Kontrola PC

Zpráva

bufu1 · #1 Příspěvek od **bufu1** » 07 bře 2013 15:23

Dobrý den,
mám problém s Norton 360, Norton má vypnutou antivirovou ochranu a to z důvodu že nezná poslední aktualizaci, zkoušel jsem přeinstalovat, kdy po přeinstalování hlásil poslední aktualizace před 1 dnem, a po pokusu aktualizovat, proces selže a hlásí neznáme datum aktualizace.

Rád bych proto poprosil o kontrolu logu, jestli není problém v nějaké "havěti"

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bufu at 2013-03-07 15:07:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (30%) free of 50 GB
Total RAM: 3071 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:42, on 7.3.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\samsung\panelmgr\SSMMgr.exe
C:\PROGRA~1\HDTUNE~1\HDTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OSCAR Editor X7\OscarEditor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
C:\Documents and Settings\Bufu\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Bufu\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Bufu.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\samsung\panelmgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bufu\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5062475265
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7369 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1417001333-1177238915-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1417001333-1177238915-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Bufu\Data aplikací\Mozilla\Firefox\Profiles\gbbgqw3l.default-1361805298015

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Bufu\Data aplikací\Mozilla\Firefox\Profiles\gbbgqw3l.default-1361805298015\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll [2013-02-13 509776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL [2012-11-15 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-05 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-05 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll [2013-02-13 509776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\windows\AGRSMMSG.exe [2006-06-29 89541]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-11-21 180224]
"Samsung PanelMgr"=C:\WINDOWS\samsung\panelmgr\SSMMgr.exe [2010-12-07 684032]
"HD Tune"=C:\PROGRA~1\HDTUNE~1\HDTune.exe [2008-02-09 401408]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2010-11-26 331264]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-09 17021440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Bufu\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
"OscarEditor"=C:\Program Files\OSCAR Editor X7\OscarEditor.exe [2010-07-22 2636800]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bufu^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2012-08-13 1199104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Port pro program Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE

C:\Documents and Settings\Bufu\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\Bufu\Data aplikací\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2008-08-29 143360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server"
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager"
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe"="C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies"
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert"
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe"="C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Documents and Settings\Bufu\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Bufu\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
"VIDC.MP42"=mpg4c32.dll
"VIDC.MPG4"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2013-03-07 14:45:59 ----D---- C:\Program Files\Symantec
2013-03-07 14:45:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-03-07 14:45:59 ----A---- C:\windows\system32\drivers\SYMEVENT.SYS
2013-03-07 14:45:13 ----D---- C:\windows\system32\drivers\N360
2013-03-07 14:45:11 ----D---- C:\Program Files\Norton 360
2013-03-07 14:44:10 ----D---- C:\Program Files\NortonInstaller
2013-03-05 19:45:01 ----D---- C:\Documents and Settings\Bufu\Data aplikací\YouTube Downloader
2013-03-05 19:29:02 ----D---- C:\Documents and Settings\Bufu\Data aplikací\Opera
2013-03-05 19:28:40 ----D---- C:\Program Files\Opera
2013-03-05 15:28:30 ----A---- C:\windows\system32\javaws.exe
2013-03-05 15:28:18 ----A---- C:\windows\system32\WindowsAccessBridge.dll
2013-03-05 15:28:18 ----A---- C:\windows\system32\javaw.exe
2013-03-05 15:28:18 ----A---- C:\windows\system32\java.exe
2013-03-02 09:18:42 ----D---- C:\Documents and Settings\Bufu\Data aplikací\.technic
2013-02-26 21:10:26 ----A---- C:\Documents and Settings\Bufu\Data aplikací\technic-launcher.jar.bak
2013-02-26 21:10:26 ----A---- C:\Documents and Settings\Bufu\Data aplikací\technic-launcher.jar
2013-02-26 21:10:25 ----D---- C:\Documents and Settings\Bufu\Data aplikací\logs
2013-02-26 21:10:25 ----D---- C:\Documents and Settings\Bufu\Data aplikací\.techniclauncher
2013-02-21 14:20:43 ----D---- C:\Program Files\Mozilla Firefox
2013-02-18 14:07:18 ----D---- C:\Documents and Settings\Bufu\Data aplikací\casomira
2013-02-17 16:14:20 ----A---- C:\windows\system32\tasklist.exe
2013-02-17 12:35:37 ----D---- C:\Program Files\GNU Tools ARM Embedded
2013-02-17 10:42:26 ----D---- C:\Program Files\Free Screen Recorder
2013-02-13 11:54:19 ----HDC---- C:\windows\$NtUninstallKB2778344$
2013-02-13 11:54:08 ----HDC---- C:\windows\$NtUninstallKB2799494$
2013-02-13 11:54:01 ----HDC---- C:\windows\$NtUninstallKB2802968$
2013-02-13 11:53:54 ----HDC---- C:\windows\$NtUninstallKB2780091$

======List of files/folders modified in the last 1 month======

2013-03-07 15:07:35 ----D---- C:\windows\Prefetch
2013-03-07 15:07:35 ----D---- C:\Program Files\trend micro
2013-03-07 14:52:09 ----D---- C:\windows\temp
2013-03-07 14:46:04 ----SHD---- C:\System Volume Information
2013-03-07 14:45:59 ----RD---- C:\Program Files
2013-03-07 14:45:59 ----D---- C:\windows\system32\drivers
2013-03-07 14:45:59 ----D---- C:\Program Files\Common Files
2013-03-07 14:44:16 ----D---- C:\Documents and Settings\Bufu\Data aplikací\Dropbox
2013-03-07 14:42:29 ----A---- C:\windows\SchedLgU.Txt
2013-03-07 14:39:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2013-03-07 14:16:25 ----D---- C:\Documents and Settings\Bufu\Data aplikací\Skype
2013-03-07 14:11:32 ----D---- C:\Documents and Settings\Bufu\Data aplikací\.purple
2013-03-06 16:55:24 ----RASH---- C:\boot.ini
2013-03-06 16:55:21 ----D---- C:\windows\system32\CatRoot2
2013-03-05 19:47:03 ----D---- C:\Documents and Settings\Bufu\Data aplikací\vlc
2013-03-05 15:28:54 ----SHD---- C:\windows\Installer
2013-03-05 15:28:54 ----D---- C:\Config.Msi
2013-03-05 15:28:30 ----AD---- C:\windows\system32
2013-03-05 15:28:00 ----A---- C:\windows\system32\npDeployJava1.dll
2013-03-05 15:28:00 ----A---- C:\windows\system32\deployJava1.dll
2013-03-05 15:27:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-03-05 13:40:50 ----D---- C:\Documents and Settings\Bufu\Data aplikací\.minecraft
2013-03-05 13:38:14 ----D---- C:\WINDOWS
2013-03-05 08:18:46 ----HD---- C:\windows\inf
2013-03-04 10:16:45 ----D---- C:\Program Files\Defraggler
2013-03-04 10:16:24 ----D---- C:\Program Files\CCleaner
2013-03-04 10:05:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-04 09:53:33 ----A---- C:\windows\NeroDigital.ini
2013-02-21 14:57:10 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-02-21 14:15:59 ----D---- C:\windows\Debug
2013-02-21 01:42:58 ----D---- C:\Program Files\Java
2013-02-17 11:28:05 ----D---- C:\CooCox
2013-02-17 10:59:29 ----HD---- C:\Program Files\InstallJammer Registry
2013-02-13 14:17:54 ----RSD---- C:\windows\assembly
2013-02-13 14:17:54 ----D---- C:\windows\Microsoft.NET
2013-02-13 11:54:37 ----A---- C:\windows\system32\MRT.exe
2013-02-13 11:54:32 ----RSHDC---- C:\windows\system32\dllcache
2013-02-13 11:54:29 ----D---- C:\windows\ie8updates
2013-02-13 11:54:27 ----HD---- C:\windows\$hf_mig$
2013-02-13 11:53:39 ----D---- C:\Program Files\Internet Explorer
2013-02-13 11:50:36 ----D---- C:\windows\WinSxS
2013-02-13 11:49:03 ----D---- C:\STM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 13315215;13315215; C:\windows\system32\DRIVERS\13315215.sys [2012-09-13 133208]
R0 giveio;giveio; C:\windows\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 speedfan;speedfan; C:\windows\system32\speedfan.sys [2011-03-18 25240]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\N360\1403000.024\SYMDS.SYS [2013-01-21 367704]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\N360\1403000.024\SYMEFA.SYS [2013-01-30 934488]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx86.sys []
R1 ccSet_N360;Norton 360 Settings Manager; C:\windows\system32\drivers\N360\1403000.024\ccSetx86.sys [2012-11-15 134304]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\windows\system32\drivers\N360\1403000.024\SRTSPX.SYS [2013-01-28 32344]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\N360\1403000.024\Ironx86.SYS [2012-11-15 175264]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\windows\system32\drivers\N360\1403000.024\SYMTDI.SYS [2013-01-30 394656]
R1 Tosrfcom;Bluetooth RFCOMM; C:\windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 NTPCI;NTPCI; \??\C:\WINDOWS\system32\drivers\ntpci.sys []
R2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\windows\system32\DRIVERS\athw.sys [2009-09-07 1584448]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2008-08-30 3300864]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130306.035\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130306.035\NAVEX15.SYS []
R3 O2MDRDR;O2MDRDR; C:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
R3 O2SDRDR;O2SDRDR; C:\windows\system32\DRIVERS\o2sd.sys [2008-03-03 43608]
R3 RTHDMIAzAudService;Service for HDMI; C:\windows\system32\drivers\RtHDMI.sys [2008-08-26 3684352]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2009-11-27 177152]
R3 SRTSP;Symantec Real Time Storage Protection; C:\windows\system32\drivers\N360\1403000.024\SRTSP.SYS [2013-01-28 602712]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS []
R3 tosporte;Bluetooth COM Port; C:\windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 pardrv;pardrv; C:\windows\system32\drivers\pardrv.sys [2011-10-12 9728]
S3 Arp1394;Protokol 1394 ARP Client; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Cam5603D;BisonCam, NB Pro; C:\windows\System32\Drivers\BisonCam.sys [2008-08-15 1032488]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CV2K1;CommView Network Monitor; C:\windows\system32\DRIVERS\cv2k1.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Bufu\LOCALS~1\Temp\esihdrv.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2011-10-24 61704]
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 kbeepm;kbeepm; \??\C:\DOCUME~1\Bufu\LOCALS~1\Temp\kbeepm.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Pg4uUSB;Elnec USB driver; C:\windows\system32\DRIVERS\pg4uusb.sys [2012-08-14 120312]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 Ser2pl;Prolific2 Serial port driver; C:\windows\system32\DRIVERS\ser2pl.sys [2009-11-19 51200]
S3 sermouse;Ovladač sériové myši; C:\windows\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; C:\windows\System32\Drivers\tosrfbnp.sys [2009-05-12 36992]
S3 Tosrfhid;Bluetooth RFHID; C:\windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 TosRfSnd;Bluetooth Audio; C:\windows\system32\drivers\tosrfsnd.sys [2009-05-14 54400]
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S3 TVicPort;TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS []
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 RsFx0103;RsFx0103 Driver; C:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2008-08-29 573440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-05 170912]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2012-12-23 144520]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-21 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Předem děkuji

edit: oběvil jsem zde na forum že někdo tento problem už řeší http://forum.viry.cz/viewtopic.php?f=3&t=128607
omlouvám se že to vkladam sem ale i tak pro jistotu bych rad poprosil o kontrolu (předtím mě nenapadlo se podívat do sekce Firewall)

#2 Příspěvek od **Rudy** » 07 bře 2013 19:20

Zdravím!
Podíváme se, zda AV neblokuje virus. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

bufu1 · #3 Příspěvek od **bufu1** » 07 bře 2013 19:57

Dobrý večer,

Log Combofix

ComboFix 13-03-07.02 - Administrator 07.03.2013 19:43:58.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: Norton 360 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-07 do 2013-03-07 )))))))))))))))))))))))))))))))
.
.
2013-03-07 13:45 . 2013-03-07 13:45 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-07 13:45 . 2013-03-07 13:45 -------- d-----w- c:\program files\Symantec
2013-03-07 13:45 . 2013-03-07 13:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-07 13:45 . 2013-03-07 13:45 -------- d-----w- c:\windows\system32\drivers\N360
2013-03-07 13:45 . 2013-03-07 13:45 -------- d-----w- c:\program files\Norton 360
2013-03-07 13:44 . 2013-03-07 13:44 -------- d-----w- c:\program files\NortonInstaller
2013-03-05 18:28 . 2013-03-05 18:57 -------- d-----w- c:\program files\Opera
2013-03-05 14:28 . 2013-03-05 14:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-05 14:28 . 2013-03-05 14:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-17 15:14 . 2013-02-17 15:14 72192 ----a-w- c:\windows\system32\tasklist.exe
2013-02-17 11:35 . 2013-02-17 11:38 -------- d-----w- c:\program files\GNU Tools ARM Embedded
2013-02-17 09:42 . 2013-02-17 09:46 -------- d-----w- c:\program files\Free Screen Recorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 14:28 . 2012-08-15 13:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 14:28 . 2011-09-23 16:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 20:24 . 2013-02-02 20:22 205984 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 09:16 . 2012-05-14 04:21 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 09:16 . 2011-10-01 19:23 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 07:26 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 08:06 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2003-12-19 18:36 . 2011-08-16 17:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
1999-04-07 19:39 . 1999-04-07 19:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 04:53 . 1998-12-09 04:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 04:53 . 1998-12-09 04:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 04:53 . 1998-12-09 04:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 04:53 . 1998-12-09 04:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 04:53 . 1998-12-09 04:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2013-02-21 13:20 . 2013-02-21 13:20 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"Samsung PanelMgr"="c:\windows\samsung\panelmgr\SSMMgr.exe" [2010-12-07 684032]
"HD Tune"="c:\progra~1\HDTUNE~1\HDTune.exe" [2008-02-09 401408]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 331264]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-5-26 2528584]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-4-7 46080]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bufu^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Bufu\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 13:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Bufu\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 13315215;13315215;c:\windows\system32\drivers\13315215.sys [13.9.2012 19:23 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1403000.024\SymDS.sys [7.3.2013 14:45 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1403000.024\SymEFA.sys [7.3.2013 14:45 934488]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10.9.2011 11:49 48600]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10.9.2011 11:49 43608]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx86.sys [7.3.2013 14:45 995488]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1403000.024\ccSetx86.sys [7.3.2013 14:45 134304]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1403000.024\Ironx86.sys [7.3.2013 14:45 175264]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [16.8.2011 0:03 21992]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [7.3.2013 14:45 144520]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [15.8.2011 22:05 40960]
S2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [10.9.2011 11:49 3712]
S2 pardrv;pardrv;c:\windows\system32\drivers\pardrv.sys [25.8.2011 17:08 9728]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [15.10.2010 2:41 5120]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\Bufu\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Bufu\LOCALS~1\Temp\esihdrv.sys [?]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSXpx86.sys [7.3.2013 14:45 373728]
S3 kbeepm;kbeepm;\??\c:\docume~1\Bufu\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Bufu\LOCALS~1\Temp\kbeepm.sys [?]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [15.8.2011 22:05 9088]
S3 Pg4uUSB;Elnec USB driver;c:\windows\system32\drivers\Pg4uusb.sys [25.8.2011 17:08 120312]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 178.22.112.22 178.22.118.10
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\3zttc927.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-07 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(364)
c:\windows\system32\msi.dll
.
Celkový čas: 2013-03-07 19:52:39
ComboFix-quarantined-files.txt 2013-03-07 18:52
ComboFix2.txt 2012-04-22 12:20
ComboFix3.txt 2012-01-16 07:09
ComboFix4.txt 2012-01-15 21:12
.
Před spuštěním: Volných bajtů: 14 712 266 752
Po spuštění: Volných bajtů: 14 777 212 928
.
- - End Of File - - 109E0B8F43D4FBA533D174DBCC0A319E

#4 Příspěvek od **Rudy** » 07 bře 2013 20:34

Nastala nějaká změna?

bufu1 · #5 Příspěvek od **bufu1** » 07 bře 2013 20:59

Dobrý večer,
nenastala, pořád to dělá to samé, po resetu PC sice hlásí že je vše v pořádku, ale jen do první aktualizace.

http://forum.viry.cz/viewtopic.php?f=3&t=128607 Vypadá to že je asi problém na straně Symantec, tedy pokud v logu nevydíte nějaký jiný problém

#6 Příspěvek od **Rudy** » 07 bře 2013 21:18

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

bufu1 · #7 Příspěvek od **bufu1** » 07 bře 2013 22:01

Dobrý večer,
Přikládám log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.07.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bufu :: MSI [limited]

7.3.2013 21:56:23
mbar-log-2013-03-07 (21-56-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26935
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Příspěvek od **Rudy** » 07 bře 2013 22:47

Rootkit také nemáte. Vzhledem k http://forum.viry.cz/viewtopic.php?f=3&t=128607 to může opravdu být nějaký problém na serveru Symantec. Chtěly by se poptat na to na jejich tech. podpoře.

bufu1 · #9 Příspěvek od **bufu1** » 08 bře 2013 13:56

Dobrý den,
děkuji za kontrolu, počkám přes víkend jestli se to spraví, a pokud ne tak zkusím kontaktovat technickou podporu.
Přeji pěkný zbytek dne

edit: tak jsem našel zpravu že mají problém viz: http://www.antivirovecentrum.cz/aktuali ... atele.aspx

#10 Příspěvek od **Rudy** » 08 bře 2013 19:13

Hezký den i vám! Já také děkuji za info a vy nemáte zač!

VIRY.CZ

Kontrola PC

Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC