Dobrý den prosim vas pěkně mohl by mi někdo zkontrolovat log,je to tak tyden co se mi prodloužilo spouštěni počítače a to asi na 2-3 min přibližně nikdy předtim to nedělalo tak nevim jestli tam neni vir ale Norton nic nenašel ani Mbam a ani Cureit,předem děkuji za ochotu a rady
Logfile of random's system information tool 1.09 (written by random/random)
Run by davsa at 2012-07-11 20:14:19
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 67 GB (44%) free of 153 GB
Total RAM: 4095 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:22, on 11.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\davsa.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 1a923648bc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Downloads\TRANSLAT12\WebIE.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Downloads\TRANSLAT12\WebIE.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - (no file)
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - (no file)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8390 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
atieclxx
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:1688
"C:\Program Files\Spamihilator\spamihilator.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6a9a22b3-09f7-4a55-a383-58b6c5b8791e -SystemEventPortName:HostProcess-18cd1f20-18ac-49e6-a15e-c3e97cc1e9bc -IoCancelEventPortName:HostProcess-48fe402d-91aa-4a0c-b55b-44d16de499c0 -NonStateChangingEventPortName:HostProcess-6f9f42ec-0186-4b1c-93a2-042ba7ca32df -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:67f5bbc4-69aa-4e30-8a3d-66a627946b29
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\instalačky programů\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AutoKMS.job
=========Mozilla firefox=========
ProfilePath - C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "ietab@ip.cn:1.95.20100933, noia2_option@kk.noia:3.76, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, adblockpopups@jessehakanen.net:0.2.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76, {5b175400-2368-11de-8c30-0800200c9a66}:1.9"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112555 ... 23648bc&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\extensions\
coralietab@mozdev.org
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"NeXuS"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-09 636032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree]
C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
C:\Users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMBalloonTip"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\misc.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oodcnt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*
======List of files/folders created in the last 1 month======
2012-07-11 20:13:16 ----D---- C:\rsit
2012-07-11 16:22:32 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 15:34:00 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 15:33:59 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 15:33:53 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 15:33:53 ----A---- C:\Windows\system32\cdosys.dll
2012-07-10 23:08:30 ----D---- C:\Users\davsa\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-07-10 23:08:02 ----D---- C:\Users\davsa\AppData\Roaming\HTC
2012-07-10 23:06:23 ----D---- C:\Program Files (x86)\Spirent Communications
2012-07-08 21:42:52 ----D---- C:\Users\davsa\AppData\Roaming\Subversion
2012-07-08 00:02:55 ----D---- C:\Program Files (x86)\COMPELSON Labs
2012-07-03 22:43:01 ----D---- C:\Program Files (x86)\HTC
2012-06-25 16:04:24 ----A---- C:\Windows\SYSWOW64\msxml4.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wups2.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wucltux.dll
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wups.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wudriver.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wuapi.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuapp.exe
2012-06-19 22:56:04 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\java.exe
2012-06-14 22:13:29 ----A---- C:\Windows\system32\drivers\ndisrd.sys
2012-06-13 19:47:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-13 19:47:06 ----A---- C:\Windows\system32\jscript.dll
2012-06-13 19:47:02 ----A---- C:\Windows\system32\ieframe.dll
2012-06-13 19:46:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-13 19:46:53 ----A---- C:\Windows\system32\mshtml.dll
2012-06-13 19:46:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-13 19:46:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-06-13 19:46:48 ----A---- C:\Windows\system32\msfeeds.dll
2012-06-13 19:46:47 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-13 19:46:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-13 19:46:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-13 19:46:46 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-13 19:46:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-13 19:46:46 ----A---- C:\Windows\system32\wininet.dll
2012-06-13 19:46:46 ----A---- C:\Windows\system32\urlmon.dll
2012-06-13 19:46:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-13 19:46:46 ----A---- C:\Windows\system32\ieui.dll
2012-06-13 19:46:46 ----A---- C:\Windows\system32\iertutil.dll
2012-06-13 19:46:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-13 19:46:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-13 19:46:45 ----A---- C:\Windows\system32\url.dll
2012-06-13 19:46:45 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-13 19:46:39 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 19:46:39 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-13 19:46:39 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 19:46:34 ----A---- C:\Windows\system32\profsvc.dll
2012-06-13 19:46:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-06-13 19:46:31 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-06-13 19:46:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-06-13 19:46:28 ----A---- C:\Windows\system32\rdpcorets.dll
2012-06-13 19:46:28 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 19:46:27 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-13 19:46:27 ----A---- C:\Windows\system32\msi.dll
2012-06-13 19:46:19 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 19:46:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-13 19:46:18 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-13 19:46:18 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-13 19:46:18 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 19:46:18 ----A---- C:\Windows\system32\cryptnet.dll
======List of files/folders modified in the last 1 month======
2012-07-11 20:14:21 ----D---- C:\Program Files\trend micro
2012-07-11 20:13:12 ----D---- C:\Windows\temp
2012-07-11 20:12:49 ----D---- C:\instalačky programů
2012-07-11 20:05:22 ----D---- C:\Users\davsa\AppData\Roaming\Skype
2012-07-11 19:48:12 ----D---- C:\Users\davsa\AppData\Roaming\Spamihilator
2012-07-11 19:45:19 ----SHD---- C:\System Volume Information
2012-07-11 17:29:15 ----D---- C:\Windows\system32\config
2012-07-11 17:27:39 ----D---- C:\Windows\System32
2012-07-11 17:27:39 ----D---- C:\Windows\inf
2012-07-11 17:27:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-11 16:49:43 ----D---- C:\Windows\SysWOW64
2012-07-11 16:39:55 ----D---- C:\Muzika
2012-07-11 16:39:34 ----D---- C:\Downloads
2012-07-11 16:29:31 ----D---- C:\Windows\winsxs
2012-07-11 16:25:21 ----D---- C:\Windows\system32\drivers
2012-07-11 16:22:40 ----D---- C:\Windows\system32\catroot
2012-07-11 16:22:32 ----SHD---- C:\Windows\Installer
2012-07-11 16:22:13 ----D---- C:\Windows
2012-07-11 16:21:55 ----D---- C:\ProgramData\Microsoft Help
2012-07-11 16:18:25 ----D---- C:\Windows\debug
2012-07-11 16:18:21 ----A---- C:\Windows\system32\MRT.exe
2012-07-11 15:33:45 ----D---- C:\Windows\system32\catroot2
2012-07-10 23:06:27 ----D---- C:\Windows\system32\DriverStore
2012-07-10 23:06:23 ----RD---- C:\Program Files (x86)
2012-07-10 23:03:51 ----RD---- C:\Program Files
2012-07-10 23:01:30 ----D---- C:\Věci na mobil
2012-07-10 22:54:55 ----D---- C:\ProgramData\DriverGenius
2012-07-10 21:58:40 ----D---- C:\Users\davsa\AppData\Roaming\AIMP3
2012-07-10 21:27:59 ----D---- C:\Program Files (x86)\JDownloader
2012-07-09 22:37:58 ----D---- C:\Windows\Prefetch
2012-07-09 19:29:58 ----D---- C:\ProgramData
2012-07-09 19:29:24 ----DC---- C:\Windows\system32\DRVSTORE
2012-07-09 19:29:19 ----RSD---- C:\Windows\assembly
2012-07-09 18:39:20 ----D---- C:\Windows\Microsoft.NET
2012-07-09 18:31:25 ----D---- C:\Windows\system32\Tasks
2012-07-09 18:30:19 ----D---- C:\Windows\SYSWOW64\drivers
2012-07-09 18:29:25 ----AD---- C:\ProgramData\Temp
2012-07-08 00:16:13 ----D---- C:\Users\davsa\AppData\Roaming\MOBILedit
2012-07-08 00:06:28 ----D---- C:\Program Files (x86)\MOBILedit!
2012-07-05 22:23:13 ----D---- C:\Windows\Tasks
2012-07-05 22:23:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-02 21:18:46 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-06-24 19:55:21 ----D---- C:\Windows\rescache
2012-06-24 13:55:32 ----D---- C:\Windows\system32\cs-CZ
2012-06-19 22:57:13 ----D---- C:\Program Files (x86)\Common Files
2012-06-18 20:11:27 ----RD---- C:\Program Files (x86)\Skype
2012-06-18 20:11:27 ----D---- C:\ProgramData\Skype
2012-06-16 23:08:09 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-15 18:46:45 ----SD---- C:\Users\davsa\AppData\Roaming\Microsoft
2012-06-13 20:28:27 ----D---- C:\Windows\SYSWOW64\migration
2012-06-13 20:28:27 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-13 20:28:26 ----D---- C:\Windows\system32\migration
2012-06-13 20:28:26 ----D---- C:\Program Files\Internet Explorer
2012-06-13 20:28:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 AmgHips;AmgHips; \??\C:\Windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-30 167048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120707.001\IDSvia64.sys [2012-06-14 509088]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120710.003\ENG64.SYS [2012-07-10 120440]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120710.003\EX64.SYS [2012-07-10 2068600]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-12-02 239208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S1 ArcSec;archlp; C:\Windows\system32\drivers\ArcSec.sys []
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11:45]; C:\Windows\system32\drivers\{329F96B6-DF1E-4328-BFDA-39EA953C1312}.sys []
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 CisUtMonitor;CisUtMonitor; C:\Windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-28 138232]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S4 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
dlouho načítá pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: dlouho načítá pc
Zdravím, když tam vidím tolika všemožných zkrášlovadel a rádoby ladících programů tak se ani nedivím,
že PC najíždí pomalu.
Pro jistotu se podíváme hlouběji zda tam není zašitý nějaký šmejd.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
že PC najíždí pomalu.
Pro jistotu se podíváme hlouběji zda tam není zašitý nějaký šmejd.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: dlouho načítá pc
Dobrý večer o jakych zkrášovadlech a rádoby programech to mluvíte?ja tam mam akorád Ccleaner a TuneUp a od nexusu Winstep ale ten používam už aspon rok jinak nevim 
tady je log a jinak děkuji
ComboFix 12-07-12.02 - davsa 12.07.2012 20:04:33.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2683 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\davsa\AppData\Roaming\inst.exe
c:\users\davsa\AppData\Roaming\vso_ts_preview.xml
c:\windows\msxml4-KB2721691-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-11 20:19 . 2012-07-11 20:19 -------- d-----w- c:\program files\Compiled Driver Disk (Android)
2012-07-11 18:13 . 2012-07-11 18:13 -------- d-----w- C:\rsit
2012-07-11 14:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Local\Htc
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Roaming\HTC
2012-07-10 21:06 . 2012-07-10 21:06 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-07-09 17:57 . 2012-07-09 17:57 -------- d-----w- c:\users\davsa\DoctorWeb
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\users\davsa\AppData\Roaming\Subversion
2012-07-07 22:02 . 2012-07-07 22:02 -------- d-----w- c:\program files (x86)\COMPELSON Labs
2012-07-03 20:43 . 2012-07-10 21:07 -------- d-----w- c:\program files (x86)\HTC
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 17:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 17:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 17:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 20:57 . 2012-06-19 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\users\davsa\AppData\Local\Macromedia
2012-06-14 20:13 . 2011-02-22 11:48 30816 ----a-w- c:\windows\system32\drivers\ndisrd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:23 . 2012-04-01 13:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 20:23 . 2011-11-16 23:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 05:45 . 2012-07-11 13:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 13:33 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-05 22:11 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-05-04 18:44 . 2012-04-01 13:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29 . 2012-01-16 19:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-01-16 19:23 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11]; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120711.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-15 15672]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-04-27 21:26]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112555&babsrc=HP_ss&mntrId=8a2f038e000000000000001a923648bc
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\downloads\TRANSLAT12\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&babsrc=KW_ss&mntrId=8a2f038e000000000000001a923648bc&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.hardId - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E904D751BB1CE3C5561DCA411BD49871496B4E307B56114287F3E37F0A3A33741310D44794C03ECE9CA6163601F06DA57AAF35B35601BCA9BF0A61D8CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98089DB7CE019D40AA5CDAC67058A2E4FA11B866124C9324A9ECF5C347BDB07B066EFD175D4C11CEE6804AC6B328A3CA64164D9A13A2875DD2BF3108C54D2AD28953600E8CA7C1EF7DA06420E25B112AA5B7931C060F77663BC48B5A5DC1DA4D386EFDC5A83ADAAEB7524D050085CF701B08FB382305279503BBE1C09D8F85CB9750C19B331AB79421171ECE24FC7BEE72196A61393E0FA31DE8866429701D0FFE0E8A94C422EB8A96F66178FBDD61D82E823A2AA8B4592ED115C015B5E0CBBE1C422BD487703DE14AFA18A3C687054725DFB64E67AA66363D8DC8C28CA3EBE2EF89EB2A3CE6A24C41B3B491DA9B9D3683D121A77EA3C922CEA2CD038DBC0FEB4F86868035ABCB63D5B121AB1E031585467B2F390A67C93BCAA87092ABF4792B63DDA9EDD8A91AA1378DB97E0E6709FAC00489A73C02E2ADC8F848CBEA59A4D727BAF8A7A38DA2E5E461CBB73B394D3E9A18CC3B5BC3C40CB3EF5F33E5BBBB0D6DC90C88A4C92FF3B44B9D2EC92BE75B4E668A603FC0D2CBCBED32ECCC329FC6D9BC6E8FFE95BCF2526E67D770B393432923C629565124C425D634C4DF14E5E965C89CDFEA6A7C6EB97053507E0EBE4AD085FC4A211205B62815CAA7F67F56BA5D290C403186D5D5BE7D03D8513A0BA839C9979CB462F4C08F94D0277B56ECE5E019A29BB3EB60FC054489D45E7BCFFA2EAFF89DBAE6266AEA451379EABB5B78675D3B8064E06B1A067570CBAD5898424F7A756C7087029B9E1D54F6591A856437B82622CBEFF5C912C832E95C1C22618D7156CE2770A1A26293CAA1EC1E83806EF525D704E6B80CC8793FFE99555F2132E0592EC391583042261F97DD3AA187FDE2709CBBD79A422246FAFE2A58F7AF55182E97C01FA5D81ED5F09F7C22621829D1B00E3818BA3665703F02E6BBC51BE76AFABA2A124318A8A552242ACF78340B1787F04FC46910B14056C4BBDA5659ABB0D86EA1259C4BEA9E48B2DDFECD428E0D872A6CB72CE277FE01A4A854EDC1B646D3A85CD9D0B1BFCE4D7D20337D8CF49036C68E173D9EFE7C73A7418B0291F5896D892374B2F1D746CE5B113058C2538410F2CAC60B9DDF0BD5F5AF273D69A55E9B4F55FB4B953619304463FEE2F4924D8484C570361A09014459AE947ECB5AAEC5E0613DD5893260C657DB6CD61B6ED5F370BC041333BB38CC440F8058A37AE2C9C6CEC741A0F739DBD5548A9F8F788B38D27EB22DEC0E12F5C7345E103CC06DF8ACB570318E8942AE263D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Winstep\WsxService.exe
.
**************************************************************************
.
Celkový čas: 2012-07-12 20:37:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-12 18:37
.
Před spuštěním: Volných bajtů: 74 732 859 392
Po spuštění: Volných bajtů: 74 469 150 720
.
- - End Of File - - 627F01C83D57127CFF464643BC377533
tady je log a jinak děkuji
ComboFix 12-07-12.02 - davsa 12.07.2012 20:04:33.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2683 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\davsa\AppData\Roaming\inst.exe
c:\users\davsa\AppData\Roaming\vso_ts_preview.xml
c:\windows\msxml4-KB2721691-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-11 20:19 . 2012-07-11 20:19 -------- d-----w- c:\program files\Compiled Driver Disk (Android)
2012-07-11 18:13 . 2012-07-11 18:13 -------- d-----w- C:\rsit
2012-07-11 14:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Local\Htc
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Roaming\HTC
2012-07-10 21:06 . 2012-07-10 21:06 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-07-09 17:57 . 2012-07-09 17:57 -------- d-----w- c:\users\davsa\DoctorWeb
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\users\davsa\AppData\Roaming\Subversion
2012-07-07 22:02 . 2012-07-07 22:02 -------- d-----w- c:\program files (x86)\COMPELSON Labs
2012-07-03 20:43 . 2012-07-10 21:07 -------- d-----w- c:\program files (x86)\HTC
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 17:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 17:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 17:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 20:57 . 2012-06-19 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\users\davsa\AppData\Local\Macromedia
2012-06-14 20:13 . 2011-02-22 11:48 30816 ----a-w- c:\windows\system32\drivers\ndisrd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:23 . 2012-04-01 13:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 20:23 . 2011-11-16 23:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 05:45 . 2012-07-11 13:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 13:33 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-05 22:11 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-05-04 18:44 . 2012-04-01 13:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29 . 2012-01-16 19:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-01-16 19:23 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11]; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120711.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-15 15672]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-04-27 21:26]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112555&babsrc=HP_ss&mntrId=8a2f038e000000000000001a923648bc
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\downloads\TRANSLAT12\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&babsrc=KW_ss&mntrId=8a2f038e000000000000001a923648bc&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.hardId - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E904D751BB1CE3C5561DCA411BD49871496B4E307B56114287F3E37F0A3A33741310D44794C03ECE9CA6163601F06DA57AAF35B35601BCA9BF0A61D8CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98089DB7CE019D40AA5CDAC67058A2E4FA11B866124C9324A9ECF5C347BDB07B066EFD175D4C11CEE6804AC6B328A3CA64164D9A13A2875DD2BF3108C54D2AD28953600E8CA7C1EF7DA06420E25B112AA5B7931C060F77663BC48B5A5DC1DA4D386EFDC5A83ADAAEB7524D050085CF701B08FB382305279503BBE1C09D8F85CB9750C19B331AB79421171ECE24FC7BEE72196A61393E0FA31DE8866429701D0FFE0E8A94C422EB8A96F66178FBDD61D82E823A2AA8B4592ED115C015B5E0CBBE1C422BD487703DE14AFA18A3C687054725DFB64E67AA66363D8DC8C28CA3EBE2EF89EB2A3CE6A24C41B3B491DA9B9D3683D121A77EA3C922CEA2CD038DBC0FEB4F86868035ABCB63D5B121AB1E031585467B2F390A67C93BCAA87092ABF4792B63DDA9EDD8A91AA1378DB97E0E6709FAC00489A73C02E2ADC8F848CBEA59A4D727BAF8A7A38DA2E5E461CBB73B394D3E9A18CC3B5BC3C40CB3EF5F33E5BBBB0D6DC90C88A4C92FF3B44B9D2EC92BE75B4E668A603FC0D2CBCBED32ECCC329FC6D9BC6E8FFE95BCF2526E67D770B393432923C629565124C425D634C4DF14E5E965C89CDFEA6A7C6EB97053507E0EBE4AD085FC4A211205B62815CAA7F67F56BA5D290C403186D5D5BE7D03D8513A0BA839C9979CB462F4C08F94D0277B56ECE5E019A29BB3EB60FC054489D45E7BCFFA2EAFF89DBAE6266AEA451379EABB5B78675D3B8064E06B1A067570CBAD5898424F7A756C7087029B9E1D54F6591A856437B82622CBEFF5C912C832E95C1C22618D7156CE2770A1A26293CAA1EC1E83806EF525D704E6B80CC8793FFE99555F2132E0592EC391583042261F97DD3AA187FDE2709CBBD79A422246FAFE2A58F7AF55182E97C01FA5D81ED5F09F7C22621829D1B00E3818BA3665703F02E6BBC51BE76AFABA2A124318A8A552242ACF78340B1787F04FC46910B14056C4BBDA5659ABB0D86EA1259C4BEA9E48B2DDFECD428E0D872A6CB72CE277FE01A4A854EDC1B646D3A85CD9D0B1BFCE4D7D20337D8CF49036C68E173D9EFE7C73A7418B0291F5896D892374B2F1D746CE5B113058C2538410F2CAC60B9DDF0BD5F5AF273D69A55E9B4F55FB4B953619304463FEE2F4924D8484C570361A09014459AE947ECB5AAEC5E0613DD5893260C657DB6CD61B6ED5F370BC041333BB38CC440F8058A37AE2C9C6CEC741A0F739DBD5548A9F8F788B38D27EB22DEC0E12F5C7345E103CC06DF8ACB570318E8942AE263D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Winstep\WsxService.exe
.
**************************************************************************
.
Celkový čas: 2012-07-12 20:37:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-12 18:37
.
Před spuštěním: Volných bajtů: 74 732 859 392
Po spuštění: Volných bajtů: 74 469 150 720
.
- - End Of File - - 627F01C83D57127CFF464643BC377533
Re: dlouho načítá pc
No právě, TuneUp v neopatrných rukách dokáže udělat pěknou paseku k tomu Toolwiz Care a ten Winstepdavsa píše:Dobrý večer o jakych zkrášovadlech a rádoby programech to mluvíte?ja tam mam akorád Ccleaner a TuneUp a od nexusu Winstep ale ten používam už aspon rok jinak nevim
rychlosti také nepřidá.
Co mě však trápí nejvíc je ten nelegální softík od Microsoftu, s tím uděláme co
Re: dlouho načítá pc
a to že mam nelegalni soft od microsoftu jste zjistil jak?o ničem nevim ten počítač jsem takhle koupil přes znamyho a řikal že je všechno legální tak nevim.Ten tune up používam jen na číštěni atd.ale na nic jinyho a winstep používam taky dlouho a nic to nedělalo až ted nedavno se takhle spomalilo to spouštění.A ten Toolwiz Care vubec nevim že ho mam v pc ani nevim co to je,nedavno tu byl synovec na pc a něco tu dělal tak nevim a co stim mam dělat ?je ten počítač čistej nebo je tam nějaka havět?
Re: dlouho načítá pc
Ano nějaká havěť tam je, ale podle pravidel nemůžem pokračovat dokud budeš mít nelegální produkt
od Microsoftu, ono už to bylo vidět v tom logu z Rsit, ale čekal jsem že když už sem chodíš tak dlouho,
že kápneš božskou
Jestli je PC koupeno přes známého, tak bych na něj vlítnul, protože Office a Windows 7 Ultimate
cenově vychází dohromady někde kolem 10.000,- plus pěkný průšvih.
od Microsoftu, ono už to bylo vidět v tom logu z Rsit, ale čekal jsem že když už sem chodíš tak dlouho,
že kápneš božskou
Jestli je PC koupeno přes známého, tak bych na něj vlítnul, protože Office a Windows 7 Ultimate
cenově vychází dohromady někde kolem 10.000,- plus pěkný průšvih.
Re: dlouho načítá pc
Tak to je skvěly ja myslel že to je všechno legalni,s tim znamym si to vyřidim pač jsem si celou dobu myslel že mam všechno vcajku.Tak díky za upozornění a musim to nějak vyřešit
Re: dlouho načítá pc
Zdravim jen jsem chtěl poprosit o kontrolu a odstraněni těch viru pač už mi to blbne čim dal víc a po každym spuštěni pc nejde internet musim dat opravu dokonce už mi nešlo ani spustit pc byla tam modra obrazovka s napisama a ani nešla udělat oprava windows.Už jsem odstranil ty nelegalni officy a dam si tam svoje 2007 ty mam legalni jenže synovec mi to aktualizoval a řikal že ty novy jsou legalni tak jsem mu věřil ,jinak ten znamej bude dostupnej až přístí tyden tak musim nějak vydržet a proto jsem chtěl poprosit o odstraněni těch viru pač použivame pc hodně.
Logfile of random's system information tool 1.09 (written by random/random)
Run by davsa at 2012-07-15 15:01:52
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 77 GB (51%) free of 153 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:54, on 15.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\trend micro\davsa.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Downloads\TRANSLAT12\WebIE.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Downloads\TRANSLAT12\WebIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6128 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files\Spamihilator\spamihilator.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe" /c /a /s UserSession2
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:1948
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f2983f82-3e5d-4e8f-9845-42a1d01aee85 -SystemEventPortName:HostProcess-f283e5ad-6184-4030-97db-00ba763d9b17 -IoCancelEventPortName:HostProcess-cbd51c37-7d74-467f-9755-bba5c4d25e31 -NonStateChangingEventPortName:HostProcess-82f95186-c5b6-4719-8a51-df1b0871cc13 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c017806b-829d-4632-adfb-2e24f27d09f3
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
taskeng.exe {381ABABF-293F-49B0-9638-46F843633635}
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
"C:\instalačky programů\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AutoKMS.job
=========Mozilla firefox=========
ProfilePath - C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "ietab@ip.cn:1.95.20100933, noia2_option@kk.noia:3.76, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, adblockpopups@jessehakanen.net:0.2.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76, {5b175400-2368-11de-8c30-0800200c9a66}:1.9"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112555 ... 23648bc&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\extensions\
coralietab@mozdev.org
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll [2011-09-07 492984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL [2011-07-25 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll [2011-09-07 492984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"NeXuS"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeXuS]
C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-09 636032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
C:\Users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR300]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"NoSMBalloonTip"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-07-15 15:00:45 ----D---- C:\rsit
2012-07-15 14:17:58 ----SHD---- C:\Config.Msi
2012-07-15 13:34:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-15 13:34:05 ----D---- C:\Program Files\Symantec
2012-07-15 13:34:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-07-15 13:33:23 ----D---- C:\Windows\system32\drivers\NISx64
2012-07-15 13:33:22 ----D---- C:\Program Files (x86)\Norton Internet Security
2012-07-15 13:33:10 ----D---- C:\Program Files (x86)\NortonInstaller
2012-07-15 00:37:32 ----A---- C:\Windows\ntbtlog.txt
2012-07-14 23:51:51 ----D---- C:\ProgramData\Simply Super Software
2012-07-14 22:53:02 ----D---- C:\Program Files (x86)\ToolwizCareFree
2012-07-14 22:20:04 ----D---- C:\Program Files (x86)\HD Tune
2012-07-14 22:15:35 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2012-07-13 22:16:03 ----D---- C:\Users\davsa\AppData\Roaming\QuickScan
2012-07-13 21:56:58 ----SHD---- C:\$RECYCLE.BIN
2012-07-13 20:31:45 ----A---- C:\Windows\system32\TURegOpt.exe
2012-07-13 20:31:45 ----A---- C:\Windows\system32\authuitu.dll
2012-07-13 20:31:44 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2012-07-13 20:31:15 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2012-07-13 18:44:39 ----A---- C:\Windows\SYSWOW64\msvcp90.dll
2012-07-13 18:44:38 ----A---- C:\Windows\SYSWOW64\msvcr90.dll
2012-07-12 20:38:07 ----D---- C:\Windows\temp
2012-07-11 22:19:22 ----D---- C:\Program Files\Compiled Driver Disk (Android)
2012-07-11 16:22:32 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 15:34:00 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 15:33:59 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 15:33:53 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 15:33:53 ----A---- C:\Windows\system32\cdosys.dll
2012-07-10 23:08:30 ----D---- C:\Users\davsa\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-07-10 23:08:02 ----D---- C:\Users\davsa\AppData\Roaming\HTC
2012-07-10 23:06:23 ----D---- C:\Program Files (x86)\Spirent Communications
2012-07-08 21:42:52 ----D---- C:\Users\davsa\AppData\Roaming\Subversion
2012-07-08 00:02:55 ----D---- C:\Program Files (x86)\COMPELSON Labs
2012-07-03 22:43:01 ----D---- C:\Program Files (x86)\HTC
2012-06-25 16:04:24 ----A---- C:\Windows\SYSWOW64\msxml4.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wups2.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wucltux.dll
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wups.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wudriver.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wuapi.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuapp.exe
2012-06-19 22:56:04 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 month======
2012-07-15 15:01:53 ----D---- C:\Program Files\trend micro
2012-07-15 14:58:04 ----RD---- C:\Program Files (x86)
2012-07-15 14:58:02 ----D---- C:\Windows\system32\NDF
2012-07-15 14:56:54 ----D---- C:\Users\davsa\AppData\Roaming\Spamihilator
2012-07-15 14:52:50 ----SHD---- C:\Windows\Installer
2012-07-15 14:51:55 ----D---- C:\Program Files\Common Files
2012-07-15 14:51:54 ----SD---- C:\ProgramData\Microsoft
2012-07-15 14:48:50 ----RSD---- C:\Windows\Fonts
2012-07-15 14:48:50 ----D---- C:\Windows\ShellNew
2012-07-15 14:48:50 ----D---- C:\Program Files (x86)\MSBuild
2012-07-15 14:48:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-07-15 14:48:39 ----D---- C:\ProgramData\Microsoft Help
2012-07-15 14:47:29 ----RSD---- C:\Windows\assembly
2012-07-15 14:47:10 ----D---- C:\Program Files\Microsoft Office
2012-07-15 14:47:10 ----D---- C:\Program Files\Common Files\System
2012-07-15 14:47:09 ----A---- C:\Windows\win.ini
2012-07-15 14:46:41 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-15 14:41:49 ----SHD---- C:\System Volume Information
2012-07-15 14:23:53 ----D---- C:\Boot
2012-07-15 14:21:21 ----RD---- C:\instalačky programů
2012-07-15 14:07:59 ----D---- C:\Windows\system32\config
2012-07-15 13:35:25 ----D---- C:\Windows\system32\Tasks
2012-07-15 13:34:49 ----D---- C:\ProgramData\Norton
2012-07-15 13:34:06 ----D---- C:\Windows\system32\drivers
2012-07-15 13:34:05 ----RD---- C:\Program Files
2012-07-15 13:07:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-07-15 00:39:30 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 00:37:32 ----D---- C:\Windows
2012-07-15 00:22:58 ----D---- C:\Windows\SysWOW64
2012-07-15 00:16:07 ----D---- C:\Windows\System32
2012-07-15 00:16:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-15 00:16:06 ----D---- C:\Windows\inf
2012-07-15 00:07:20 ----AD---- C:\ProgramData\Temp
2012-07-14 23:51:51 ----D---- C:\ProgramData
2012-07-14 23:10:34 ----D---- C:\Windows\Prefetch
2012-07-14 22:59:40 ----D---- C:\Windows\debug
2012-07-13 22:09:56 ----D---- C:\Program Files (x86)\Common Files
2012-07-13 19:58:52 ----D---- C:\Users\davsa\AppData\Roaming\Skype
2012-07-13 19:25:41 ----D---- C:\Muzika
2012-07-13 19:04:13 ----D---- C:\Program Files (x86)\MOBILedit!
2012-07-12 23:04:42 ----D---- C:\Windows\system32\catroot2
2012-07-12 20:22:13 ----A---- C:\Windows\system.ini
2012-07-12 20:21:48 ----D---- C:\Windows\system32\drivers\etc
2012-07-12 20:08:16 ----D---- C:\Windows\SYSWOW64\drivers
2012-07-12 20:08:16 ----D---- C:\Windows\AppPatch
2012-07-11 23:39:11 ----D---- C:\Windows\system32\catroot
2012-07-11 22:52:44 ----D---- C:\Users\davsa\AppData\Roaming\AIMP3
2012-07-11 22:19:40 ----D---- C:\Windows\system32\DriverStore
2012-07-11 22:18:57 ----D---- C:\Věci na mobil
2012-07-11 21:41:48 ----D---- C:\Program Files (x86)\AIMP3
2012-07-11 21:31:29 ----D---- C:\Downloads
2012-07-11 16:29:31 ----D---- C:\Windows\winsxs
2012-07-11 16:18:21 ----A---- C:\Windows\system32\MRT.exe
2012-07-10 22:54:55 ----D---- C:\ProgramData\DriverGenius
2012-07-10 21:27:59 ----D---- C:\Program Files (x86)\JDownloader
2012-07-09 19:29:24 ----DC---- C:\Windows\system32\DRVSTORE
2012-07-09 18:39:20 ----D---- C:\Windows\Microsoft.NET
2012-07-08 00:16:13 ----D---- C:\Users\davsa\AppData\Roaming\MOBILedit
2012-07-05 22:23:13 ----D---- C:\Windows\Tasks
2012-07-05 22:23:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-02 21:18:46 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-06-24 19:55:21 ----D---- C:\Windows\rescache
2012-06-24 13:55:32 ----D---- C:\Windows\system32\cs-CZ
2012-06-18 20:11:27 ----RD---- C:\Program Files (x86)\Skype
2012-06-18 20:11:27 ----D---- C:\ProgramData\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [2011-07-28 1084536]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 AmgHips;AmgHips; \??\C:\Windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [2011-08-08 167048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-07-15 484512]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-13 509088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1301010.003\SRTSPX64.SYS [2011-08-02 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [2011-07-25 189560]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NISx64\1301010.003\SYMNETS.SYS [2011-07-25 401016]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-15 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\ENG64.SYS [2012-07-15 120440]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\EX64.SYS [2012-07-15 2068600]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-12-02 239208]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NISx64\1301010.003\SRTSP64.SYS [2011-08-02 729720]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-07-15 174200]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11:45]; C:\Windows\system32\drivers\{329F96B6-DF1E-4328-BFDA-39EA953C1312}.sys []
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 CisUtMonitor;CisUtMonitor; C:\Windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-08-10 138760]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
-----------------EOF-----------------
,jinak ten znamej bude dostupnej až přístí tyden tak musim nějak vydržet a proto jsem chtěl poprosit o odstraněni těch viru pač použivame pc hodně.Logfile of random's system information tool 1.09 (written by random/random)
Run by davsa at 2012-07-15 15:01:52
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 77 GB (51%) free of 153 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:54, on 15.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\trend micro\davsa.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Downloads\TRANSLAT12\WebIE.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Downloads\TRANSLAT12\WebIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Downloads\TRANSLAT12\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6128 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files\Spamihilator\spamihilator.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe" /c /a /s UserSession2
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:1948
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f2983f82-3e5d-4e8f-9845-42a1d01aee85 -SystemEventPortName:HostProcess-f283e5ad-6184-4030-97db-00ba763d9b17 -IoCancelEventPortName:HostProcess-cbd51c37-7d74-467f-9755-bba5c4d25e31 -NonStateChangingEventPortName:HostProcess-82f95186-c5b6-4719-8a51-df1b0871cc13 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c017806b-829d-4632-adfb-2e24f27d09f3
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
taskeng.exe {381ABABF-293F-49B0-9638-46F843633635}
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
"C:\instalačky programů\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AutoKMS.job
=========Mozilla firefox=========
ProfilePath - C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "ietab@ip.cn:1.95.20100933, noia2_option@kk.noia:3.76, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, adblockpopups@jessehakanen.net:0.2.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76, {5b175400-2368-11de-8c30-0800200c9a66}:1.9"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112555 ... 23648bc&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\extensions\
coralietab@mozdev.org
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll [2011-09-07 492984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL [2011-07-25 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Downloads\TRANSLAT12\WebIE.dll [2012-06-11 798771]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll [2011-09-07 492984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"NeXuS"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeXuS]
C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-09 636032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
C:\Users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR300]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"NoSMBalloonTip"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-07-15 15:00:45 ----D---- C:\rsit
2012-07-15 14:17:58 ----SHD---- C:\Config.Msi
2012-07-15 13:34:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-15 13:34:05 ----D---- C:\Program Files\Symantec
2012-07-15 13:34:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-07-15 13:33:23 ----D---- C:\Windows\system32\drivers\NISx64
2012-07-15 13:33:22 ----D---- C:\Program Files (x86)\Norton Internet Security
2012-07-15 13:33:10 ----D---- C:\Program Files (x86)\NortonInstaller
2012-07-15 00:37:32 ----A---- C:\Windows\ntbtlog.txt
2012-07-14 23:51:51 ----D---- C:\ProgramData\Simply Super Software
2012-07-14 22:53:02 ----D---- C:\Program Files (x86)\ToolwizCareFree
2012-07-14 22:20:04 ----D---- C:\Program Files (x86)\HD Tune
2012-07-14 22:15:35 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2012-07-13 22:16:03 ----D---- C:\Users\davsa\AppData\Roaming\QuickScan
2012-07-13 21:56:58 ----SHD---- C:\$RECYCLE.BIN
2012-07-13 20:31:45 ----A---- C:\Windows\system32\TURegOpt.exe
2012-07-13 20:31:45 ----A---- C:\Windows\system32\authuitu.dll
2012-07-13 20:31:44 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2012-07-13 20:31:15 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2012-07-13 18:44:39 ----A---- C:\Windows\SYSWOW64\msvcp90.dll
2012-07-13 18:44:38 ----A---- C:\Windows\SYSWOW64\msvcr90.dll
2012-07-12 20:38:07 ----D---- C:\Windows\temp
2012-07-11 22:19:22 ----D---- C:\Program Files\Compiled Driver Disk (Android)
2012-07-11 16:22:32 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 15:34:05 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 15:34:00 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 15:33:59 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 15:33:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 15:33:56 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 15:33:53 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 15:33:53 ----A---- C:\Windows\system32\cdosys.dll
2012-07-10 23:08:30 ----D---- C:\Users\davsa\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-07-10 23:08:02 ----D---- C:\Users\davsa\AppData\Roaming\HTC
2012-07-10 23:06:23 ----D---- C:\Program Files (x86)\Spirent Communications
2012-07-08 21:42:52 ----D---- C:\Users\davsa\AppData\Roaming\Subversion
2012-07-08 00:02:55 ----D---- C:\Program Files (x86)\COMPELSON Labs
2012-07-03 22:43:01 ----D---- C:\Program Files (x86)\HTC
2012-06-25 16:04:24 ----A---- C:\Windows\SYSWOW64\msxml4.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wups2.dll
2012-06-23 19:48:32 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wucltux.dll
2012-06-23 19:48:31 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wups.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wudriver.dll
2012-06-23 19:48:20 ----A---- C:\Windows\system32\wuapi.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-23 19:48:09 ----A---- C:\Windows\system32\wuapp.exe
2012-06-19 22:56:04 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-06-19 22:55:49 ----A---- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 month======
2012-07-15 15:01:53 ----D---- C:\Program Files\trend micro
2012-07-15 14:58:04 ----RD---- C:\Program Files (x86)
2012-07-15 14:58:02 ----D---- C:\Windows\system32\NDF
2012-07-15 14:56:54 ----D---- C:\Users\davsa\AppData\Roaming\Spamihilator
2012-07-15 14:52:50 ----SHD---- C:\Windows\Installer
2012-07-15 14:51:55 ----D---- C:\Program Files\Common Files
2012-07-15 14:51:54 ----SD---- C:\ProgramData\Microsoft
2012-07-15 14:48:50 ----RSD---- C:\Windows\Fonts
2012-07-15 14:48:50 ----D---- C:\Windows\ShellNew
2012-07-15 14:48:50 ----D---- C:\Program Files (x86)\MSBuild
2012-07-15 14:48:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-07-15 14:48:39 ----D---- C:\ProgramData\Microsoft Help
2012-07-15 14:47:29 ----RSD---- C:\Windows\assembly
2012-07-15 14:47:10 ----D---- C:\Program Files\Microsoft Office
2012-07-15 14:47:10 ----D---- C:\Program Files\Common Files\System
2012-07-15 14:47:09 ----A---- C:\Windows\win.ini
2012-07-15 14:46:41 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-15 14:41:49 ----SHD---- C:\System Volume Information
2012-07-15 14:23:53 ----D---- C:\Boot
2012-07-15 14:21:21 ----RD---- C:\instalačky programů
2012-07-15 14:07:59 ----D---- C:\Windows\system32\config
2012-07-15 13:35:25 ----D---- C:\Windows\system32\Tasks
2012-07-15 13:34:49 ----D---- C:\ProgramData\Norton
2012-07-15 13:34:06 ----D---- C:\Windows\system32\drivers
2012-07-15 13:34:05 ----RD---- C:\Program Files
2012-07-15 13:07:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-07-15 00:39:30 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 00:37:32 ----D---- C:\Windows
2012-07-15 00:22:58 ----D---- C:\Windows\SysWOW64
2012-07-15 00:16:07 ----D---- C:\Windows\System32
2012-07-15 00:16:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-15 00:16:06 ----D---- C:\Windows\inf
2012-07-15 00:07:20 ----AD---- C:\ProgramData\Temp
2012-07-14 23:51:51 ----D---- C:\ProgramData
2012-07-14 23:10:34 ----D---- C:\Windows\Prefetch
2012-07-14 22:59:40 ----D---- C:\Windows\debug
2012-07-13 22:09:56 ----D---- C:\Program Files (x86)\Common Files
2012-07-13 19:58:52 ----D---- C:\Users\davsa\AppData\Roaming\Skype
2012-07-13 19:25:41 ----D---- C:\Muzika
2012-07-13 19:04:13 ----D---- C:\Program Files (x86)\MOBILedit!
2012-07-12 23:04:42 ----D---- C:\Windows\system32\catroot2
2012-07-12 20:22:13 ----A---- C:\Windows\system.ini
2012-07-12 20:21:48 ----D---- C:\Windows\system32\drivers\etc
2012-07-12 20:08:16 ----D---- C:\Windows\SYSWOW64\drivers
2012-07-12 20:08:16 ----D---- C:\Windows\AppPatch
2012-07-11 23:39:11 ----D---- C:\Windows\system32\catroot
2012-07-11 22:52:44 ----D---- C:\Users\davsa\AppData\Roaming\AIMP3
2012-07-11 22:19:40 ----D---- C:\Windows\system32\DriverStore
2012-07-11 22:18:57 ----D---- C:\Věci na mobil
2012-07-11 21:41:48 ----D---- C:\Program Files (x86)\AIMP3
2012-07-11 21:31:29 ----D---- C:\Downloads
2012-07-11 16:29:31 ----D---- C:\Windows\winsxs
2012-07-11 16:18:21 ----A---- C:\Windows\system32\MRT.exe
2012-07-10 22:54:55 ----D---- C:\ProgramData\DriverGenius
2012-07-10 21:27:59 ----D---- C:\Program Files (x86)\JDownloader
2012-07-09 19:29:24 ----DC---- C:\Windows\system32\DRVSTORE
2012-07-09 18:39:20 ----D---- C:\Windows\Microsoft.NET
2012-07-08 00:16:13 ----D---- C:\Users\davsa\AppData\Roaming\MOBILedit
2012-07-05 22:23:13 ----D---- C:\Windows\Tasks
2012-07-05 22:23:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-02 21:18:46 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-06-24 19:55:21 ----D---- C:\Windows\rescache
2012-06-24 13:55:32 ----D---- C:\Windows\system32\cs-CZ
2012-06-18 20:11:27 ----RD---- C:\Program Files (x86)\Skype
2012-06-18 20:11:27 ----D---- C:\ProgramData\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [2011-07-28 1084536]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 AmgHips;AmgHips; \??\C:\Windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [2011-08-08 167048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-07-15 484512]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-13 509088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1301010.003\SRTSPX64.SYS [2011-08-02 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [2011-07-25 189560]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NISx64\1301010.003\SYMNETS.SYS [2011-07-25 401016]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-15 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\ENG64.SYS [2012-07-15 120440]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\EX64.SYS [2012-07-15 2068600]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-12-02 239208]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NISx64\1301010.003\SRTSP64.SYS [2011-08-02 729720]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-07-15 174200]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11:45]; C:\Windows\system32\drivers\{329F96B6-DF1E-4328-BFDA-39EA953C1312}.sys []
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 CisUtMonitor;CisUtMonitor; C:\Windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-08-10 138760]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
-----------------EOF-----------------
Re: dlouho načítá pc
jo jsou takhle mi to řikal když mi prodaval počitač a ja nemam duvod mu nevěřit a hlavně to stahuje aktualizace a to by při nelegalnich nešlo ne?
Re: dlouho načítá pc
Sice jsem na vážkách když ti tam známý narval nelegální kde co, ale přivřu tentokrát oko.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\Tasks\AutoKMS.job
Folder::
c:\windows\AutoKMS
c:\Program Files (x86)\ToolwizCareFree
FireFox::
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555 ... 23648bc&q=
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: dlouho načítá pc
diky za kotrolu ale je to pořad stejny po startu pc nejde internet musim dat opravu je to pomaly a ještě ke všemu mi zmizel z lišty Norton a pořad hlasi že je v něm chyba
ComboFix 12-07-16.01 - davsa 16.07.2012 22:54:14.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2414 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\davsa\Desktop\CFScript.txt.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ToolwizCareFree
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\AutoKMS.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-16 do 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 20:03 . 2012-07-16 20:03 -------- d-----w- C:\CloneDVDTemp
2012-07-15 19:59 . 2012-07-15 19:59 -------- d-----w- C:\Temp
2012-07-15 17:01 . 2012-07-15 17:01 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 13:00 . 2012-07-15 13:01 -------- d-----w- C:\rsit
2012-07-15 11:34 . 2012-07-15 18:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-15 11:34 . 2012-07-15 18:38 -------- d-----w- c:\program files\Symantec
2012-07-15 11:34 . 2012-07-15 11:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-15 11:33 . 2012-07-15 19:12 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-07-15 11:33 . 2012-07-15 11:33 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-07-15 11:33 . 2012-07-15 11:33 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-14 22:43 . 2012-07-14 22:43 -------- d-----w- c:\users\davsa\DoctorWeb
2012-07-14 21:51 . 2012-07-14 21:51 -------- d-----w- c:\programdata\Simply Super Software
2012-07-14 20:53 . 2012-07-14 20:59 -------- d-----w- c:\users\davsa\AppData\Local\ToolwizCareFree
2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\program files (x86)\HD Tune
2012-07-14 20:15 . 2012-07-14 20:15 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\users\davsa\AppData\Roaming\QuickScan
2012-07-13 19:36 . 2012-07-14 22:38 -------- d-----w- c:\users\davsa\AppData\Local\NPE
2012-07-13 18:31 . 2011-12-14 10:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-13 18:31 . 2011-12-14 10:46 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-07-13 18:31 . 2011-12-14 10:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-13 18:31 . 2012-07-13 18:31 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-13 16:44 . 2012-07-13 16:44 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-07-13 16:44 . 2012-07-13 16:44 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-07-11 20:19 . 2012-07-11 20:19 -------- d-----w- c:\program files\Compiled Driver Disk (Android)
2012-07-11 14:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 21:08 . 2012-07-13 19:04 -------- d-----w- c:\users\davsa\AppData\Local\Htc
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Roaming\HTC
2012-07-10 21:06 . 2012-07-10 21:06 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\users\davsa\AppData\Roaming\Subversion
2012-07-07 22:02 . 2012-07-07 22:02 -------- d-----w- c:\program files (x86)\COMPELSON Labs
2012-07-03 20:43 . 2012-07-10 21:07 -------- d-----w- c:\program files (x86)\HTC
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 17:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 17:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 17:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 20:57 . 2012-06-19 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:23 . 2012-04-01 13:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 20:23 . 2011-11-16 23:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-12-28 23:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 05:45 . 2012-07-11 13:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 13:33 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-15 04:01 . 2012-06-13 17:46 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 17:46 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 22:11 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-05-04 18:44 . 2012-04-01 13:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29 . 2012-01-16 19:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-01-16 19:23 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 17:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:46 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:46 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:46 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 17:46 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 17:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:46 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:46 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:46 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 17:46 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NeXuS"="c:\program files (x86)\Winstep\Nexus.exe" [2012-03-28 16957056]
.
c:\users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-17 2430464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11]; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-10 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-13 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-15 15672]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-15 138912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\downloads\TRANSLAT12\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.hardId - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E904D751BB1CE3C5561DCA411BD49871496B4E307B56114287F3E37F0A3A33741310D44794C03ECE9CA6163601F06DA57AAF35B35601BCA9BF0A61D8CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98089DB7CE019D40AA5CDAC67058A2E4FA11B866124C9324A9ECF5C347BDB07B066EFD175D4C11CEE6804AC6B328A3CA64164D9A13A2875DD2BF3108C54D2AD28953600E8CA7C1EF7DA06420E25B112AA5B7931C060F77663BC48B5A5DC1DA4D386EFDC5A83ADAAEB7524D050085CF701B08FB382305279503BBE1C09D8F85CB9750C19B331AB79421171ECE24FC7BEE72196A61393E0FA31DE8866429701D0FFE0E8A94C422EB8A96F66178FBDD61D82E823A2AA8B4592ED115C015B5E0CBBE1C422BD487703DE14AFA18A3C687054725DFB64E67AA66363D8DC8C28CA3EBE2EF89EB2A3CE6A24C41B3B491DA9B9D3683D121A77EA3C922CEA2CD038DBC0FEB4F86868035ABCB63D5B121AB1E031585467B2F390A67C93BCAA87092ABF4792B63DDA9EDD8A91AA1378DB97E0E6709FAC00489A73C02E2ADC8F848CBEA59A4D727BAF8A7A38DA2E5E461CBB73B394D3E9A18CC3B5BC3C40CB3EF5F33E5BBBB0D6DC90C88A4C92FF3B44B9D2EC92BE75B4E668A603FC0D2CBCBED32ECCC329FC6D9BC6E8FFE95BCF2526E67D770B393432923C629565124C425D634C4DF14E5E965C89CDFEA6A7C6EB97053507E0EBE4AD085FC4A211205B62815CAA7F67F56BA5D290C403186D5D5BE7D03D8513A0BA839C9979CB462F4C08F94D0277B56ECE5E019A29BB3EB60FC054489D45E7BCFFA2EAFF89DBAE6266AEA451379EABB5B78675D3B8064E06B1A067570CBAD5898424F7A756C7087029B9E1D54F6591A856437B82622CBEFF5C912C832E95C1C22618D7156CE2770A1A26293CAA1EC1E83806EF525D704E6B80CC8793FFE99555F2132E0592EC391583042261F97DD3AA187FDE2709CBBD79A422246FAFE2A58F7AF55182E97C01FA5D81ED5F09F7C22621829D1B00E3818BA3665703F02E6BBC51BE76AFABA2A124318A8A552242ACF78340B1787F04FC46910B14056C4BBDA5659ABB0D86EA1259C4BEA9E48B2DDFECD428E0D872A6CB72CE277FE01A4A854EDC1B646D3A85CD9D0B1BFCE4D7D20337D8CF49036C68E173D9EFE7C73A7418B0291F5896D892374B2F1D746CE5B113058C2538410F2CAC60B9DDF0BD5F5AF273D69A55E9B4F55FB4B953619304463FEE2F4924D8484C570361A09014459AE947ECB5AAEC5E0613DD5893260C657DB6CD61B6ED5F370BC041333BB38CC440F8058A37AE2C9C6CEC741A0F739DBD5548A9F8F788B38D27EB22DEC0E12F5C7345E103CC06DF8ACB570318E8942AE263D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-07-16 23:22:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-16 21:22
.
Před spuštěním: Volných bajtů: 85 358 624 768
Po spuštění: Volných bajtů: 86 922 977 280
.
- - End Of File - - 8EDAE6C2C8835C885BD3610B8939272A
ComboFix 12-07-16.01 - davsa 16.07.2012 22:54:14.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2414 [GMT 2:00]
Spuštěný z: c:\users\davsa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\davsa\Desktop\CFScript.txt.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ToolwizCareFree
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\AutoKMS.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-16 do 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 20:03 . 2012-07-16 20:03 -------- d-----w- C:\CloneDVDTemp
2012-07-15 19:59 . 2012-07-15 19:59 -------- d-----w- C:\Temp
2012-07-15 17:01 . 2012-07-15 17:01 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 13:00 . 2012-07-15 13:01 -------- d-----w- C:\rsit
2012-07-15 11:34 . 2012-07-15 18:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-15 11:34 . 2012-07-15 18:38 -------- d-----w- c:\program files\Symantec
2012-07-15 11:34 . 2012-07-15 11:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-15 11:33 . 2012-07-15 19:12 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-07-15 11:33 . 2012-07-15 11:33 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-07-15 11:33 . 2012-07-15 11:33 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-14 22:43 . 2012-07-14 22:43 -------- d-----w- c:\users\davsa\DoctorWeb
2012-07-14 21:51 . 2012-07-14 21:51 -------- d-----w- c:\programdata\Simply Super Software
2012-07-14 20:53 . 2012-07-14 20:59 -------- d-----w- c:\users\davsa\AppData\Local\ToolwizCareFree
2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\program files (x86)\HD Tune
2012-07-14 20:15 . 2012-07-14 20:15 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\users\davsa\AppData\Roaming\QuickScan
2012-07-13 19:36 . 2012-07-14 22:38 -------- d-----w- c:\users\davsa\AppData\Local\NPE
2012-07-13 18:31 . 2011-12-14 10:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-13 18:31 . 2011-12-14 10:46 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-07-13 18:31 . 2011-12-14 10:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-13 18:31 . 2012-07-13 18:31 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-13 16:44 . 2012-07-13 16:44 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-07-13 16:44 . 2012-07-13 16:44 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-07-11 20:19 . 2012-07-11 20:19 -------- d-----w- c:\program files\Compiled Driver Disk (Android)
2012-07-11 14:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 21:08 . 2012-07-13 19:04 -------- d-----w- c:\users\davsa\AppData\Local\Htc
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\davsa\AppData\Roaming\HTC
2012-07-10 21:06 . 2012-07-10 21:06 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\users\davsa\AppData\Roaming\Subversion
2012-07-07 22:02 . 2012-07-07 22:02 -------- d-----w- c:\program files (x86)\COMPELSON Labs
2012-07-03 20:43 . 2012-07-10 21:07 -------- d-----w- c:\program files (x86)\HTC
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 17:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 17:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 17:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 20:57 . 2012-06-19 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:23 . 2012-04-01 13:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 20:23 . 2011-11-16 23:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-12-28 23:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 05:45 . 2012-07-11 13:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 13:33 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-15 04:01 . 2012-06-13 17:46 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 17:46 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 22:11 . 2011-12-04 20:39 82816 ----a-w- c:\users\davsa\AppData\Roaming\pcouffin.sys
2012-05-04 18:44 . 2012-04-01 13:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29 . 2012-01-16 19:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-01-16 19:23 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 17:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:46 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:46 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:46 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 17:46 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 17:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:46 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:46 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:46 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 17:46 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NeXuS"="c:\program files (x86)\Winstep\Nexus.exe" [2012-03-28 16957056]
.
c:\users\davsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-17 2430464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/17 00:11]; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 33360]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-17 31008]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-10 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-13 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-15 15672]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-15 138912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\downloads\TRANSLAT12\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\downloads\TRANSLAT12\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.hardId - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{237BA8BE-A3F6-351C-058C-FFD0558D145C}*]
"jagfjagjggilngcldhlg"=hex:62,61,61,6c,00,00
"iagefmlljngbdpghdc"=hex:6b,61,64,6c,69,67,68,6a,62,67,66,61,6a,6f,6c,70,6d,61,
61,67,62,6a,00,00
"jagfjagjggilngcldhhh"=hex:62,61,6e,6b,00,00
"hamdpfdgbgpaailm"=hex:6b,61,64,6c,69,67,68,6a,67,67,64,64,62,61,6b,69,69,67,
6e,6b,69,65,00,00
.
[HKEY_USERS\S-1-5-21-2845817104-3085971459-2673415368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A408AD-8C93-D2F9-DF57-CBFCCB661BDA}*]
"jaaapfbolnonjahdmfhj"=hex:62,61,6e,6e,00,00
"jaaapfbolnonjahdmfdi"=hex:62,61,6b,6e,00,00
"iaabfhmeeeeniaolbe"=hex:6b,61,6c,6e,67,68,70,70,67,6f,6e,64,65,63,66,6c,63,6e,
66,66,65,69,00,00
"hagajefklkbnooii"=hex:6b,61,6c,6e,67,68,70,70,6b,6d,6d,6e,6a,6e,6e,6f,6b,64,
6a,6a,6d,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E904D751BB1CE3C5561DCA411BD49871496B4E307B56114287F3E37F0A3A33741310D44794C03ECE9CA6163601F06DA57AAF35B35601BCA9BF0A61D8CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98089DB7CE019D40AA5CDAC67058A2E4FA11B866124C9324A9ECF5C347BDB07B066EFD175D4C11CEE6804AC6B328A3CA64164D9A13A2875DD2BF3108C54D2AD28953600E8CA7C1EF7DA06420E25B112AA5B7931C060F77663BC48B5A5DC1DA4D386EFDC5A83ADAAEB7524D050085CF701B08FB382305279503BBE1C09D8F85CB9750C19B331AB79421171ECE24FC7BEE72196A61393E0FA31DE8866429701D0FFE0E8A94C422EB8A96F66178FBDD61D82E823A2AA8B4592ED115C015B5E0CBBE1C422BD487703DE14AFA18A3C687054725DFB64E67AA66363D8DC8C28CA3EBE2EF89EB2A3CE6A24C41B3B491DA9B9D3683D121A77EA3C922CEA2CD038DBC0FEB4F86868035ABCB63D5B121AB1E031585467B2F390A67C93BCAA87092ABF4792B63DDA9EDD8A91AA1378DB97E0E6709FAC00489A73C02E2ADC8F848CBEA59A4D727BAF8A7A38DA2E5E461CBB73B394D3E9A18CC3B5BC3C40CB3EF5F33E5BBBB0D6DC90C88A4C92FF3B44B9D2EC92BE75B4E668A603FC0D2CBCBED32ECCC329FC6D9BC6E8FFE95BCF2526E67D770B393432923C629565124C425D634C4DF14E5E965C89CDFEA6A7C6EB97053507E0EBE4AD085FC4A211205B62815CAA7F67F56BA5D290C403186D5D5BE7D03D8513A0BA839C9979CB462F4C08F94D0277B56ECE5E019A29BB3EB60FC054489D45E7BCFFA2EAFF89DBAE6266AEA451379EABB5B78675D3B8064E06B1A067570CBAD5898424F7A756C7087029B9E1D54F6591A856437B82622CBEFF5C912C832E95C1C22618D7156CE2770A1A26293CAA1EC1E83806EF525D704E6B80CC8793FFE99555F2132E0592EC391583042261F97DD3AA187FDE2709CBBD79A422246FAFE2A58F7AF55182E97C01FA5D81ED5F09F7C22621829D1B00E3818BA3665703F02E6BBC51BE76AFABA2A124318A8A552242ACF78340B1787F04FC46910B14056C4BBDA5659ABB0D86EA1259C4BEA9E48B2DDFECD428E0D872A6CB72CE277FE01A4A854EDC1B646D3A85CD9D0B1BFCE4D7D20337D8CF49036C68E173D9EFE7C73A7418B0291F5896D892374B2F1D746CE5B113058C2538410F2CAC60B9DDF0BD5F5AF273D69A55E9B4F55FB4B953619304463FEE2F4924D8484C570361A09014459AE947ECB5AAEC5E0613DD5893260C657DB6CD61B6ED5F370BC041333BB38CC440F8058A37AE2C9C6CEC741A0F739DBD5548A9F8F788B38D27EB22DEC0E12F5C7345E103CC06DF8ACB570318E8942AE263D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-07-16 23:22:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-16 21:22
.
Před spuštěním: Volných bajtů: 85 358 624 768
Po spuštění: Volných bajtů: 86 922 977 280
.
- - End Of File - - 8EDAE6C2C8835C885BD3610B8939272A
Re: dlouho načítá pc
Copak Norton se nechá přeinstalovat, ale ten net je mi divnej.
Pro veký úspěch použij ještě jednou ComboFix, ale tentokrát s tímto skriptem
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem.
P.S. pozor na to jak ten skript ukládáš, musí to být takhle CFScript.txt a ne tak CFScript.txt.txt
Pro veký úspěch použij ještě jednou ComboFix, ale tentokrát s tímto skriptem
Kód: Vybrat vše
Folder::
c:\users\davsa\AppData\Local\ToolwizCareFree
FireFox::
FF - ProfilePath - c:\users\davsa\AppData\Roaming\Mozilla\Firefox\Profiles\uno0wfna.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.hardId - 8a2f038e000000000000001a923648bc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem.
P.S. pozor na to jak ten skript ukládáš, musí to být takhle CFScript.txt a ne tak CFScript.txt.txt
Re: dlouho načítá pc
ok jdu nato ale Nortona jsem už skusil přeinstalovat a nepomohlo to ale dneska nic nevyskočilo.On pracuje ale neni na liště a to mi je divny
Přispějete na provoz fóra?