Norton blokuje nějaky utoky

[davsa]

Dobrý den prosim pěkně o kontrolu logu poněvadž my každej den ato několikrát vyskakuje Norton že zablokoval utok (OS Attack: MS RPC LSASS DS Oversized Request TCP CVE-2003-0533)tohle vyskočí a Norton to zablokuje.Nevim jestli je to virem nebo čím ale nikdy to nedělalo až tak poslední tyden.Předem děkuji za ochotu a rady a tady je log

Logfile of random's system information tool 1.09 (written by random/random)
Run by davsa at 2012-03-28 19:29:32
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 60 GB (39%) free of 153 GB
Total RAM: 4095 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:35, on 28.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\davsa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8809 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll" /prefetch:1
atieclxx
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files\Spamihilator\spamihilator.exe"
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:1900
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b121a517-d5f9-4596-b326-9e13420a90ec -SystemEventPortName:HostProcess-a65bcba0-2427-4993-b041-1f8a5b8b57ba -IoCancelEventPortName:HostProcess-6e3efb81-8622-4e16-accc-32d3edf03d99 -NonStateChangingEventPortName:HostProcess-071beb20-2f89-4332-b0e2-71885f59f677 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d331893e-21ea-449c-a0bf-71692162dc38
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\instalačky programů\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "ietab@ip.cn:1.95.20100933, noia2_option@kk.noia:3.76, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, adblockpopups@jessehakanen.net:0.2.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76, {5b175400-2368-11de-8c30-0800200c9a66}:1.9"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\extensions\
coralietab@mozdev.org
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}

C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\searchplugins\
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2012-02-06 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll [2012-03-09 499640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL [2012-01-18 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-01-16 341888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-16 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll [2012-03-09 499640]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2012-02-06 798771]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
""= []
"NeXuS"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-23 16954496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
C:\Program files\360Amigo\360Amigo.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [2011-12-29 620376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-02-24 636032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

C:\Users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMBalloonTip"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-28 19:27:31 ----D---- C:\rsit
2012-03-28 19:27:31 ----D---- C:\Program Files\trend micro
2012-03-27 22:24:39 ----D---- C:\ProgramData\ATI
2012-03-27 22:20:32 ----D---- C:\Program Files\Common Files\ATI Technologies
2012-03-27 22:17:40 ----D---- C:\Program Files (x86)\ATI Technologies
2012-03-27 22:17:36 ----D---- C:\Program Files\ATI
2012-03-27 22:16:06 ----D---- C:\AMD
2012-03-26 22:23:35 ----D---- C:\Program Files\Babylon
2012-03-14 00:12:24 ----D---- C:\Program Files (x86)\AMD AVT
2012-03-14 00:12:21 ----D---- C:\Program Files\AMD
2012-03-14 00:12:21 ----D---- C:\Program Files (x86)\AMD
2012-03-14 00:12:18 ----D---- C:\Program Files (x86)\AMD APP
2012-03-14 00:10:06 ----D---- C:\Program Files\ATI Technologies
2012-03-13 23:52:47 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-13 23:52:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-13 23:52:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-13 23:44:38 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 23:44:36 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-13 23:44:36 ----A---- C:\Windows\system32\DWrite.dll
2012-03-13 23:44:14 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 23:44:13 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-13 23:44:13 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-13 23:44:13 ----A---- C:\Windows\system32\rdpcorets.dll
2012-03-13 23:44:13 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 23:44:13 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 23:44:12 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-13 23:44:12 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-06 23:12:38 ----D---- C:\Program Files (x86)\SopCast

======List of files/folders modified in the last 1 month======

2012-03-28 19:27:34 ----D---- C:\Windows\Prefetch
2012-03-28 19:27:31 ----RD---- C:\Program Files
2012-03-28 19:27:27 ----D---- C:\Windows\Temp
2012-03-28 19:26:59 ----D---- C:\instalačky programů
2012-03-28 19:17:44 ----D---- C:\Muzika
2012-03-28 19:15:38 ----D---- C:\Windows\System32
2012-03-28 19:15:38 ----D---- C:\Windows\inf
2012-03-28 19:15:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-28 18:52:21 ----D---- C:\Users\davsa\AppData\Roaming\Skype
2012-03-28 18:51:22 ----D---- C:\Users\davsa\AppData\Roaming\Spamihilator
2012-03-28 18:41:31 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-03-28 18:18:36 ----D---- C:\Windows
2012-03-28 18:18:33 ----SHD---- C:\System Volume Information
2012-03-28 16:24:32 ----D---- C:\Windows\system32\config
2012-03-27 22:24:39 ----HD---- C:\ProgramData
2012-03-27 22:24:39 ----D---- C:\Users\davsa\AppData\Roaming\ATI
2012-03-27 22:20:34 ----SHD---- C:\Windows\Installer
2012-03-27 22:20:32 ----D---- C:\Program Files\Common Files
2012-03-27 22:20:32 ----D---- C:\Program Files (x86)\Common Files
2012-03-27 22:18:58 ----D---- C:\Windows\system32\catroot
2012-03-27 22:18:44 ----D---- C:\Windows\SysWOW64
2012-03-27 22:18:40 ----D---- C:\Windows\system32\drivers
2012-03-27 22:18:35 ----D---- C:\Windows\system32\catroot2
2012-03-27 22:18:32 ----D---- C:\Windows\system32\DriverStore
2012-03-27 22:17:40 ----RD---- C:\Program Files (x86)
2012-03-27 22:15:09 ----D---- C:\Windows\system32\Tasks
2012-03-27 22:13:42 ----D---- C:\VueScan
2012-03-27 22:13:42 ----D---- C:\ProgramData\install_clap
2012-03-27 22:13:42 ----D---- C:\ProgramData\DriverGenius
2012-03-27 22:09:48 ----D---- C:\Windows\system32\drivers\NISx64
2012-03-27 18:24:52 ----D---- C:\Program Files (x86)\JDownloader
2012-03-27 16:13:28 ----D---- C:\Program Files\Symantec
2012-03-27 15:56:36 ----D---- C:\Downloads
2012-03-26 22:35:20 ----D---- C:\Users\davsa\AppData\Roaming\AIMP3
2012-03-26 22:23:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-24 21:25:10 ----D---- C:\Users\davsa\AppData\Roaming\Vso
2012-03-24 21:25:09 ----D---- C:\Windows\debug
2012-03-23 19:42:33 ----D---- C:\Program Files (x86)\Winstep
2012-03-22 13:17:25 ----D---- C:\Windows\system32\NDF
2012-03-14 00:12:25 ----D---- C:\ProgramData\AMD
2012-03-13 23:58:43 ----D---- C:\Windows\winsxs
2012-03-13 23:46:29 ----A---- C:\Windows\system32\MRT.exe
2012-03-13 23:46:19 ----D---- C:\ProgramData\Microsoft Help
2012-03-13 23:29:36 ----D---- C:\ProgramData\NokiaInstallerCache
2012-03-13 21:39:30 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [2012-01-18 1092728]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 AmgHips;AmgHips; \??\C:\Windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [2011-11-30 167048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-02-04 482936]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120327.002\IDSvia64.sys [2012-03-06 488568]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS [2012-01-18 738936]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS [2012-01-18 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [2012-01-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [2012-01-18 405624]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-24 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-24 327680]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-18 138360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120327.037\ENG64.SYS [2012-03-28 117880]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120327.037\EX64.SYS [2012-03-28 2048632]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-12-02 239208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11:45]; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl []
S2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 CisUtMonitor;CisUtMonitor; C:\Windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-24 235520]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe []
S4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe []
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[Roli]

Zdravím, v první řadě přes Odebrat programy odinstaluj od IObitu Advanced SystemCare


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[davsa]

Tak jsem udělal vše co jste řekl a tady je log

ComboFix 12-03-28.02 - davsa 28.03.2012 22:34:47.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2589 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\davsa\AppData\Roaming\inst.exe
c:\users\davsa\AppData\Roaming\vso_ts_preview.xml
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\sycd5.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 20:48 . 2012-03-28 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 20:18 . 2012-03-28 20:18 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-03-28 17:27 . 2012-03-28 17:29 -------- d-----w- c:\program files\trend micro
2012-03-28 17:27 . 2012-03-28 17:27 -------- d-----w- C:\rsit
2012-03-27 20:24 . 2012-03-27 20:24 -------- d-----w- c:\programdata\ATI
2012-03-27 20:22 . 2012-03-27 20:22 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-27 20:20 . 2012-03-27 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-27 20:20 . 2012-03-27 20:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-27 20:17 . 2012-03-27 20:17 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-27 20:17 . 2012-03-27 20:17 -------- d-----w- c:\program files\ATI
2012-03-27 20:16 . 2012-03-27 20:16 -------- d-----w- C:\AMD
2012-03-26 20:23 . 2012-03-12 13:27 143360 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
2012-03-26 20:23 . 2012-03-26 20:35 -------- d-----w- c:\program files\Babylon
2012-03-23 12:01 . 2012-03-27 20:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-22 21:22 . 2012-03-22 21:22 22 --sha-w- c:\users\davsa\AppData\Roaming\Sys2662.Config.Repository.bin
2012-03-14 21:16 . 2012-03-14 21:16 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 21:16 . 2012-03-14 21:16 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files\AMD
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-13 22:10 . 2012-03-27 20:23 -------- d-----w- c:\program files\ATI Technologies
2012-03-13 21:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 21:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 21:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:44 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:44 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:44 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:44 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:44 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 21:12 . 2012-03-06 21:12 -------- d-----w- c:\program files (x86)\SopCast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 14:13 . 2011-11-16 21:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-11 18:15 . 2011-11-16 23:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 17:55 . 2012-02-24 17:55 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-24 17:30 . 2012-02-24 17:30 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-24 17:22 . 2012-02-24 17:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-24 17:22 . 2012-02-24 17:22 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-24 17:20 . 2012-02-24 17:20 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-24 17:18 . 2012-02-24 17:18 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-24 17:17 . 2012-02-24 17:17 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-24 17:17 . 2012-02-24 17:17 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-24 17:16 . 2012-02-24 17:16 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-24 17:15 . 2012-02-24 17:15 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-24 17:15 . 2012-02-24 17:15 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-24 17:15 . 2012-02-24 17:15 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-24 17:12 . 2012-02-24 17:12 6266880 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-24 17:08 . 2012-02-24 17:08 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-24 16:58 . 2012-02-24 16:58 7711232 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-24 16:50 . 2012-02-24 16:50 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-24 16:50 . 2012-02-24 16:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-24 16:50 . 2012-02-24 16:50 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-24 16:44 . 2012-02-24 16:44 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-24 16:44 . 2012-02-24 16:44 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-24 16:44 . 2012-02-24 16:44 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-24 16:44 . 2012-02-24 16:44 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-24 16:43 . 2012-02-24 16:43 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-24 16:41 . 2012-02-24 16:41 5964800 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-24 16:39 . 2012-02-24 16:39 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-24 16:39 . 2012-02-24 16:39 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-24 16:33 . 2012-02-24 16:33 7560192 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-24 16:27 . 2011-10-12 19:39 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-24 16:23 . 2012-02-24 16:23 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-24 16:23 . 2012-02-24 16:23 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-24 16:22 . 2012-02-24 16:22 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-24 16:22 . 2012-02-24 16:22 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-24 16:22 . 2012-02-24 16:22 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-24 16:22 . 2012-02-24 16:22 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-24 16:21 . 2012-02-24 16:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-24 16:21 . 2012-02-24 16:21 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-24 16:21 . 2012-02-24 16:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-24 16:20 . 2012-02-24 16:20 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-24 16:20 . 2012-02-24 16:20 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-24 16:20 . 2012-02-24 16:20 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-24 16:20 . 2012-02-24 16:20 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-22 22:15 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-01-22 20:57 . 2011-12-04 20:39 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-16 19:23 . 2012-01-16 19:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-16 19:23 . 2012-01-16 19:23 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 20:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 20:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 16:02 . 2012-02-17 20:58 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-30 06:26 . 2012-02-16 20:28 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 20:28 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NeXuS"="c:\program files (x86)\Winstep\Nexus.exe" [2012-03-23 16954496]
.
c:\users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-17 2430464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [x]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120327.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-18 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Winstep\WsxService.exe
.
**************************************************************************
.
Celkový čas: 2012-03-28 23:04:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-28 21:04
.
Před spuštěním: Volných bajtů: 66 202 750 976
Po spuštění: Volných bajtů: 66 086 170 624
.
- - End Of File - - 802A329A5855B0033A953FFACB4B7D27

[davsa]

Dobrý večer chtěl jsem se zeptat jestli je to už v pořadku ale asi ne pač mi zase dneska dvakrát vyskočil Norton že zas zablokoval utok.

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\program files (x86)\Mozilla Firefox\BabyFox.dll

Folder::
c:\program files\Babylon

FireFox::
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[davsa]

Tak tady je ten log

ComboFix 12-03-28.02 - davsa 29.03.2012 22:44:31.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2536 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\davsa\Desktop\CFScript.txt.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Mozilla Firefox\BabyFox.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\BabyFox.dll
c:\program files\Babylon
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 20:57 . 2012-03-29 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 21:12 . 2012-03-28 21:12 -------- d-----w- c:\users\davsa\AppData\Local\SlimWare Utilities Inc
2012-03-28 20:18 . 2012-03-28 21:14 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-03-28 17:27 . 2012-03-28 17:29 -------- d-----w- c:\program files\trend micro
2012-03-28 17:27 . 2012-03-28 17:27 -------- d-----w- C:\rsit
2012-03-27 20:24 . 2012-03-27 20:24 -------- d-----w- c:\programdata\ATI
2012-03-27 20:22 . 2012-03-27 20:22 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-27 20:20 . 2012-03-27 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-27 20:20 . 2012-03-27 20:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-27 20:17 . 2012-03-27 20:17 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-27 20:17 . 2012-03-27 20:17 -------- d-----w- c:\program files\ATI
2012-03-27 20:16 . 2012-03-27 20:16 -------- d-----w- C:\AMD
2012-03-23 12:01 . 2012-03-27 20:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-22 21:22 . 2012-03-22 21:22 22 --sha-w- c:\users\davsa\AppData\Roaming\Sys2662.Config.Repository.bin
2012-03-14 21:16 . 2012-03-14 21:16 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 21:16 . 2012-03-14 21:16 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files\AMD
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD
2012-03-13 22:12 . 2012-03-13 22:12 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-13 22:10 . 2012-03-27 20:23 -------- d-----w- c:\program files\ATI Technologies
2012-03-13 21:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 21:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 21:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:44 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:44 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:44 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:44 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:44 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 21:12 . 2012-03-06 21:12 -------- d-----w- c:\program files (x86)\SopCast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 14:13 . 2011-11-16 21:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-11 18:15 . 2011-11-16 23:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 17:55 . 2012-02-24 17:55 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-24 17:30 . 2012-02-24 17:30 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-24 17:22 . 2012-02-24 17:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-24 17:22 . 2012-02-24 17:22 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-24 17:20 . 2012-02-24 17:20 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-24 17:18 . 2012-02-24 17:18 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-24 17:17 . 2012-02-24 17:17 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-24 17:17 . 2012-02-24 17:17 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-24 17:16 . 2012-02-24 17:16 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-24 17:15 . 2012-02-24 17:15 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-24 17:15 . 2012-02-24 17:15 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-24 17:15 . 2012-02-24 17:15 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-24 17:12 . 2012-02-24 17:12 6266880 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-24 17:08 . 2012-02-24 17:08 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-24 16:58 . 2012-02-24 16:58 7711232 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-24 16:50 . 2012-02-24 16:50 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-24 16:50 . 2012-02-24 16:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-24 16:50 . 2012-02-24 16:50 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-24 16:44 . 2012-02-24 16:44 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-24 16:44 . 2012-02-24 16:44 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-24 16:44 . 2012-02-24 16:44 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-24 16:44 . 2012-02-24 16:44 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-24 16:43 . 2012-02-24 16:43 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-24 16:41 . 2012-02-24 16:41 5964800 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-24 16:39 . 2012-02-24 16:39 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-24 16:39 . 2012-02-24 16:39 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-24 16:33 . 2012-02-24 16:33 7560192 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-24 16:27 . 2011-10-12 19:39 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-24 16:23 . 2012-02-24 16:23 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-24 16:23 . 2012-02-24 16:23 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-24 16:23 . 2012-02-24 16:23 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-24 16:22 . 2012-02-24 16:22 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-24 16:22 . 2012-02-24 16:22 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-24 16:22 . 2012-02-24 16:22 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-24 16:22 . 2012-02-24 16:22 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-24 16:21 . 2012-02-24 16:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-24 16:21 . 2012-02-24 16:21 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-24 16:21 . 2012-02-24 16:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-24 16:20 . 2012-02-24 16:20 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-24 16:20 . 2012-02-24 16:20 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-24 16:20 . 2012-02-24 16:20 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-24 16:20 . 2012-02-24 16:20 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-22 22:15 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-01-22 20:57 . 2011-12-04 20:39 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-16 19:23 . 2012-01-16 19:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-16 19:23 . 2012-01-16 19:23 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 20:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 20:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_20.50.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-16 21:31 . 2012-03-29 14:41 29690 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 19:44 47092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-16 21:31 . 2012-03-29 19:44 11998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2845817104-3085971459-2673415368-1001_UserData.bin
+ 2011-11-16 21:32 . 2012-03-29 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-16 21:32 . 2012-03-28 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-16 21:32 . 2012-03-29 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-16 21:32 . 2012-03-28 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-29 20:59 . 2012-03-29 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 20:50 . 2012-03-28 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 20:50 . 2012-03-28 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-29 20:59 . 2012-03-29 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-28 17:15 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 19:47 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-03-29 19:47 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-03-28 17:15 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-03-28 17:15 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-29 19:47 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-03-29 19:47 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2012-03-28 17:15 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-03-28 20:48 479592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-29 20:57 479592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-16 22:10 . 2012-03-29 20:57 56537552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2845817104-3085971459-2673415368-1001-8192.dat
- 2011-11-16 22:10 . 2012-03-28 20:49 56537552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2845817104-3085971459-2673415368-1001-8192.dat
+ 2011-11-16 22:28 . 2012-03-28 21:17 16661608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2845817104-3085971459-2673415368-1001-12288.dat
- 2011-11-16 22:28 . 2012-03-27 20:08 16661608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2845817104-3085971459-2673415368-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NeXuS"="c:\program files (x86)\Winstep\Nexus.exe" [2012-03-28 16957056]
.
c:\users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-17 2430464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [x]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120328.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-18 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Winstep\WsxService.exe
.
**************************************************************************
.
Celkový čas: 2012-03-29 23:13:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-29 21:13
ComboFix2.txt 2012-03-28 21:04
.
Před spuštěním: Volných bajtů: 65 439 547 392
Po spuštění: Volných bajtů: 65 131 667 456
.
- - End Of File - - 5572B57147249C21F9B0DC7972A27463

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[davsa]

Tak jsem to vyčistil a odinstaloval ale pořad je to stejny Norton hlásí zablokovany utoky,tak nevim a co to našel Combifix nějakej vir?

[Roli]

Ano odmazali jsme nějaký nepořádek, ale nic extra závažného.

Mbam který tam máš předpokládám že jsi použil nebo ?

Systém, prohlížeč i Norton je aktualizovaný ?

[davsa]

Všechno dělam jak mám aktualizuju pravidelně i ten Mbam jsem zkusil ale pořad stejny,nikdy to nedělalo začalo to až 18.3 (ted jsem projiždel historii Nortonu)

[Roli]

Ty útoky jsou při prohlížení netu nebo kdykoliv ?

[davsa]

většinou při prohlížení internetu ale občas i normálně

[Roli]

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem ten konec s výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

[davsa]

tak to konečně skončilo

C:\Documents and Settings\davsa\AppData\Local\Data aplikací\Mozilla\Firefox\Profiles\uno0wfna.default\Cache\6\C0 Pravděpodobně SCRIPT.Virus
C:\Documents and Settings\davsa\AppData\Local\Mozilla\Firefox\Profiles\uno0wfna.default\Cache\6\C0 Pravděpodobně SCRIPT.Virus
WebInstaller.exe C:\instalačky programů Trojan.DownLoader5.52228 Nevyléčitelný.Přesunut.
C:\Users\davsa\AppData\Local\Mozilla\Firefox\Profiles\uno0wfna.default\Cache\6\C0 Pravděpodobně SCRIPT.Virus

[Roli]

Nyní by mělo být totálně uklizeno, tak že co na to Norton ?