nebezpečný soubor

Zpráva

kratky · #1 Příspěvek od **kratky** » 01 úno 2013 18:59

log.zip: (11.89 KiB) Staženo 25 x

Dobrý den,
Eset sysinspector označil v mém PC jako nebezpečný soubor wtsrv.exe. Podle návodu jsem vytvoři log z RSIT, který přikládám a prosím o pomoc s řešením problému. Děkuji

#2 Příspěvek od **vyosek** » 01 úno 2013 19:02

Zdravim

Log sem prosim vlozte jako text prispevku, pokud je dlouhy, tak jej rozdelte do vice prispevku

kratky · #3 Příspěvek od **kratky** » 01 úno 2013 19:10

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jirka at 2013-02-01 18:26:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 827 GB (87%) free of 954 GB
Total RAM: 8109 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:22, on 1.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Eusing Launcher\eLauncher.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jirka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_s ... e5493da347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Eusing Launcher] C:\Program Files (x86)\Eusing Launcher\eLauncher.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://sitedirector.symantec.com/932743 ... os=windows
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - H:\superantispyware\SASCORE64.EXE (file missing)
O23 - Service: Ashampoo Core Tuner 2 Service (ACT2_Service) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Služba indexování (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Zjišťování interaktivních služeb (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10990 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll" /prefetch:1
taskeng.exe {31AD716B-BA2E-493D-A345-BAD47570944F}
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Soluto\SolutoLauncherService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Windows\System32\Drivers\WTSRV.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Eusing Launcher\eLauncher.exe"
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Zoner\Photo Studio 15\Program64\Zps.exe"
"C:\Users\Jirka\Downloads\SysInspector.exe"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" -- "http://google.com/search?q=c%3a%5cwindo ... tsrv%2eexe"
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.0.447201121\1409221467" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5404.1.1062460173\1566918633" --supports-dual-gpus=false --skip-gpu-full-info-collection --gpu-vendor-id=0x8086 --gpu-device-id=0x0122 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2867 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.2.1618261713\660228204" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.3.213769180\947993549" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.4.1524289342\89392901" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.5.1570913862\1168259871" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.6.47801723\2006277884" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.7.266423564\1084186922" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll" --lang=cs --channel="5404.8.1651852551\217588957" /prefetch:4
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.11.1549326122\1178170524" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5404.12.1119696979\1456744630" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.14.528723271\562038643" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.16.1537633313\1255234039" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.20.595692647\262879550" /prefetch:3
taskeng.exe {7AB5D1FA-C78A-4206-8BCD-59B0E6996E7C}
"C:\Users\Jirka\Downloads\viry\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
C:\Windows\tasks\One-Click Optimizer.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b9afc42-05d5-4b6a-92c4-6dc65884f9c5.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ff240c65-2e8c-4d4f-8b9a-982198ec3919.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-11-15 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll [2013-01-10 509264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL [2012-09-07 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-12 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll [2013-01-10 509264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-03-27 12459112]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-10 441888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"=C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [2013-01-15 491840]
"Eusing Launcher"=C:\Program Files (x86)\Eusing Launcher\eLauncher.exe [2012-12-03 1654784]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2012-12-04 773728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe [2013-01-18 1248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
c:\program files\canon\myprinter\bjmyprt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPVCodecPackTrialInfo]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe [2012-07-02 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
c:\program files (x86)\mytomtom 3\mytomtomsa.exe [2012-05-18 434168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [2010-06-02 93376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
c:\program files\realtek\audio\hda\ravcpl64.exe [2012-03-27 12459112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMASH]
C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe [2009-10-30 229411]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\real\realplayer\Update\realsched.exe [2012-11-15 296096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe [2010-04-20 222504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"EMET Notifier"=C:\Program Files (x86)\EMET\EMET_notifier.exe [2012-05-09 152152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStartMenuMyMusic"=0
"NoClose"=0
"NoCloseDragDropBands"=0
"NoUserFolderInStartMenu"=0
"NoStartMenuMFUprogramsList"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMorePrograms"=0
"NoStartMenuMyGames"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-01 18:26:16 ----D---- C:\rsit
2013-02-01 18:26:16 ----D---- C:\Program Files\trend micro
2013-02-01 17:39:46 ----D---- C:\Users\Jirka\AppData\Roaming\wurst
2013-02-01 10:25:23 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-01-28 09:47:30 ----D---- C:\Program Files (x86)\IconConverter
2013-01-26 23:20:34 ----D---- C:\Users\Jirka\AppData\Roaming\Eusing
2013-01-26 23:20:25 ----D---- C:\Program Files (x86)\Eusing Launcher
2013-01-26 10:21:39 ----D---- C:\Users\Jirka\AppData\Roaming\VideoMeld
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\java.exe
2013-01-22 17:49:42 ----D---- C:\Program Files\ISL
2013-01-22 17:49:00 ----D---- C:\Windows\Downloaded Installations
2013-01-17 09:03:19 ----A---- C:\Windows\system32\drivers\Soluto.sys
2013-01-17 09:03:18 ----D---- C:\Program Files\Soluto
2013-01-14 18:43:02 ----D---- C:\Users\Jirka\AppData\Roaming\SUPERAntiSpyware.com
2013-01-14 18:42:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-01-09 07:59:15 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 07:59:15 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 07:59:02 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 07:59:02 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 07:59:02 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 07:59:02 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 07:58:58 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 07:58:58 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 07:58:56 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 07:58:56 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 07:58:50 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 07:58:50 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 07:58:50 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 07:58:50 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 07:58:13 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 07:58:12 ----A---- C:\Windows\system32\win32k.sys
2013-01-04 18:25:20 ----A---- C:\Windows\system32\DfSdkBt.exe
2013-01-03 23:03:24 ----D---- C:\Users\Jirka\AppData\Roaming\avidemux
2013-01-03 16:35:33 ----A---- C:\Windows\MyHeritage.INI
2013-01-03 16:34:06 ----D---- C:\Users\Jirka\AppData\Roaming\MyHeritage
2013-01-03 16:34:06 ----D---- C:\ProgramData\MyHeritage
2013-01-03 16:33:55 ----D---- C:\Users\Jirka\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-01-02 09:59:33 ----D---- C:\Program Files\RawTherapeeV40

======List of files/folders modified in the last 1 month======

2013-02-01 18:26:16 ----RD---- C:\Program Files
2013-02-01 18:26:10 ----D---- C:\Windows\temp
2013-02-01 18:01:13 ----D---- C:\Windows\system32\config
2013-02-01 17:24:09 ----D---- C:\Program Files (x86)\Ashampoo
2013-02-01 16:38:42 ----D---- C:\Windows
2013-02-01 14:35:51 ----SHD---- C:\System Volume Information
2013-02-01 10:25:23 ----D---- C:\Windows\System32
2013-02-01 09:04:18 ----D---- C:\Windows\inf
2013-02-01 09:01:54 ----D---- C:\Program Files\CCleaner
2013-02-01 08:48:12 ----RD---- C:\Program Files (x86)
2013-02-01 08:35:47 ----D---- C:\Windows\system32\Tasks
2013-02-01 07:31:30 ----D---- C:\Windows\debug
2013-01-30 08:27:34 ----D---- C:\Users\Jirka\AppData\Roaming\Media Player Classic
2013-01-28 09:35:52 ----D---- C:\Windows\SysWOW64
2013-01-27 20:56:16 ----A---- C:\Users\Jirka\AppData\Roaming\PC.MTBF.txt
2013-01-24 07:13:08 ----D---- C:\Windows\system32\drivers\N360x64
2013-01-23 15:11:29 ----SHD---- C:\Windows\Installer
2013-01-23 14:51:20 ----D---- C:\Program Files (x86)\Java
2013-01-22 17:49:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-01-21 17:15:35 ----A---- C:\Windows\Graffiti5.2Pin.ini
2013-01-21 04:43:34 ----D---- C:\ProgramData\CyberLink
2013-01-18 20:16:55 ----D---- C:\Windows\system32\catroot2
2013-01-17 09:29:05 ----D---- C:\ProgramData\Soluto
2013-01-17 09:24:41 ----D---- C:\Program Files (x86)\Google
2013-01-17 09:12:33 ----RSD---- C:\Windows\assembly
2013-01-17 09:12:33 ----D---- C:\Windows\Microsoft.NET
2013-01-17 09:03:20 ----D---- C:\Windows\system32\catroot
2013-01-17 09:03:19 ----DC---- C:\Windows\system32\DRVSTORE
2013-01-17 09:03:19 ----D---- C:\Windows\system32\drivers
2013-01-16 15:49:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-15 08:43:33 ----D---- C:\Windows\system32\DriverStore
2013-01-14 18:43:17 ----D---- C:\Windows\Tasks
2013-01-14 18:43:02 ----HD---- C:\ProgramData
2013-01-14 18:26:11 ----D---- C:\Windows\Prefetch
2013-01-11 18:22:06 ----D---- C:\Windows\rescache
2013-01-09 17:18:24 ----D---- C:\Users\Jirka\AppData\Roaming\gtk-2.0
2013-01-09 09:08:59 ----D---- C:\Windows\winsxs
2013-01-09 09:06:36 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-09 09:06:36 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 09:06:35 ----D---- C:\Windows\AppPatch
2013-01-09 09:06:05 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-01-09 09:01:05 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 09:00:15 ----D---- C:\Windows\system32\inetsrv
2013-01-05 19:55:22 ----D---- C:\Program Files\Adobe
2013-01-04 18:32:34 ----D---- C:\ProgramData\ashampoo
2013-01-03 16:33:53 ----D---- C:\Program Files (x86)\MyHeritage

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-09-24 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130131.001\IDSvia64.sys [2012-10-23 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS [2012-05-24 37496]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2012-08-08 43680]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
R2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2011-06-10 15160]
R2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [2012-11-15 36776]
R3 cpuz136;cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-23 138912]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-07-26 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-03-27 4015592]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130131.032\ENG64.SYS [2013-01-16 126192]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130131.032\EX64.SYS [2013-01-16 2087664]
R3 PTSimBus;PenTablet Bus Enumerator; C:\Windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS [2012-10-09 776864]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-10-24 177312]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 Soluto;Soluto; C:\Windows\system32\DRIVERS\Soluto.sys [2013-01-10 54728]
S1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys []
S1 SASDIFSV;SASDIFSV; \??\H:\superantispyware\SASDIFSV64.SYS []
S1 SASKUTIL;SASKUTIL; \??\H:\superantispyware\SASKUTIL64.SYS []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 60288]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 48768]
S3 cpuz132;cpuz132; C:\Windows\system32\drivers\cpuz132.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-07 21712]
S3 esihdrv;esihdrv; C:\Windows\system32\drivers\esihdrv.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 61440]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\Windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-02 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Tablet2k;Serial Tablet Port Driver; C:\Windows\system32\drivers\Tablet2k.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-11-02 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-11-02 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACT2_Service;Ashampoo Core Tuner 2 Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
R2 SolutoLauncherService;Soluto Launcher Service; C:\Program Files\Soluto\SolutoLauncherService.exe [2013-01-10 183280]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WinTabService;WinTab Service; C:\Windows\System32\Drivers\WTSRV.EXE [2011-09-23 73728]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 !SASCORE;SAS Core Service; H:\superantispyware\SASCORE64.EXE []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2013-01-10 547312]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S3 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S3 CISVC;Služba indexování; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [2009-08-24 544768]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2012-06-27 73728]
S3 SolutoRemoteService;Soluto Remote Service; C:\Program Files\Soluto\SolutoRemoteService.exe [2013-01-10 1239552]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 81920]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 01 úno 2013 19:21

Odinstalujte Advanced SystemCare a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

kratky · #5 Příspěvek od **kratky** » 01 úno 2013 21:24

MBAM našel 5 nebezpečí. Posílám log.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jirka :: PC [administrátor]

Ochrana: Povolena

1.2.2013 19:47:44
MBAM-log-2013-02-01 (21-17-43).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 495356
Uplynulý čas: 1 hodin, 12 minut, 52 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 4
C:\Users\Jirka\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **vyosek** » 01 úno 2013 22:16

Nalezy MBAMu smazte, objevi se log, ten rad uvidim

kratky · #7 Příspěvek od **kratky** » 02 úno 2013 00:39

Jediné log protokoly, které jsem našel, jsou tyto:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jirka :: PC [administrátor]

Ochrana: Povolena

1.2.2013 19:47:44
MBAM-log-2013-02-01 (21-17-43).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 495356
Uplynulý čas: 1 hodin, 12 minut, 52 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 4
C:\Users\Jirka\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

(konec)

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jirka :: PC [administrátor]

Ochrana: Povolena

1.2.2013 19:47:44
MBAM-log-2013-02-01 (21-17-43).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 495356
Uplynulý čas: 1 hodin, 12 minut, 52 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 4
C:\Users\Jirka\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Nebyla provedena žádná instrukce.

(konec)

A potom jsem ještě použil RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jirka at 2013-02-01 18:26:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 827 GB (87%) free of 954 GB
Total RAM: 8109 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:22, on 1.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Eusing Launcher\eLauncher.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jirka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_s ... e5493da347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Eusing Launcher] C:\Program Files (x86)\Eusing Launcher\eLauncher.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://sitedirector.symantec.com/932743 ... os=windows
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - H:\superantispyware\SASCORE64.EXE (file missing)
O23 - Service: Ashampoo Core Tuner 2 Service (ACT2_Service) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Služba indexování (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Zjišťování interaktivních služeb (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10990 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll" /prefetch:1
taskeng.exe {31AD716B-BA2E-493D-A345-BAD47570944F}
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Soluto\SolutoLauncherService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Windows\System32\Drivers\WTSRV.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Eusing Launcher\eLauncher.exe"
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Zoner\Photo Studio 15\Program64\Zps.exe"
"C:\Users\Jirka\Downloads\SysInspector.exe"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" -- "http://google.com/search?q=c%3a%5cwindo ... tsrv%2eexe"
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.0.447201121\1409221467" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5404.1.1062460173\1566918633" --supports-dual-gpus=false --skip-gpu-full-info-collection --gpu-vendor-id=0x8086 --gpu-device-id=0x0122 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2867 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.2.1618261713\660228204" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.3.213769180\947993549" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.4.1524289342\89392901" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.5.1570913862\1168259871" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.6.47801723\2006277884" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.7.266423564\1084186922" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll" --lang=cs --channel="5404.8.1651852551\217588957" /prefetch:4
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.11.1549326122\1178170524" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5404.12.1119696979\1456744630" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.14.528723271\562038643" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.16.1537633313\1255234039" /prefetch:3
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/18/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_87/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --disable-client-side-phishing-detection --renderer-print-preview --channel="5404.20.595692647\262879550" /prefetch:3
taskeng.exe {7AB5D1FA-C78A-4206-8BCD-59B0E6996E7C}
"C:\Users\Jirka\Downloads\viry\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
C:\Windows\tasks\One-Click Optimizer.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b9afc42-05d5-4b6a-92c4-6dc65884f9c5.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ff240c65-2e8c-4d4f-8b9a-982198ec3919.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-11-15 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll [2013-01-10 509264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL [2012-09-07 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-12 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll [2013-01-10 509264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-03-27 12459112]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-10 441888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"=C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [2013-01-15 491840]
"Eusing Launcher"=C:\Program Files (x86)\Eusing Launcher\eLauncher.exe [2012-12-03 1654784]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2012-12-04 773728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe [2013-01-18 1248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
c:\program files\canon\myprinter\bjmyprt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPVCodecPackTrialInfo]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe [2012-07-02 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
c:\program files (x86)\mytomtom 3\mytomtomsa.exe [2012-05-18 434168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [2010-06-02 93376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
c:\program files\realtek\audio\hda\ravcpl64.exe [2012-03-27 12459112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMASH]
C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe [2009-10-30 229411]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\real\realplayer\Update\realsched.exe [2012-11-15 296096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe [2010-04-20 222504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"EMET Notifier"=C:\Program Files (x86)\EMET\EMET_notifier.exe [2012-05-09 152152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStartMenuMyMusic"=0
"NoClose"=0
"NoCloseDragDropBands"=0
"NoUserFolderInStartMenu"=0
"NoStartMenuMFUprogramsList"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMorePrograms"=0
"NoStartMenuMyGames"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-01 18:26:16 ----D---- C:\rsit
2013-02-01 18:26:16 ----D---- C:\Program Files\trend micro
2013-02-01 17:39:46 ----D---- C:\Users\Jirka\AppData\Roaming\wurst
2013-02-01 10:25:23 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-01-28 09:47:30 ----D---- C:\Program Files (x86)\IconConverter
2013-01-26 23:20:34 ----D---- C:\Users\Jirka\AppData\Roaming\Eusing
2013-01-26 23:20:25 ----D---- C:\Program Files (x86)\Eusing Launcher
2013-01-26 10:21:39 ----D---- C:\Users\Jirka\AppData\Roaming\VideoMeld
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-01-23 14:51:20 ----A---- C:\Windows\SYSWOW64\java.exe
2013-01-22 17:49:42 ----D---- C:\Program Files\ISL
2013-01-22 17:49:00 ----D---- C:\Windows\Downloaded Installations
2013-01-17 09:03:19 ----A---- C:\Windows\system32\drivers\Soluto.sys
2013-01-17 09:03:18 ----D---- C:\Program Files\Soluto
2013-01-14 18:43:02 ----D---- C:\Users\Jirka\AppData\Roaming\SUPERAntiSpyware.com
2013-01-14 18:42:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-01-09 07:59:15 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 07:59:15 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 07:59:02 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 07:59:02 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 07:59:02 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 07:59:02 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 07:58:58 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 07:58:58 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 07:58:56 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 07:58:56 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 07:58:50 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 07:58:50 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 07:58:50 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 07:58:50 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 07:58:22 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 07:58:22 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 07:58:13 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 07:58:12 ----A---- C:\Windows\system32\win32k.sys
2013-01-04 18:25:20 ----A---- C:\Windows\system32\DfSdkBt.exe
2013-01-03 23:03:24 ----D---- C:\Users\Jirka\AppData\Roaming\avidemux
2013-01-03 16:35:33 ----A---- C:\Windows\MyHeritage.INI
2013-01-03 16:34:06 ----D---- C:\Users\Jirka\AppData\Roaming\MyHeritage
2013-01-03 16:34:06 ----D---- C:\ProgramData\MyHeritage
2013-01-03 16:33:55 ----D---- C:\Users\Jirka\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-01-02 09:59:33 ----D---- C:\Program Files\RawTherapeeV40

======List of files/folders modified in the last 1 month======

2013-02-01 18:26:16 ----RD---- C:\Program Files
2013-02-01 18:26:10 ----D---- C:\Windows\temp
2013-02-01 18:01:13 ----D---- C:\Windows\system32\config
2013-02-01 17:24:09 ----D---- C:\Program Files (x86)\Ashampoo
2013-02-01 16:38:42 ----D---- C:\Windows
2013-02-01 14:35:51 ----SHD---- C:\System Volume Information
2013-02-01 10:25:23 ----D---- C:\Windows\System32
2013-02-01 09:04:18 ----D---- C:\Windows\inf
2013-02-01 09:01:54 ----D---- C:\Program Files\CCleaner
2013-02-01 08:48:12 ----RD---- C:\Program Files (x86)
2013-02-01 08:35:47 ----D---- C:\Windows\system32\Tasks
2013-02-01 07:31:30 ----D---- C:\Windows\debug
2013-01-30 08:27:34 ----D---- C:\Users\Jirka\AppData\Roaming\Media Player Classic
2013-01-28 09:35:52 ----D---- C:\Windows\SysWOW64
2013-01-27 20:56:16 ----A---- C:\Users\Jirka\AppData\Roaming\PC.MTBF.txt
2013-01-24 07:13:08 ----D---- C:\Windows\system32\drivers\N360x64
2013-01-23 15:11:29 ----SHD---- C:\Windows\Installer
2013-01-23 14:51:20 ----D---- C:\Program Files (x86)\Java
2013-01-22 17:49:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-01-21 17:15:35 ----A---- C:\Windows\Graffiti5.2Pin.ini
2013-01-21 04:43:34 ----D---- C:\ProgramData\CyberLink
2013-01-18 20:16:55 ----D---- C:\Windows\system32\catroot2
2013-01-17 09:29:05 ----D---- C:\ProgramData\Soluto
2013-01-17 09:24:41 ----D---- C:\Program Files (x86)\Google
2013-01-17 09:12:33 ----RSD---- C:\Windows\assembly
2013-01-17 09:12:33 ----D---- C:\Windows\Microsoft.NET
2013-01-17 09:03:20 ----D---- C:\Windows\system32\catroot
2013-01-17 09:03:19 ----DC---- C:\Windows\system32\DRVSTORE
2013-01-17 09:03:19 ----D---- C:\Windows\system32\drivers
2013-01-16 15:49:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-15 08:43:33 ----D---- C:\Windows\system32\DriverStore
2013-01-14 18:43:17 ----D---- C:\Windows\Tasks
2013-01-14 18:43:02 ----HD---- C:\ProgramData
2013-01-14 18:26:11 ----D---- C:\Windows\Prefetch
2013-01-11 18:22:06 ----D---- C:\Windows\rescache
2013-01-09 17:18:24 ----D---- C:\Users\Jirka\AppData\Roaming\gtk-2.0
2013-01-09 09:08:59 ----D---- C:\Windows\winsxs
2013-01-09 09:06:36 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-09 09:06:36 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 09:06:35 ----D---- C:\Windows\AppPatch
2013-01-09 09:06:05 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-01-09 09:01:05 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 09:00:15 ----D---- C:\Windows\system32\inetsrv
2013-01-05 19:55:22 ----D---- C:\Program Files\Adobe
2013-01-04 18:32:34 ----D---- C:\ProgramData\ashampoo
2013-01-03 16:33:53 ----D---- C:\Program Files (x86)\MyHeritage

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-09-24 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130131.001\IDSvia64.sys [2012-10-23 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS [2012-05-24 37496]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2012-08-08 43680]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
R2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2011-06-10 15160]
R2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [2012-11-15 36776]
R3 cpuz136;cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-23 138912]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-07-26 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-03-27 4015592]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130131.032\ENG64.SYS [2013-01-16 126192]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130131.032\EX64.SYS [2013-01-16 2087664]
R3 PTSimBus;PenTablet Bus Enumerator; C:\Windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS [2012-10-09 776864]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-10-24 177312]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 Soluto;Soluto; C:\Windows\system32\DRIVERS\Soluto.sys [2013-01-10 54728]
S1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys []
S1 SASDIFSV;SASDIFSV; \??\H:\superantispyware\SASDIFSV64.SYS []
S1 SASKUTIL;SASKUTIL; \??\H:\superantispyware\SASKUTIL64.SYS []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 60288]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 48768]
S3 cpuz132;cpuz132; C:\Windows\system32\drivers\cpuz132.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-07 21712]
S3 esihdrv;esihdrv; C:\Windows\system32\drivers\esihdrv.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 61440]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\Windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-02 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Tablet2k;Serial Tablet Port Driver; C:\Windows\system32\drivers\Tablet2k.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-11-02 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-11-02 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACT2_Service;Ashampoo Core Tuner 2 Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
R2 SolutoLauncherService;Soluto Launcher Service; C:\Program Files\Soluto\SolutoLauncherService.exe [2013-01-10 183280]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WinTabService;WinTab Service; C:\Windows\System32\Drivers\WTSRV.EXE [2011-09-23 73728]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 !SASCORE;SAS Core Service; H:\superantispyware\SASCORE64.EXE []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2013-01-10 547312]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S3 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S3 CISVC;Služba indexování; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [2009-08-24 544768]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2012-06-27 73728]
S3 SolutoRemoteService;Soluto Remote Service; C:\Program Files\Soluto\SolutoRemoteService.exe [2013-01-10 1239552]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 81920]

-----------------EOF-----------------

#8 Příspěvek od **vyosek** » 02 úno 2013 00:43

OK, pujdem na to jinak

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

kratky · #9 Příspěvek od **kratky** » 02 úno 2013 14:32

Posílám výsledky Rkillu. Program vyprodukoval ještě regitrační položku.

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/02/2013 02:23:28 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\Drivers\WTSRV.EXE (PID: 2116) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Jirka\Desktop\rkill\rkill-02-02-2013-02-23-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/02/2013 02:23:40 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

#10 Příspěvek od **vyosek** » 02 úno 2013 19:13

OK, pockam si na ComboFix

kratky · #11 Příspěvek od **kratky** » 02 úno 2013 21:04

Spustil jsem Combo Fix, teď nemohu spustit žádný soubor, píše mi to: "Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění". Co s tím? Připojil jsem se z druhého PC. Přikládám log Combo Fix:

ComboFix 13-02-02.05 - Jirka 02.02.2013 20:18:45.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8109.5158 [GMT 1:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\users\Jirka\AppData\Local\TempDIR
c:\users\Jirka\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Jirka\AppData\Roaming\inst.exe
c:\users\Jirka\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0405.exe
c:\windows\UA000104.DLL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-02 do 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\users\Jirka\AppData\Roaming\Malwarebytes
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\programdata\Malwarebytes
2013-02-01 18:46 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-01 17:26 . 2013-02-01 23:22 -------- d-----w- c:\program files\trend micro
2013-02-01 17:26 . 2013-02-01 17:54 -------- d-----w- C:\rsit
2013-02-01 16:39 . 2013-02-01 16:41 -------- d-----w- c:\users\Jirka\AppData\Roaming\wurst
2013-01-28 09:38 . 2013-01-28 09:38 -------- d-----w- c:\users\Jirka\Icon
2013-01-28 08:47 . 2013-01-28 08:47 -------- d-----w- c:\program files (x86)\IconConverter
2013-01-26 22:20 . 2013-01-26 22:20 -------- d-----w- c:\users\Jirka\AppData\Roaming\Eusing
2013-01-26 22:20 . 2013-01-26 22:20 -------- d-----w- c:\program files (x86)\Eusing Launcher
2013-01-26 09:21 . 2013-02-01 07:48 -------- d-----w- c:\users\Jirka\AppData\Roaming\VideoMeld
2013-01-23 19:33 . 2013-01-23 19:57 -------- d-----w- c:\users\Jirka\AppData\Local\ISL
2013-01-23 13:51 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 16:49 . 2013-01-22 16:49 -------- d-----w- c:\program files\ISL
2013-01-22 16:49 . 2013-01-22 16:49 -------- d-----w- c:\windows\Downloaded Installations
2013-01-18 22:14 . 2013-01-24 06:12 -------- d-----w- c:\windows\system32\drivers\N360x64\1402010.016
2013-01-17 08:03 . 2013-01-10 09:33 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-01-17 08:03 . 2013-01-17 08:03 -------- d-----w- c:\program files\Soluto
2013-01-14 17:43 . 2013-01-14 17:43 -------- d-----w- c:\users\Jirka\AppData\Roaming\SUPERAntiSpyware.com
2013-01-14 17:42 . 2013-01-14 17:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-09 06:59 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:59 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 06:59 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:59 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 06:59 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 06:59 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-04 17:25 . 2009-08-24 21:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
2013-01-03 22:03 . 2013-01-24 20:51 -------- d-----w- c:\users\Jirka\AppData\Roaming\avidemux
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:01 . 2011-12-15 19:51 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-31 15:41 . 2011-12-16 12:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-29 15:18 . 2011-12-23 21:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-16 17:11 . 2012-12-21 18:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 06:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-15 10:21 . 2012-11-15 10:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-15 10:21 . 2012-02-13 09:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-15 10:14 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-11-15 10:14 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-14 07:06 . 2012-12-13 09:18 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:18 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:18 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:18 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:18 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:18 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:18 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:18 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:18 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:18 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:18 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:18 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:18 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 07:23 . 2003-11-07 12:28 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-09 05:45 . 2012-12-13 08:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 08:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2010-10-20 14:50 . 2012-05-24 08:13 2041344 ----a-w- c:\program files (x86)\Common Files\Boris Graffiti.msi
2005-09-30 11:33 . 2005-09-30 11:33 733184 ----a-w- c:\program files\Photofont Start.8BF
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eusing Launcher"="c:\program files (x86)\Eusing Launcher\eLauncher.exe" [2012-12-03 1654784]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 SASDIFSV;SASDIFSV;h:\superantispyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL64.SYS [x]
R2 !SASCORE;SAS Core Service;h:\superantispyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [2009-08-24 544768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-07 21712]
R3 esihdrv;esihdrv; [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-02 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [2013-01-10 1239552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-02 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-02 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2013-01-10 54728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130201.001\IDSvia64.sys [2012-10-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]
S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2011-06-10 15160]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2013-01-10 183280]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2013-01-10 547312]
S2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [2012-11-15 36776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-22 138912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 14:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:18]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:18]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 14:30]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 14:30]
.
2013-02-01 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2013-01-04 11:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=964dc60c00000000000050e5493da347
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@Allowed: (Read) (RestrictedCode)
@=hex:c5,d9,02,da,93,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@Allowed: (Read) (RestrictedCode)
@=hex:25,03,c8,8f,dd,e5,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@Allowed: (Read) (RestrictedCode)
@=hex:2c,52,af,4a,9d,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@Allowed: (Read) (RestrictedCode)
@=hex:83,62,bb,3b,a0,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@Allowed: (Read) (RestrictedCode)
@=hex:8c,b3,b1,4a,9d,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@Allowed: (Read) (RestrictedCode)
@=hex:cc,f0,ac,4a,9d,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@Allowed: (Read) (RestrictedCode)
@=hex:8c,e3,3f,a3,29,e7,cd,01
.
[HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@Allowed: (Read) (RestrictedCode)
@=hex:da,b7,ea,cd,dd,e5,cd,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
@=hex:0f,e4,be,34,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:3d,bc,86,34,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:a4,6f,62,37,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:dc,3d,1c,37,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:3a,d0,df,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:8c,b2,28,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:38,92,e3,35,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:23,a7,7b,35,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
@=hex:ee,cb,d3,34,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:8e,cd,a7,a2,d1,4a,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:2e,1a,76,34,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:9c,e9,8a,35,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:c8,89,45,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:01,3f,a6,38,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:8f,2b,68,a2,d1,4a,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:82,61,ea,34,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:bc,26,ad,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:0b,64,42,37,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:8f,db,4f,35,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:71,29,0c,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:ea,fe,74,36,dc,e5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\System32\Drivers\WTSRV.EXE
.
**************************************************************************
.
Celkový čas: 2013-02-02 20:30:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-02 19:30
.
Před spuštěním: Volných bajtů: 866 423 390 208
Po spuštění: Volných bajtů: 866 019 979 264
.
- - End Of File - - F29FEDCAEFD5B5217EB2E89ED9FBA507

#12 Příspěvek od **vyosek** » 02 úno 2013 21:04

Restart PC, registry se da do kupy...mezitim napisu dalsi postup

#13 Příspěvek od **vyosek** » 02 úno 2013 21:06

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

kratky · #14 Příspěvek od **kratky** » 02 úno 2013 21:27

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 21:24:06
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jirka - PC
# Boot Mode : Normal
# Running from : C:\Users\Jirka\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Jirka\AppData\Local\APN
Folder Found : C:\Users\Jirka\AppData\Local\Babylon
Folder Found : C:\Users\Jirka\AppData\Local\Conduit
Folder Found : C:\Users\Jirka\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jirka\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Jirka\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jirka\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\APN
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2205CE98-753C-4635-AE16-3CEC9BA442A2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BA609B2-7325-4054-A2CA-6273EBC7BAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKU\S-1-5-21-1116504671-2471816576-3720499224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=964dc60c00000000000050e5493da347

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5516 octets] - [02/02/2013 21:24:06]

########## EOF - C:\AdwCleaner[R1].txt - [5576 octets] ##########

#15 Příspěvek od **vyosek** » 02 úno 2013 21:29

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

VIRY.CZ

nebezpečný soubor

nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor

Re: nebezpečný soubor