15:10 ----A---- C:\Windows\system32\ieframe.dll
2014-10-15 15:15:09 ----A---- C:\Windows\system32\wininet.dll
2014-10-15 15:15:09 ----A---- C:\Windows\system32\vbscript.dll
2014-10-15 15:15:09 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-15 15:15:09 ----A---- C:\Windows\system32\jscript9.dll
2014-10-15 15:15:09 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-15 15:15:08 ----A---- C:\Windows\system32\msrating.dll
2014-10-15 15:15:08 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-15 15:15:07 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:15:01 ----A---- C:\Windows\system32\mshtml.dll
2014-10-15 15:14:44 ----A---- C:\Windows\system32\msi.dll
2014-10-15 15:14:43 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-15 15:14:40 ----A---- C:\Windows\system32\rastls.dll
2014-10-15 15:14:39 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-15 15:14:32 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-15 15:14:32 ----A---- C:\Windows\system32\mstscax.dll
2014-10-15 15:14:31 ----A---- C:\Windows\system32\termsrv.dll
2014-10-15 15:14:31 ----A---- C:\Windows\system32\rdpcorets.dll
2014-10-15 15:14:31 ----A---- C:\Windows\system32\mstsc.exe
2014-10-15 15:14:30 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-15 15:14:30 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-15 15:14:30 ----A---- C:\Windows\system32\winsta.dll
2014-10-15 15:14:30 ----A---- C:\Windows\system32\winlogon.exe
2014-10-15 15:14:30 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:14:30 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-15 15:14:29 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-15 15:14:29 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-15 15:14:29 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-15 15:14:29 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-15 15:14:29 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-15 15:14:29 ----A---- C:\Windows\system32\credssp.dll
2014-10-15 15:14:23 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-15 15:14:23 ----A---- C:\Windows\system32\packager.dll

======List of files/folders modified in the last 1 month======

2014-11-07 01:34:34 ----D---- C:\Windows\Temp
2014-11-07 01:34:00 ----RD---- C:\Program Files
2014-11-06 23:08:24 ----D---- C:\Windows\System32
2014-11-06 23:08:24 ----D---- C:\Windows\inf
2014-11-06 23:08:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-06 15:42:05 ----D---- C:\Windows\system32\config
2014-11-06 15:39:11 ----SHD---- C:\System Volume Information
2014-11-06 15:28:41 ----D---- C:\Windows\Tasks
2014-11-06 15:28:41 ----D---- C:\Windows\SysWOW64
2014-11-06 15:28:41 ----D---- C:\Windows\system32\Tasks
2014-11-06 15:23:44 ----RD---- C:\Program Files (x86)
2014-11-06 15:23:43 ----D---- C:\Program Files (x86)\7-Zip
2014-11-06 15:13:18 ----SHD---- C:\Windows\Installer
2014-11-06 15:10:22 ----SD---- C:\Users\Startrek Galaxy\AppData\Roaming\Microsoft
2014-11-06 15:09:27 ----D---- C:\Windows\Prefetch
2014-11-06 14:50:24 ----AD---- C:\ProgramData\TEMP
2014-11-06 12:02:50 ----D---- C:\Downloads
2014-10-30 12:25:26 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-29 20:06:10 ----D---- C:\Movie Prosinec
2014-10-26 17:02:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 16:51:07 ----D---- C:\Windows\system32\DriverStore
2014-10-25 14:53:45 ----D---- C:\Movie Listopad
2014-10-21 08:58:21 ----D---- C:\ProgramData\NVIDIA
2014-10-20 15:02:10 ----D---- C:\Windows\system32\catroot2
2014-10-17 14:03:36 ----D---- C:\Fotografie
2014-10-17 11:01:43 ----D---- C:\Windows\rescache
2014-10-16 16:46:44 ----D---- C:\Windows\Microsoft.NET
2014-10-16 14:32:07 ----RSD---- C:\Windows\assembly
2014-10-15 17:02:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-10-15 16:53:59 ----D---- C:\Windows\winsxs
2014-10-15 16:51:25 ----SD---- C:\Windows\system32\CompatTel
2014-10-15 16:51:25 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-15 16:51:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-10-15 16:51:25 ----D---- C:\Windows\system32\en-US
2014-10-15 16:51:25 ----D---- C:\Windows\system32\drivers
2014-10-15 16:51:25 ----D---- C:\Windows\system32\Dism
2014-10-15 16:51:25 ----D---- C:\Windows\system32\cs-CZ
2014-10-15 16:51:25 ----D---- C:\Windows\system32\CodeIntegrity
2014-10-15 16:51:25 ----D---- C:\Windows\system32\Boot
2014-10-15 16:51:25 ----D---- C:\Program Files\Windows Media Player
2014-10-15 16:51:25 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-15 16:51:24 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-15 16:51:24 ----D---- C:\Program Files\Internet Explorer
2014-10-15 16:51:24 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-15 16:09:41 ----D---- C:\Windows\system32\MRT
2014-10-15 16:06:49 ----A---- C:\Windows\system32\MRT.exe
2014-10-15 15:14:20 ----D---- C:\Windows\system32\catroot
2014-10-10 01:16:15 ----D---- C:\Knihy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-11 503352]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 a2hs0m8o;a2hs0m8o; C:\Windows\system32\drivers\a2hs0m8o.sys []
S3 a8beuvjv;a8beuvjv; C:\Windows\system32\drivers\a8beuvjv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-10-24 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-10-24 27760]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-03-08 76888]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-15 267440]
S4 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-06 68608]
S4 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-06 68608]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]

-----------------EOF-----------------

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:05
od altrok
Zdravim :bye:

:arrow: ano, zavirovano mate, ale musim se zeptat... jak je to s legalitou Vaseho OS? nejvyssi licence Ultimate opravdu neni casta domaci verze :shock:

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:20
od navajo
Koupil pc od bývaleho přítele mé tety,před asi 7 lety.Tak vůbec nevím jestli jsou pravé,žadný cd k tomu nemám.

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:23
od altrok
:arrow: Odinstalujte Skype Click to Call a Seznam Software

:arrow: podivame se, jak hluboko je havet zalezla...

:arrow: Ulozte na plochu OTL http://oldtimer.geekstogo.com/OTL.exe
  • kliknete pravym na ikonu OTL a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • zatrhnete moznosti Pro vsechny uzivatele, Kontrola na havet "LOP", Kontrola na havěť "Purity"
  • do okna dole (Custom Scans/Fixes) zkopirujte script, ktery je nize
  • zbytek ponechte, jak je a kliknete na Prohledat
  • vysledne logy (OTL.txt a Extras.txt) budou dlouhe, takze je rozdelte do vice prispevku (odpovedi)

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:29
od navajo
Co je prosím Seznam Software?(firefox a chrome?) takový to jak lištička co se mi dnes nainstalovalo jsem odinstaloval

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:33
od altrok
presne tak... listicka a podobne... casto byva nainstalovane s nejakym jinym softwarem a malokdo tento software instaluje zamerne

pokracujte logem z OTL

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:41
od navajo
už prohledávám,musel jsem restartovat kvůli 2 novým rozšířením ve firefoxu které tam nebyly včera.čekám na ty výsledky.Ok?

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:43
od altrok
jasne, hned mi je sem hodte, at muzem zacit lecit :)

jake nove rozsireni to mimochodem jsou? :)

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:47
od navajo
Sakriš už nejsou ani v historii,ale nějakej speed měřič rychlosti a něco jako healting bílý pole ze zeleným křížem,jsem vůl,že jsem si to neopsal.Promiň

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:48
od potomac
navajo píše:Koupil pc od bývaleho přítele mé tety,před asi 7 lety.Tak vůbec nevím jestli jsou pravé,žadný cd k tomu nemám.
Jestli můžu technickou poznámku. Windows 7 vyšli před 5 lety a pár dny :-)

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:48
od altrok
nic se nedeje... vsechno to uvidim v logu, na ktery cekam :)

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:50
od navajo
Už si to nepamatuji přesně,promiň ale určitě ti nechci lhát a zvlášť když mi pomáháš ve tři ráno.

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:56
od potomac
navajo píše:Už si to nepamatuji přesně,promiň ale určitě ti nechci lhát a zvlášť když mi pomáháš ve tři ráno.
Spusť cmd jako správce a zadej:

Kód: Vybrat vše

slmgr /dlv
Udělej screen tohoto okna a uploadni jej na net a odkaz sem vlož. Toto okno by mohlo napovědět jestli máš legální Windows nebo ne.

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 02:59
od navajo
kdybys chtěl spát dej vědět dokončíme to klidně zítra,ale já vydržím.Kde vyskočí ty výsledky?

Re: Prosím o kontrolu logu.(stáhnutý nějaký hack exe)

Napsal: 07 lis 2014 03:01
od navajo
hodilo to chybu
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz