igfxupdate.exe

Zpráva

#46 Příspěvek od **cernohous13** » 13 pro 2012 05:09

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFScriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFScript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\taskhost.rs
c:\windows\system32\SearchEngine.rs

Restore::
c:\windows\system32\user32.dll
c:\windows\SysWOW64\user32.dll

Driver::
jdfer

NetSvc::
SearchIndexer

valda · #47 Příspěvek od **valda** » 13 pro 2012 13:21

ten combofix neskutečně dlouho trvá skoro 4 1/2 hodiny

ComboFix 12-12-10.01 - tata 13.12.2012 8:58.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2685 [GMT 1:00]
Spuštěný z: f:\stahovßný mozilla\ComboFix.exe
Použité ovládací přepínače :: c:\users\tata\Desktop\CFscript.txt
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\SearchEngine.rs"
"c:\windows\system32\taskhost.rs"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SearchEngine.rs
c:\windows\system32\taskhost.rs
.
Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jdfer
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 12:07 . 2012-12-13 12:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 12:07 . 2012-12-13 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 12:07 . 2012-12-13 12:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-13 12:07 . 2012-12-13 12:07 -------- d-----w- c:\users\Administrator.tata-PC\AppData\Local\temp
2012-12-12 21:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 21:03 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 21:00 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 21:00 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 08:04 . 2012-12-12 08:05 -------- d-----w- c:\users\tata\AppData\Roaming\Win7codecs
2012-12-12 08:04 . 2012-12-12 08:04 -------- d-----w- c:\program files (x86)\Win7codecs
2012-12-12 08:03 . 2012-12-12 08:05 -------- d-----w- c:\programdata\Win7codecs
2012-12-11 05:34 . 2012-12-11 05:34 -------- d-----w- C:\rsit
2012-12-10 08:26 . 2012-12-10 08:26 -------- d-----w- c:\users\Administrator.tata-PC\AppData\Local\Macromedia
2012-12-10 08:24 . 2012-12-10 08:24 -------- d-----w- c:\users\Administrator.tata-PC\AppData\Roaming\DAEMON Tools Lite
2012-12-04 09:00 . 2012-12-04 09:00 1566208 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-12-04 07:45 . 2012-12-04 07:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-27 08:35 . 2012-11-27 08:42 -------- d-----w- c:\users\tata\AppData\Roaming\Norton Utilities 16
2012-11-27 08:27 . 2012-09-29 21:49 40992 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-11-27 08:27 . 2008-09-17 20:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-27 08:27 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-11-27 08:27 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-11-27 08:27 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-11-27 08:27 . 2012-09-29 21:50 512544 ----a-w- c:\windows\SysWow64\msxml.dll
2012-11-27 08:27 . 2012-11-27 08:27 -------- d-----w- c:\program files (x86)\Symantec
2012-11-27 08:26 . 2012-11-27 08:27 -------- d-----w- c:\programdata\Symantec
2012-11-27 08:26 . 2012-11-27 08:26 -------- d-----w- c:\users\tata\AppData\Roaming\Product_NU16
2012-11-27 04:58 . 2012-11-27 04:58 4316160 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-11-24 11:49 . 2012-11-24 11:49 -------- d-----w- c:\programdata\Raxco
2012-11-24 11:48 . 2012-11-24 11:48 -------- d-----w- c:\program files\Raxco
2012-11-24 11:48 . 2012-11-24 11:48 -------- d-----w- c:\program files\Common Files\Raxco
2012-11-19 22:38 . 2012-11-19 22:38 -------- d-----w- c:\users\tata\AppData\Roaming\ts3overlay
2012-11-19 21:26 . 2012-12-02 01:11 -------- d-----w- c:\users\tata\AppData\Roaming\TS3Client
2012-11-16 06:07 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 06:07 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 22:44 . 2012-02-29 19:23 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 19:32 . 2012-06-11 19:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 19:32 . 2012-02-29 20:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-24 13:08 . 2012-10-23 08:33 73728 ----a-r- c:\users\tata\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-11-24 13:08 . 2012-10-23 08:33 73728 ----a-r- c:\users\tata\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-11-24 13:08 . 2012-10-23 08:33 53248 ----a-r- c:\users\tata\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-11-24 13:08 . 2012-10-23 08:33 49152 ----a-r- c:\users\tata\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-11-24 13:08 . 2012-10-23 08:33 49152 ----a-r- c:\users\tata\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-11-09 16:11 . 2012-11-09 16:11 10454 ----a-w- c:\windows\SysWow64\drivers\parldr2k.sys
2012-11-02 08:05 . 2012-11-02 08:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-11-02 08:05 . 2012-11-02 08:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-02 08:05 . 2012-11-02 08:05 106000 ----a-w- c:\windows\system32\packet.dll
2012-10-29 06:37 . 2012-05-02 18:09 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-27 06:18 . 2012-10-27 06:17 2048 ----a-w- c:\windows\SysWow64\winver.exe
2012-10-27 06:18 . 2012-10-27 06:17 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-10-27 06:17 . 2012-10-27 06:17 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2012-10-27 06:17 . 2012-10-27 06:17 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2012-10-27 06:17 . 2012-10-27 06:17 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2012-10-04 16:40 . 2012-12-12 21:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-04 16:29 . 2012-10-04 16:29 269176 ----a-w- c:\windows\system32\PDBoot.exe
2012-10-02 22:21 . 2012-10-29 07:13 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-29 07:13 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-29 07:13 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-29 07:13 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-10-29 07:13 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-10-29 07:13 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-10-29 07:13 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-29 07:13 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-29 07:13 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-29 07:13 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-10-29 07:13 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-29 07:13 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-10-29 07:13 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-29 07:13 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-29 07:13 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-10-29 07:13 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-29 07:13 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-10-29 07:13 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2012-09-20 07:53 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-06-11 08:19 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2012-03-01 07:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 19:51 . 2012-02-29 19:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-02-29 19:49 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-02-29 19:49 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-02-29 19:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-02-29 19:49 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-02-29 19:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-26 05:33 . 2012-10-29 07:25 7272960 ----a-w- c:\windows\system32\RCoRes64.dat
2012-09-26 01:09 . 2012-10-29 07:25 4155536 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-09-26 00:47 . 2012-10-29 07:25 115344 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-09-25 00:28 . 2012-10-29 07:25 3643024 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-09-24 21:32 . 2012-10-29 07:25 7601528 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2012-09-24 21:32 . 2012-10-29 07:25 2080120 ----a-w- c:\windows\system32\WavesGUILib64.dll
2012-09-19 10:10 . 2012-09-28 18:25 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-19 10:10 . 2012-09-28 18:25 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-19 10:10 . 2012-09-28 18:25 25952 ----a-w- c:\windows\system32\authuitu.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-10-27 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PARLDR2K;PARLDR2K;c:\windows\system32\drivers\parldr2k.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-29 1147424]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-05 21712]
R3 dump_wmimmc;dump_wmimmc;c:\l2\lineage2\system\GameGuard\dump_wmimmc.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-29 1160224]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-29 13920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-29 1255736]
R4 CachemanService;Cacheman Service;c:\program files (x86)\Cacheman\CachemanServ.exe [2012-01-04 236896]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121212.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-16 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-16 405624]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/01 11:23];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 21:57 146928]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2011-11-03 21984]
S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys [2011-12-06 14760]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-29 792608]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-23 83224]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-28 138912]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2012-07-24 34032]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 19:32]
.
2012-12-13 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2012-11-27 21:49]
.
2012-11-21 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files (x86)\Registry Winner\RegistryWinner.exe [2012-06-02 11:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: 2012-11-08 07:24; {5ddeb737-082c-48fb-8c06-aa4b38d61e5f}; c:\program files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
FF - ExtSQL: 2012-11-20 02:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2012-11-20 07:27; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF - ExtSQL: 2012-11-20 07:35; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2012-11-20 07:58; jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack; c:\users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack.xpi
FF - ExtSQL: 2012-11-21 09:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-25 07:17; synchronize@nokia.suite; c:\users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\synchronize@nokia.suite
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="8F7173E39E35A745007F75EA2A695CAB4527FDC03144E5978AECD6631ED88C8F87C559BCE6A4B264E6DC01D180423689BC339DC6D66B5C3C0A0989A96050DE7E5821F397BABCF35C5E44BFACD789F987B2A36742BFE122BE97847E01DB5DB805503D36C0D85975AB03FBFA3B90B75B2AB6ED1F880D5F32C8D32115F1149100933D47B615478A24A877C024CED17BF2CDDAF82E00274E6CD9E1914C1B5135FDEDF662AD874F94D3FA6040CB5105B5BB1E37219DA6B8CA1745E8014BAC9FC361AC5324FA1E7E71BAA1689E2BBBD9FC941EE3B6200C312A59B1158B596CCE6DB8BA31169E73A5CCF36ABC729B9E411A40A2817D87534371401A95C2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67948EDD5E5BE2F6E6677DDC59DD3B14EAEC84169208A46EABE749DCE7EE38F6F4E9A98192C14140267D1049D141A8964D3099E5DCC1E7202C8955CD7B020D5F4E420BD49E4EC97430501626137617B674C454F93C11699FAA799A30E4117403290CC2299D2875146D27C37AA87E21C19727606F7DB38EDE7080DD55D036BA18FBFACEA2BB681CBCA5C46FE25F0F48DBF1C68DF4AD1C9DA5C75A08233044112B45BBD1FDEA5A77DF28DE928CCB11ECF7428850CFA171458D81392512363B0E1B856B9008610126C146A2CD3CC0A35861CA433FD8700E938670C0663159542B1D409BF523160FAAF954ADE3C85A9636B5D14396FBF3007FD26C8B229FD8FA45387E5390C4C86EEAF6AD133A1EF67015E6A2C8B639CB8ADE8952264F9233CE1EC7CC0C90F9F83A31F8AEDADDBAB7E9E7398B08A4245CA3EF1400118CD42C225A7C3D34CBDDEAC2AD15B9FEFCB20471874960A885E5CB75D2B2D8C199C34EFE835AE2ACBEA4A98DEFB3B36E68AB85A9AE02F5C6273B05DF8AF8C7A0DBCEE11E0737D64C04140253EF11870D1A62A9E47C27A77379F3B77481CA348CDAFCFAF03841B65EDF0784000940A2B1ABA5A22F74CC54319074D77903E5115445E66A1A4976A11EB66B86B3F6A275A6DB596745FC5EDDF7A2B39A69BFD7503EEB3ACA7156AB3CBF934221C45F73F62B8D743219E498ACB50DC0FBF3CB826903C2B677825A8830E72423B1B9C5BE9FF2C70100CFD70FA9C7CF393B7A209D5950E2338F0D39872AB23A38D8CF96E46EA4B59F9442EAA444058E525C1518341FC50A99788337FAD92C4BBF7CF79E1C63DBA58374FE1595EE3390D4258C7625BD7919E4DA0E7C047556710C465691EA06260BF3EA47B16DA08FC21CA1DF5CA23D7313A8A109981CB328EA03A1430630DD887D4C86908110D3C9B39921415433AAB2A2097D04FB8ED20C192040CB759B7AF7367A1884A532068698D03598CA32142614BEE1C0FBFA"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2012-12-13 13:17:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-13 12:17
ComboFix2.txt 2012-12-12 22:33
.
Před spuštěním: Volných bajtů: 67 913 367 552
Po spuštění: Volných bajtů: 67 556 831 232
.
- - End Of File - - 7D8C69B0D1E3AC4B91AD1CF530EF3050

#48 Příspěvek od **cernohous13** » 13 pro 2012 16:17

Klikni na https://www.virustotal.com
klik "Procházet" > po kliknutí na "Choose File" jen zkopíruj do řádku "Název souboru":

c:\windows\SysWOW64\user32.dll

"Scan It" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

totéž se souborem:
c:\program files (x86)\Registry Winner\RegistryWinner.exe

valda · #49 Příspěvek od **valda** » 13 pro 2012 16:50

https://www.virustotal.com/file/267377e ... 355412332/
https://www.virustotal.com/file/25b7315 ... 355413232/

#50 Příspěvek od **cernohous13** » 13 pro 2012 18:54

ten combofix neskutečně dlouho trvá skoro 4 1/2 hodiny

ComboFix 12-12-10.01 - tata 13.12.2012 8:58.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2685 [GMT 1:00]
Spuštěný z: f:\stahovßný mozilla\ComboFix.exe
Použité ovládací přepínače :: c:\users\tata\Desktop\CFscript.txt
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

Pokud nemáš ComboFix na ploše, přesuň jej tam.
a navíc jsem psal o vypnutí AV při použití ComboFixu
možná i proto neprovedl vše co bylo ve Scriptu

jaké jsou současné problémy?

jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Nakonec mi dej současný RSIT log

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Kdyby něco z návodu nefungovalo, pokračuj dalším krokem.

valda · #51 Příspěvek od **valda** » 14 pro 2012 08:57

když jsem vložil do spustit -ComboFix /Uninstall- tak mi napsalo že soubor nebyl nalezen.zkoušel jsem to napsat i ručně i z tou mezerou a nic.
při pokusu najet do obnovení systému mi napsalo taky že je chyba.screen posílám http://ulozto.cz/xaChZk7/bod-obnoveni-png

#52 Příspěvek od **cernohous13** » 14 pro 2012 10:29

cernohous13 píše: Kdyby něco z návodu nefungovalo, pokračuj dalším krokem.

Předpokládám, že ostatní proběhlo

ComboFix odstraňuje i T-cleaner

Máš vůbec spuštěný Nástroj obnovení systému?

- nějaké problémy?

valda · #53 Příspěvek od **valda** » 14 pro 2012 10:54

obnovení systému mi nejde nějak spustit.pořád píše že vyhledává jednotky v položce ochrana systému ale při kliknutí na konfiguraci píše že tam je chyba http://ulozto.cz/xJ4wLzG/2-png

#54 Příspěvek od **cernohous13** » 14 pro 2012 15:10

Start -> Spustit... (nebo Win+R) - zadej cmd -> Enter
do černého pole zadej sfc /scannow -> Enter

valda · #55 Příspěvek od **valda** » 14 pro 2012 16:38

posílám log
http://ulozto.cz/xYjWkpz/cbs-log

#56 Příspěvek od **cernohous13** » 14 pro 2012 17:24

Spíš by mě zajímalo jestli akce pomohla opravit Nástroj obnovy

valda · #57 Příspěvek od **valda** » 14 pro 2012 18:21

tak ten- sfc /scannow-nepomohl ale dočetl jsem se že to dělá zapnutý turbo režim v TuneUp Utilities.vypl jsem ho tam a už to jde dělat body obnovení
a tu je nový log

Logfile of random's system information tool 1.09 (written by random/random)
Run by tata at 2012-12-14 18:36:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 67 GB (38%) free of 175 GB
Total RAM: 4095 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:36:55, on 14.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\trend micro\tata.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9206 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe"
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe"
"C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe"
"taskhost.exe"
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2340
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2140.15378c00.468169463 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 2140 "\\.\pipe\gecko-crash-server-pipe.2140" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe" --proxy-stub-channel=Flash3772.6AAAB7B8.41 --host-broker-channel=Flash3772.6AAAB7B8.18467 --host-pid=3772 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe" --channel=1264.0034F39C.1567859319 --proxy-stub-channel=Flash3772.6AAAB7B8.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "C:\Users\tata\AppData\Local\Temp\Ccleaner%20www.pdf"
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" --channel=3024.002FFA1C.1152277450 --type=renderer "C:\Users\tata\AppData\Local\Temp\Ccleaner%20www.pdf"
taskeng.exe {D4725AC5-57A4-4717-91EC-D4C3E722E542}
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
C:\Windows\system32\AUDIODG.EXE 0x6e0
"F:\stahování Mozilla\RSITx64(1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\NUAutoUpdate.job
C:\Windows\tasks\Registry Winner Schedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\
synchronize@nokia.suite
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL [2012-06-21 210400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-02 157672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4Sync]
C:\Program Files (x86)\4Sync\4Sync.exe [2012-10-11 11926560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [2011-12-12 3249032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CachemanTray]
C:\Program Files (x86)\Cacheman\CachemanTray.exe [2012-01-07 392544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2782096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files (x86)\Free Download Manager\fdm.exe [2011-12-28 6148096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\tata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-04-14 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2012-01-05 1823744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2011-11-17 3994960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-01-12 371256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-01-02 501544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-09-26 13196432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09 17877168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [2012-09-29 104480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2012-06-20 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoInstrumentation"=1
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-12-14 18:36:49 ----D---- C:\rsit
2012-12-14 16:45:00 ----A---- C:\Windows\SYSWOW64\winver.exe
2012-12-14 16:45:00 ----A---- C:\Windows\SYSWOW64\user32.dll
2012-12-14 16:45:00 ----A---- C:\Windows\SYSWOW64\systemcpl.dll
2012-12-14 16:45:00 ----A---- C:\Windows\SYSWOW64\sppcomapi.dll
2012-12-14 16:45:00 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2012-12-13 18:22:27 ----ASH---- C:\hiberfil.sys
2012-12-13 17:08:38 ----SHD---- C:\$RECYCLE.BIN
2012-12-13 13:18:00 ----D---- C:\Windows\temp
2012-12-12 23:41:46 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-12 23:41:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-12 23:41:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-12 23:41:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-12 23:41:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-12 23:41:44 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-12 23:41:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-12 23:41:44 ----A---- C:\Windows\system32\urlmon.dll
2012-12-12 23:41:44 ----A---- C:\Windows\system32\url.dll
2012-12-12 23:41:44 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-12 23:41:44 ----A---- C:\Windows\system32\ieui.dll
2012-12-12 23:41:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-12 23:41:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-12 23:41:43 ----A---- C:\Windows\system32\wininet.dll
2012-12-12 23:41:43 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-12 23:41:43 ----A---- C:\Windows\system32\jscript9.dll
2012-12-12 23:41:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-12 23:41:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-12 23:41:42 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-12 23:41:42 ----A---- C:\Windows\system32\vbscript.dll
2012-12-12 23:41:42 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-12 23:41:42 ----A---- C:\Windows\system32\jscript.dll
2012-12-12 23:41:42 ----A---- C:\Windows\system32\iertutil.dll
2012-12-12 23:41:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-12 23:41:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-12 23:41:39 ----A---- C:\Windows\system32\mshtml.dll
2012-12-12 23:41:39 ----A---- C:\Windows\system32\ieframe.dll
2012-12-12 23:41:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-12 22:03:13 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-12 22:03:13 ----A---- C:\Windows\system32\tzres.dll
2012-12-12 22:02:56 ----A---- C:\Windows\system32\win32k.sys
2012-12-12 22:02:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-12 22:02:55 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-12 22:02:55 ----A---- C:\Windows\system32\atmlib.dll
2012-12-12 22:02:55 ----A---- C:\Windows\system32\atmfd.dll
2012-12-12 22:02:29 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-12-12 22:02:29 ----A---- C:\Windows\system32\winsrv.dll
2012-12-12 22:02:29 ----A---- C:\Windows\system32\KernelBase.dll
2012-12-12 22:02:29 ----A---- C:\Windows\system32\kernel32.dll
2012-12-12 22:02:29 ----A---- C:\Windows\system32\conhost.exe
2012-12-12 22:02:28 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-12-12 22:02:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 22:02:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 22:02:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 22:02:27 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 22:02:27 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 22:02:27 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-12-12 22:02:27 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-12-12 22:02:27 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-12-12 22:02:27 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-12-12 22:02:27 ----A---- C:\Windows\system32\wow64win.dll
2012-12-12 22:02:27 ----A---- C:\Windows\system32\wow64cpu.dll
2012-12-12 22:02:27 ----A---- C:\Windows\system32\wow64.dll
2012-12-12 22:02:27 ----A---- C:\Windows\system32\ntvdm64.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 22:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 22:02:25 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 22:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 22:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 22:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 22:02:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 22:02:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 22:02:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 22:02:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 22:02:21 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 22:02:20 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 22:02:19 ----A---- C:\Windows\SYSWOW64\user.exe
2012-12-12 22:00:47 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-12 22:00:47 ----A---- C:\Windows\system32\dpnet.dll
2012-12-12 16:59:34 ----D---- C:\Qoobox
2012-12-12 09:08:56 ----D---- C:\Users\tata\AppData\Roaming\Shark007
2012-12-12 09:08:56 ----D---- C:\ProgramData\Shark007
2012-12-12 09:08:53 ----D---- C:\Program Files\Shark007
2012-12-12 09:08:53 ----A---- C:\Windows\system32\x264vfw.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\VSFilter.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\unrar.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\pthreadGC2.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\mlc.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\lagarith.dll
2012-12-12 09:08:53 ----A---- C:\Windows\system32\ff_vfw.dll
2012-12-12 09:04:08 ----D---- C:\Users\tata\AppData\Roaming\Win7codecs
2012-12-12 09:04:05 ----D---- C:\Program Files (x86)\Win7codecs
2012-12-12 09:03:39 ----D---- C:\ProgramData\Win7codecs
2012-12-04 21:15:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-04 10:00:00 ----A---- C:\Windows\SYSWOW64\VSFilter.dll
2012-11-27 09:35:13 ----D---- C:\Users\tata\AppData\Roaming\Norton Utilities 16
2012-11-27 09:27:13 ----A---- C:\Windows\system32\CleanMFT64.exe
2012-11-27 09:27:12 ----A---- C:\Windows\SYSWOW64\msxml.dll
2012-11-27 09:27:09 ----D---- C:\Program Files (x86)\Symantec
2012-11-27 09:26:32 ----D---- C:\ProgramData\Symantec
2012-11-27 09:26:31 ----D---- C:\Users\tata\AppData\Roaming\Product_NU16
2012-11-27 05:58:24 ----A---- C:\Windows\SYSWOW64\x264vfw.dll
2012-11-25 18:08:34 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-11-24 12:49:00 ----D---- C:\ProgramData\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files\Raxco
2012-11-19 23:38:59 ----D---- C:\Users\tata\AppData\Roaming\ts3overlay
2012-11-19 22:26:08 ----D---- C:\Users\tata\AppData\Roaming\TS3Client
2012-11-16 07:07:43 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-16 07:07:43 ----A---- C:\Windows\system32\synceng.dll

======List of files/folders modified in the last 1 month======

2099-01-14 00:14:24 ----D---- C:\ProgramData\Norton
2012-12-14 18:36:55 ----D---- C:\Windows\Prefetch
2012-12-14 18:36:52 ----D---- C:\Program Files\trend micro
2012-12-14 18:35:14 ----D---- C:\Windows\inf
2012-12-14 18:35:12 ----D---- C:\Windows
2012-12-14 18:29:52 ----D---- C:\Program Files\CCleaner
2012-12-14 18:17:57 ----SHD---- C:\System Volume Information
2012-12-14 18:14:55 ----AD---- C:\ProgramData\TEMP
2012-12-14 18:13:22 ----D---- C:\Windows\system32\config
2012-12-14 18:13:14 ----D---- C:\Users\tata\AppData\Roaming\ICQ
2012-12-14 17:08:42 ----D---- C:\Users\tata\AppData\Roaming\Skype
2012-12-14 16:45:31 ----D---- C:\Windows\SysWOW64
2012-12-14 16:45:30 ----D---- C:\Windows\System32
2012-12-14 16:42:01 ----D---- C:\Windows\winsxs
2012-12-14 13:10:57 ----D---- C:\Users\tata\AppData\Roaming\vlc
2012-12-14 08:41:09 ----D---- C:\Windows\system32\drivers\etc
2012-12-13 22:17:18 ----D---- C:\ProgramData
2012-12-13 20:16:23 ----D---- C:\ProgramData\PMB Files
2012-12-13 20:15:04 ----D---- C:\L2
2012-12-13 17:08:41 ----D---- C:\Users\tata\AppData\Roaming\Winamp
2012-12-13 17:08:41 ----D---- C:\Users\tata\AppData\Roaming\DAEMON Tools Lite
2012-12-13 17:08:38 ----D---- C:\Windows\Minidump
2012-12-13 17:08:38 ----D---- C:\Windows\Logs
2012-12-13 17:08:38 ----D---- C:\Windows\debug
2012-12-13 13:18:06 ----D---- C:\Windows\system32\drivers
2012-12-13 13:11:01 ----A---- C:\Windows\system.ini
2012-12-13 12:53:10 ----D---- C:\Windows\SYSWOW64\drivers
2012-12-13 12:53:10 ----D---- C:\Windows\AppPatch
2012-12-13 12:53:03 ----D---- C:\Program Files (x86)\Common Files
2012-12-12 23:53:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-12-12 23:53:25 ----D---- C:\Windows\system32\cs-CZ
2012-12-12 23:53:08 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-12 23:53:07 ----D---- C:\Windows\SYSWOW64\migration
2012-12-12 23:53:06 ----D---- C:\Windows\system32\migration
2012-12-12 23:53:05 ----D---- C:\Program Files\Internet Explorer
2012-12-12 23:52:31 ----SHD---- C:\Windows\Installer
2012-12-12 23:51:40 ----D---- C:\ProgramData\Microsoft Help
2012-12-12 23:44:18 ----A---- C:\Windows\system32\MRT.exe
2012-12-12 23:42:52 ----D---- C:\Windows\system32\catroot
2012-12-12 23:42:51 ----D---- C:\Windows\system32\catroot2
2012-12-12 18:49:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-12 09:08:53 ----RD---- C:\Program Files
2012-12-12 09:04:05 ----RD---- C:\Program Files (x86)
2012-12-11 20:32:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-12-10 16:13:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-10 13:00:19 ----RSD---- C:\Windows\assembly
2012-12-10 09:26:24 ----D---- C:\Windows\system32\Tasks
2012-12-06 10:01:03 ----D---- C:\Program Files (x86)\JDownloader
2012-12-06 08:52:12 ----SD---- C:\ProgramData\Microsoft
2012-12-06 08:36:43 ----D---- C:\Program Files (x86)\Windows Doctor
2012-12-05 11:43:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-04 08:46:02 ----D---- C:\ProgramData\Skype
2012-12-04 08:45:46 ----RD---- C:\Program Files (x86)\Skype
2012-12-03 13:12:59 ----D---- C:\Program Files (x86)\Garmin
2012-11-29 19:01:38 ----D---- C:\Windows\Tasks
2012-11-29 09:45:37 ----SD---- C:\Users\tata\AppData\Roaming\Microsoft
2012-11-24 13:52:53 ----D---- C:\Users\tata\AppData\Roaming\Nokia
2012-11-24 13:45:59 ----D---- C:\Program Files (x86)\Nokia
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files
2012-11-21 15:25:59 ----D---- C:\Program Files (x86)\Registry Winner
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\Free Download Manager
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\BitTorrent
2012-11-21 12:33:05 ----D---- C:\Users\tata\AppData\Roaming\Mumble
2012-11-16 09:49:07 ----D---- C:\Windows\Microsoft.NET
2012-11-16 07:25:33 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-03-31 120920]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-03-09 564792]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-15 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-24 1384608]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-12-14 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121212.001\IDSvia64.sys [2012-09-06 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [2012-07-06 37536]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-16 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-16 405624]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-02-29 231376]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2012-09-11 126232]
R2 DRHARD64;DRHARD64; \??\C:\Windows\system32\drivers\DRHARD64.sys [2011-11-03 21984]
R2 DRHMSR64;DRHMSR64; \??\C:\Windows\system32\drivers\DRHMSR64.sys [2011-12-06 14760]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
R2 PDFSFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2012-08-23 83224]
R3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-28 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-09-26 4155536]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121213.025\ENG64.SYS [2012-12-14 126112]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121213.025\EX64.SYS [2012-12-14 2084000]
R3 PAC207;Trust WB-1400T Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2012-07-24 34032]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [2012-07-06 737952]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-07-30 175736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
S2 PARLDR2K;ParLdr2k; \??\C:\Windows\system32\drivers\parldr2k.sys []
S3 7ByteIo;7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DRHARD;DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-05 21712]
S3 dump_wmimmc;dump_wmimmc; \??\C:\L2\lineage2\system\GameGuard\dump_wmimmc.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-06-11 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-06-11 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2009-04-06 4682]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-27 26112]
S3 PRODIGY;PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-10-29 13920]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-06-11 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-06-11 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-29 792608]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2012-10-04 1976696]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2012-10-04 3367288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DiskDoctorService;Norton Disk Doctor Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-29 1147424]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-04 115168]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-03-28 4323256]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-10-03 725400]
S3 SpeedDiskService;Norton SpeedDisk Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-29 1160224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-29 1255736]
S4 CachemanService;Cacheman Service; C:\Program Files (x86)\Cacheman\CachemanServ.exe [2012-01-05 236896]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

-----------------EOF-----------------

#58 Příspěvek od **cernohous13** » 14 pro 2012 18:54

opravíme registr netsvcs
spusť notepad a zkopíruj celý zelený text

Kód: Vybrat vše

REGEDIT4

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):41,65,4C,6F,6F,6B,75,70,53,76,63,00,41,70,\
  70,49,6E,66,6F,00,41,70,70,4D,67,6D,74,00,41,75,64,69,6F,53,72,76,00,42,\
  44,45,53,56,43,00,42,49,54,53,00,62,72,6F,77,73,65,72,00,43,65,72,74,\
  50,72,6F,70,53,76,63,00,45,61,70,48,6F,73,74,00,46,61,73,74,55,73,65,\
  72,53,77,69,74,63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,\
  00,67,70,73,76,63,00,68,65,6C,70,73,76,63,00,68,6B,6D,73,76,63,00,49,\
  61,73,00,49,4B,45,45,58,54,00,69,70,68,6C,70,73,76,63,00,49,72,6D,6F,\
  6E,00,6C,61,6E,6D,61,6E,73,65,72,76,65,72,00,4C,6F,67,6F,6E,48,6F,75,\
  72,73,00,4D,4D,43,53,53,00,6D,73,69,73,63,73,69,00,4E,6C,61,00,4E,74,\
  6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,6F,6E,00,4E,77,\
  73,61,70,61,67,65,6E,74,00,50,43,41,75,64,69,74,00,50,72,6F,66,53,76,\
  63,00,52,61,73,61,75,74,6F,00,52,61,73,6D,61,6E,00,52,65,6D,6F,74,65,\
  61,63,63,65,73,73,00,53,43,50,6F,6C,69,63,79,53,76,63,00,73,65,63,6C,\
  6F,67,6F,6E,00,53,45,4E,53,00,53,65,73,73,69,6F,6E,45,6E,76,00,53,68,\
  61,72,65,64,61,63,63,65,73,73,00,53,68,65,6C,6C,48,57,44,65,74,65,63,\
  74,69,6F,6E,00,73,63,68,65,64,75,6C,65,00,53,52,53,65,72,76,69,63,65,\
  00,54,61,70,69,73,72,76,00,54,65,72,6D,53,65,72,76,69,63,65,00,54,68,\
  65,6D,65,73,00,75,70,6C,6F,61,64,6D,67,72,00,77,65,72,63,70,6C,73,75,\
  70,70,6F,72,74,00,77,69,6E,6D,67,6D,74,00,57,6D,64,6D,50,6D,53,70,00,57,\
  6D,69,00,77,75,61,75,73,65,72,76,00,00

Soubor -> uložit jako... dej Název souboru: netsvcs.reg
Uložit jako typ: Všechny soubory

Soubor dvojklikem spusť -> souhlas se zapsáním do registru -> restart

ještě něco řešit nebo už uklízet?

valda · #59 Příspěvek od **valda** » 14 pro 2012 19:08

provedeno.jestli myslíš uklízení co si popisoval dříve jsem provedl dopoledne.ale pokud je ještě něco k uklizení tak napiš

#60 Příspěvek od **cernohous13** » 14 pro 2012 20:17

Pokud jsi uklidil a nevidíš problém, tak to můžeme ukončit a popřát si hezké Vánoce

VIRY.CZ

igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe

Re: igfxupdate.exe