TrojanDownloader:Win32/Plingky.C - nelze odstranit

Zpráva

CUPR · #1 Příspěvek od **CUPR** » 01 dub 2012 01:01

Dobrý den,
prosím o pomoc s odstraněním Trojského koně TrojanDownloader:Win32/Plingky.C
Při skenování PC antivirovým programem byl odhalen výše uvedený Trojan v souboru \tmp.edb
Přesná cesta je: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Tento Trojan byl vyhodnocen jako Trojský stahovací program, velmi nebezpečný, který stahuje jiné programy. Doporučená akce: Ihned tento software odeberte.
Antivirový program (Microsoft Security Essentials) navrhl akci čištění - odebrání souboru. To také oznámil na konci čištění: "Úspěšně provedeno, k dokončení požadován restart PC". Ve skutečnosti soubor zůstal na svém místě a zůstal tam i po restartu PC. Toto jsem opakoval celkem 3x, pokaždé se stejným výsledkem. Při pokusu o ruční smazání souboru mi systém oznámil: "Akci nelze dokončit, protože soubor je otevřený v programu Windows Search. Zavřete soubor a opakujte akci".
Bohužel si nedokážu poradit, program Windows Search nevidím nikde spuštěný a soubor zavřít nemohu.
Děkuji všem za pomoc!
Přikládám požadovaný log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Karel Rösler at 2012-04-01 01:44:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 152 GB (32%) free of 477 GB
Total RAM: 4094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:28, on 1.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Karel Rösler\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Karel Rösler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Karel Rösler\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
O4 - HKCU\..\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Karel Rösler\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Reasonable NoClone] "C:\Program Files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe" null /startup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Reasonable NoClone] "C:\Program Files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe" null /startup (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12776 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"C:\Users\Karel Rösler\AppData\Roaming\QipGuard\QipGuard.exe" /p
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-93f6dea1-d1a4-48e0-a7fe-cd9ff82a7eec -SystemEventPortName:HostProcess-1e81da86-1859-4eb1-b296-e9960ee2cf78 -IoCancelEventPortName:HostProcess-256f9ec3-b112-45d9-9711-2b74539548a3 -NonStateChangingEventPortName:HostProcess-1655cfbe-e154-46d0-bf07-8c25a9e1416f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:76eebde8-b541-4d93-ad89-f22ee92d70a8
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"
\??\C:\Windows\system32\conhost.exe "850419549547061306-984979605-40093331746020442-944633731-14704485671277830079
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:2056
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\system32\notepad.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Opera\opera.exe"
"taskhost.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Karel Rösler\Downloads\Viry a jejich odstranění\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1318475494-1401390998-2317853681-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1318475494-1401390998-2317853681-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://qip.ru"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=Virtual Earth 3D
"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=
"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\extensions\
britanik2@britanik.cz
staged
toolbar@ask.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}

C:\Users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\searchplugins\
askcom.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-19 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-20 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Karel Rösler\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-20 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files (x86)\Seznam.cz\listicka.dll [2011-03-15 2201600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}]
DeLorme Send To GPS - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll [2010-07-28 156968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} -
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll [2011-01-17 175912]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll [2011-03-10 183808]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-01-13 6963232]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-26 2184520]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GameXN (update)"=C:\ProgramData\GameXN\GameXNGO.exe [2011-12-05 347008]
"GameXN (news)"=C:\ProgramData\GameXN\GameXNGO.exe [2011-12-05 347008]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"PCSpeedUp"=C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe [2012-02-08 188640]
"MobileDocuments"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]
"QIP Internet Guardian"=C:\Users\Karel Rösler\AppData\Roaming\QipGuard\QipGuard.exe [2012-03-23 191440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

C:\Users\Karel Rösler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\easybitsgo.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gamexngo.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htcupctloader.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realconverter.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realplay.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realtrimmer.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rnxproc.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-01 01:36:22 ----D---- C:\rsit
2012-04-01 01:36:22 ----D---- C:\Program Files\trend micro
2012-04-01 01:17:40 ----A---- C:\Windows\system32\drivers\sqruvxtx.sys
2012-03-31 12:12:48 ----D---- C:\Program Files\iPod
2012-03-31 12:12:47 ----D---- C:\Program Files\iTunes
2012-03-31 12:12:47 ----D---- C:\Program Files (x86)\iTunes
2012-03-14 21:52:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-14 21:52:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-14 21:52:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-14 13:02:14 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 13:02:12 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 13:02:12 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 13:02:10 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 13:02:10 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 13:02:10 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 13:01:47 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 13:01:47 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 13:01:47 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 13:01:47 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-08 11:53:22 ----D---- C:\Users\Karel Rösler\AppData\Roaming\dvdcss

======List of files/folders modified in the last 1 month======

2012-04-01 01:44:20 ----D---- C:\Windows\Prefetch
2012-04-01 01:36:22 ----RD---- C:\Program Files
2012-04-01 01:26:42 ----D---- C:\Windows\system32\config
2012-04-01 01:18:39 ----D---- C:\Windows\System32
2012-04-01 01:18:39 ----D---- C:\Windows\inf
2012-04-01 01:18:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-01 01:18:00 ----D---- C:\Windows\Temp
2012-04-01 01:17:40 ----D---- C:\Windows\system32\drivers
2012-04-01 01:14:14 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2012-03-31 21:26:08 ----D---- C:\Users\Karel Rösler\AppData\Roaming\Apple Computer
2012-03-31 21:25:50 ----D---- C:\Windows
2012-03-31 21:24:35 ----D---- C:\ProgramData\CanonIJPLM
2012-03-31 18:57:17 ----SHD---- C:\System Volume Information
2012-03-31 15:23:29 ----D---- C:\Users\Karel Rösler\AppData\Roaming\QipGuard
2012-03-31 15:23:24 ----D---- C:\Program Files (x86)\QIP 2012
2012-03-31 12:14:50 ----SHD---- C:\Windows\Installer
2012-03-31 12:14:50 ----SHD---- C:\Config.Msi
2012-03-31 12:14:43 ----D---- C:\Program Files\Common Files\Apple
2012-03-31 12:12:47 ----RD---- C:\Program Files (x86)
2012-03-31 12:12:47 ----D---- C:\ProgramData\Apple Computer
2012-03-30 15:25:32 ----D---- C:\Users\Karel Rösler\AppData\Roaming\Mozilla
2012-03-30 13:44:17 ----RSD---- C:\Windows\assembly
2012-03-30 13:44:17 ----D---- C:\Windows\Microsoft.NET
2012-03-30 13:04:15 ----D---- C:\Program Files (x86)\Opera
2012-03-26 11:14:08 ----D---- C:\Users\Karel Rösler\AppData\Roaming\365dni
2012-03-24 01:50:38 ----D---- C:\Users\Karel Rösler\AppData\Roaming\Skype
2012-03-21 13:39:51 ----D---- C:\ProgramData\Microsoft Help
2012-03-21 13:38:44 ----D---- C:\Windows\SysWOW64
2012-03-21 13:37:44 ----A---- C:\Windows\win.ini
2012-03-18 11:29:32 ----D---- C:\Windows\system32\catroot2
2012-03-15 16:20:26 ----D---- C:\Program Files (x86)\Common Files
2012-03-15 16:20:23 ----HD---- C:\ProgramData
2012-03-15 15:09:50 ----D---- C:\Windows\winsxs
2012-03-14 21:52:26 ----D---- C:\Windows\system32\catroot
2012-03-14 21:50:53 ----A---- C:\Windows\system32\MRT.exe
2012-03-14 12:59:42 ----D---- C:\Users\Karel Rösler\AppData\Roaming\vlc
2012-03-13 18:25:39 ----D---- C:\Windows\system32\FxsTmp
2012-03-10 14:24:45 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-01-13 1683104]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
S1 sqruvxtx;sqruvxtx; \??\C:\Windows\system32\drivers\sqruvxtx.sys [2012-04-01 50000]
S1 uqcaaovm;uqcaaovm; \??\C:\Windows\system32\drivers\uqcaaovm.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-01-06 24104]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-02-08 276704]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
S4 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
S4 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S4 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 01 dub 2012 02:48

Zdravim a pekny den preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Odinstalujte Zrychleni Pocitace

Spustte HJT a provedeme fixnuti polozek

HJT najdete zde C:\Program Files\trend micro\Karel Rösler.exe
Otevre se Vam okno, kliknete na Do a system scan only
V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Karel Rösler\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKCU\..\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
O4 - HKCU\..\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Karel Rösler\AppData\Roaming\QipGuard\QipGuard.exe /p
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

CUPR · #3 Příspěvek od **CUPR** » 01 dub 2012 10:28

Děkuji, udělal jsem vše dle vašeho návodu a zde je příslušný log. Zkoušel jsem před tím ještě provést kontrolu pomocí ESET Online Scanner a ten nic nenašel...

11:23:18.0675 0412 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:23:18.0765 0412 ============================================================
11:23:18.0765 0412 Current date / time: 2012/04/01 11:23:18.0765
11:23:18.0765 0412 SystemInfo:
11:23:18.0765 0412
11:23:18.0768 0412 OS Version: 6.1.7601 ServicePack: 1.0
11:23:18.0768 0412 Product type: Workstation
11:23:18.0768 0412 ComputerName: PC15296
11:23:18.0768 0412 UserName: Karel Rösler
11:23:18.0768 0412 Windows directory: C:\Windows
11:23:18.0768 0412 System windows directory: C:\Windows
11:23:18.0768 0412 Running under WOW64
11:23:18.0768 0412 Processor architecture: Intel x64
11:23:18.0768 0412 Number of processors: 2
11:23:18.0768 0412 Page size: 0x1000
11:23:18.0768 0412 Boot type: Normal boot
11:23:18.0768 0412 ============================================================
11:23:19.0611 0412 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:23:23.0441 0412 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:23:23.0461 0412 \Device\Harddisk0\DR0:
11:23:23.0461 0412 MBR used
11:23:23.0461 0412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:23:23.0461 0412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
11:23:23.0461 0412 \Device\Harddisk1\DR1:
11:23:23.0461 0412 MBR used
11:23:23.0461 0412 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
11:23:23.0506 0412 Initialize success
11:23:23.0506 0412 ============================================================
11:24:14.0703 1132 ============================================================
11:24:14.0703 1132 Scan started
11:24:14.0703 1132 Mode: Manual; SigCheck; TDLFS;
11:24:14.0703 1132 ============================================================
11:24:15.0248 1132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:24:15.0356 1132 1394ohci - ok
11:24:15.0396 1132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:24:15.0426 1132 ACPI - ok
11:24:15.0441 1132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:24:15.0516 1132 AcpiPmi - ok
11:24:15.0543 1132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:24:15.0573 1132 adp94xx - ok
11:24:15.0593 1132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:24:15.0616 1132 adpahci - ok
11:24:15.0636 1132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:24:15.0658 1132 adpu320 - ok
11:24:15.0683 1132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:24:15.0806 1132 AeLookupSvc - ok
11:24:15.0866 1132 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:24:15.0946 1132 AFD - ok
11:24:15.0973 1132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:24:15.0991 1132 agp440 - ok
11:24:16.0016 1132 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:24:16.0101 1132 ALG - ok
11:24:16.0128 1132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:24:16.0146 1132 aliide - ok
11:24:16.0156 1132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:24:16.0171 1132 amdide - ok
11:24:16.0221 1132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:24:16.0288 1132 AmdK8 - ok
11:24:16.0311 1132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:24:16.0356 1132 AmdPPM - ok
11:24:16.0391 1132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:24:16.0411 1132 amdsata - ok
11:24:16.0426 1132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:24:16.0446 1132 amdsbs - ok
11:24:16.0461 1132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:24:16.0479 1132 amdxata - ok
11:24:16.0534 1132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:24:16.0624 1132 AppID - ok
11:24:16.0649 1132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:24:16.0717 1132 AppIDSvc - ok
11:24:16.0754 1132 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:24:16.0822 1132 Appinfo - ok
11:24:16.0899 1132 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:24:16.0952 1132 Apple Mobile Device - ok
11:24:16.0984 1132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:24:17.0002 1132 arc - ok
11:24:17.0014 1132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:24:17.0052 1132 arcsas - ok
11:24:17.0084 1132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:24:17.0149 1132 AsyncMac - ok
11:24:17.0184 1132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:24:17.0202 1132 atapi - ok
11:24:17.0239 1132 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:17.0322 1132 AudioEndpointBuilder - ok
11:24:17.0332 1132 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:17.0387 1132 AudioSrv - ok
11:24:17.0432 1132 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:24:17.0519 1132 AxInstSV - ok
11:24:17.0554 1132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:24:17.0624 1132 b06bdrv - ok
11:24:17.0657 1132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:24:17.0682 1132 b57nd60a - ok
11:24:17.0739 1132 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:24:17.0807 1132 BBSvc - ok
11:24:17.0862 1132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:24:17.0902 1132 BDESVC - ok
11:24:17.0932 1132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:24:17.0992 1132 Beep - ok
11:24:18.0044 1132 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:24:18.0129 1132 BFE - ok
11:24:18.0179 1132 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:24:18.0262 1132 BITS - ok
11:24:18.0299 1132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:24:18.0339 1132 blbdrive - ok
11:24:18.0417 1132 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:24:18.0474 1132 Bonjour Service - ok
11:24:18.0512 1132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:24:18.0539 1132 bowser - ok
11:24:18.0554 1132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:24:18.0627 1132 BrFiltLo - ok
11:24:18.0639 1132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:24:18.0684 1132 BrFiltUp - ok
11:24:18.0722 1132 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:24:18.0797 1132 Browser - ok
11:24:18.0827 1132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:24:18.0862 1132 Brserid - ok
11:24:18.0874 1132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:24:18.0919 1132 BrSerWdm - ok
11:24:18.0954 1132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:24:18.0997 1132 BrUsbMdm - ok
11:24:19.0004 1132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:24:19.0034 1132 BrUsbSer - ok
11:24:19.0072 1132 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
11:24:19.0127 1132 BthAvrcp - ok
11:24:19.0182 1132 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:24:19.0242 1132 BthEnum - ok
11:24:19.0259 1132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:24:19.0309 1132 BTHMODEM - ok
11:24:19.0352 1132 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:24:19.0394 1132 BthPan - ok
11:24:19.0444 1132 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:24:19.0499 1132 BTHPORT - ok
11:24:19.0539 1132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:24:19.0632 1132 bthserv - ok
11:24:19.0662 1132 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:24:19.0704 1132 BTHUSB - ok
11:24:19.0772 1132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:24:19.0834 1132 cdfs - ok
11:24:19.0877 1132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:24:19.0919 1132 cdrom - ok
11:24:19.0962 1132 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:20.0014 1132 CertPropSvc - ok
11:24:20.0029 1132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:24:20.0074 1132 circlass - ok
11:24:20.0114 1132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:24:20.0139 1132 CLFS - ok
11:24:20.0177 1132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:20.0222 1132 clr_optimization_v2.0.50727_32 - ok
11:24:20.0247 1132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:24:20.0267 1132 clr_optimization_v2.0.50727_64 - ok
11:24:20.0317 1132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:20.0339 1132 clr_optimization_v4.0.30319_32 - ok
11:24:20.0357 1132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:24:20.0379 1132 clr_optimization_v4.0.30319_64 - ok
11:24:20.0427 1132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:24:20.0469 1132 CmBatt - ok
11:24:20.0504 1132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:24:20.0519 1132 cmdide - ok
11:24:20.0569 1132 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:24:20.0642 1132 CNG - ok
11:24:20.0662 1132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:24:20.0682 1132 Compbatt - ok
11:24:20.0707 1132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:24:20.0762 1132 CompositeBus - ok
11:24:20.0789 1132 COMSysApp - ok
11:24:20.0807 1132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:24:20.0824 1132 crcdisk - ok
11:24:20.0862 1132 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:24:20.0932 1132 CryptSvc - ok
11:24:20.0982 1132 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:21.0064 1132 DcomLaunch - ok
11:24:21.0102 1132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:24:21.0179 1132 defragsvc - ok
11:24:21.0219 1132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:24:21.0279 1132 DfsC - ok
11:24:21.0327 1132 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:24:21.0399 1132 Dhcp - ok
11:24:21.0429 1132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:24:21.0492 1132 discache - ok
11:24:21.0549 1132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:24:21.0569 1132 Disk - ok
11:24:21.0604 1132 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:24:21.0677 1132 Dnscache - ok
11:24:21.0709 1132 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:24:21.0787 1132 dot3svc - ok
11:24:21.0824 1132 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:24:21.0894 1132 DPS - ok
11:24:21.0934 1132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:24:21.0977 1132 drmkaud - ok
11:24:22.0039 1132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:24:22.0082 1132 DXGKrnl - ok
11:24:22.0104 1132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:24:22.0177 1132 EapHost - ok
11:24:22.0259 1132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:24:22.0369 1132 ebdrv - ok
11:24:22.0407 1132 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:24:22.0432 1132 EFS - ok
11:24:22.0467 1132 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:24:22.0557 1132 ehRecvr - ok
11:24:22.0584 1132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:24:22.0634 1132 ehSched - ok
11:24:22.0662 1132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:24:22.0689 1132 elxstor - ok
11:24:22.0722 1132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:24:22.0767 1132 ErrDev - ok
11:24:22.0822 1132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:24:22.0902 1132 EventSystem - ok
11:24:22.0942 1132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:24:22.0987 1132 exfat - ok
11:24:23.0007 1132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:24:23.0054 1132 fastfat - ok
11:24:23.0089 1132 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:24:23.0224 1132 Fax - ok
11:24:23.0269 1132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:24:23.0289 1132 fdc - ok
11:24:23.0309 1132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:24:23.0377 1132 fdPHost - ok
11:24:23.0402 1132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:24:23.0449 1132 FDResPub - ok
11:24:23.0467 1132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:24:23.0489 1132 FileInfo - ok
11:24:23.0502 1132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:24:23.0567 1132 Filetrace - ok
11:24:23.0594 1132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:24:23.0612 1132 flpydisk - ok
11:24:23.0637 1132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:24:23.0664 1132 FltMgr - ok
11:24:23.0704 1132 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:24:23.0799 1132 FontCache - ok
11:24:23.0847 1132 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:24:23.0864 1132 FontCache3.0.0.0 - ok
11:24:23.0889 1132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:24:23.0909 1132 FsDepends - ok
11:24:23.0919 1132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:24:23.0937 1132 Fs_Rec - ok
11:24:23.0969 1132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:24:23.0997 1132 fvevol - ok
11:24:24.0019 1132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:24:24.0039 1132 gagp30kx - ok
11:24:24.0064 1132 gdrv (4412705f7fd88aacb1dad2ed321c3328) C:\Windows\gdrv.sys
11:24:24.0112 1132 gdrv - ok
11:24:24.0137 1132 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:24:24.0152 1132 GEARAspiWDM - ok
11:24:24.0179 1132 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:24:24.0262 1132 gpsvc - ok
11:24:24.0357 1132 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:24.0414 1132 gupdate - ok
11:24:24.0459 1132 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:24.0500 1132 gupdatem - ok
11:24:24.0545 1132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:24:24.0613 1132 hcw85cir - ok
11:24:24.0650 1132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:24:24.0698 1132 HdAudAddService - ok
11:24:24.0735 1132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:24:24.0780 1132 HDAudBus - ok
11:24:24.0813 1132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:24:24.0885 1132 HidBatt - ok
11:24:24.0920 1132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:24:24.0960 1132 HidBth - ok
11:24:24.0993 1132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:24:25.0040 1132 HidIr - ok
11:24:25.0068 1132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:24:25.0143 1132 hidserv - ok
11:24:25.0198 1132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:24:25.0218 1132 HidUsb - ok
11:24:25.0238 1132 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:24:25.0310 1132 hkmsvc - ok
11:24:25.0350 1132 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:24:25.0403 1132 HomeGroupListener - ok
11:24:25.0443 1132 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:24:25.0498 1132 HomeGroupProvider - ok
11:24:25.0540 1132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:24:25.0555 1132 HpSAMD - ok
11:24:25.0578 1132 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:24:25.0653 1132 HTCAND64 - ok
11:24:25.0693 1132 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
11:24:25.0710 1132 htcnprot - ok
11:24:25.0750 1132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:24:25.0830 1132 HTTP - ok
11:24:25.0860 1132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:24:25.0875 1132 hwpolicy - ok
11:24:25.0893 1132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:24:25.0915 1132 i8042prt - ok
11:24:25.0943 1132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:24:25.0973 1132 iaStorV - ok
11:24:26.0030 1132 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:24:26.0070 1132 idsvc - ok
11:24:26.0095 1132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:24:26.0113 1132 iirsp - ok
11:24:26.0170 1132 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:24:26.0215 1132 IJPLMSVC - ok
11:24:26.0245 1132 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:24:26.0328 1132 IKEEXT - ok
11:24:26.0413 1132 IntcAzAudAddService (0e0bb50e56c560c8edc49ec9b44f91a5) C:\Windows\system32\drivers\RTKVHD64.sys
11:24:26.0480 1132 IntcAzAudAddService - ok
11:24:26.0510 1132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:24:26.0528 1132 intelide - ok
11:24:26.0560 1132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:24:26.0600 1132 intelppm - ok
11:24:26.0635 1132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:24:26.0708 1132 IPBusEnum - ok
11:24:26.0748 1132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:24:26.0813 1132 IpFilterDriver - ok
11:24:26.0858 1132 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:24:26.0920 1132 iphlpsvc - ok
11:24:26.0940 1132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:24:26.0985 1132 IPMIDRV - ok
11:24:27.0020 1132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:24:27.0090 1132 IPNAT - ok
11:24:27.0163 1132 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:24:27.0250 1132 iPod Service - ok
11:24:27.0275 1132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:24:27.0323 1132 IRENUM - ok
11:24:27.0360 1132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:24:27.0380 1132 isapnp - ok
11:24:27.0408 1132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:24:27.0433 1132 iScsiPrt - ok
11:24:27.0458 1132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:24:27.0478 1132 kbdclass - ok
11:24:27.0503 1132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:24:27.0548 1132 kbdhid - ok
11:24:27.0585 1132 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:27.0610 1132 KeyIso - ok
11:24:27.0650 1132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:24:27.0670 1132 KSecDD - ok
11:24:27.0710 1132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:24:27.0735 1132 KSecPkg - ok
11:24:27.0760 1132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:24:27.0828 1132 ksthunk - ok
11:24:27.0875 1132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:24:27.0953 1132 KtmRm - ok
11:24:28.0035 1132 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:24:28.0110 1132 LanmanServer - ok
11:24:28.0150 1132 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:24:28.0223 1132 LanmanWorkstation - ok
11:24:28.0278 1132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:24:28.0340 1132 lltdio - ok
11:24:28.0395 1132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:24:28.0453 1132 lltdsvc - ok
11:24:28.0468 1132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:24:28.0518 1132 lmhosts - ok
11:24:28.0555 1132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:24:28.0575 1132 LSI_FC - ok
11:24:28.0593 1132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:24:28.0610 1132 LSI_SAS - ok
11:24:28.0628 1132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:24:28.0645 1132 LSI_SAS2 - ok
11:24:28.0668 1132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:24:28.0685 1132 LSI_SCSI - ok
11:24:28.0710 1132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:24:28.0783 1132 luafv - ok
11:24:28.0823 1132 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:24:28.0880 1132 Mcx2Svc - ok
11:24:28.0910 1132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:24:28.0928 1132 megasas - ok
11:24:28.0945 1132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:24:28.0973 1132 MegaSR - ok
11:24:29.0038 1132 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:24:29.0065 1132 Microsoft Office Groove Audit Service - ok
11:24:29.0085 1132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:24:29.0160 1132 MMCSS - ok
11:24:29.0190 1132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:24:29.0253 1132 Modem - ok
11:24:29.0303 1132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:24:29.0363 1132 monitor - ok
11:24:29.0405 1132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:24:29.0425 1132 mouclass - ok
11:24:29.0448 1132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:24:29.0492 1132 mouhid - ok
11:24:29.0527 1132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:24:29.0547 1132 mountmgr - ok
11:24:29.0617 1132 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:24:29.0640 1132 MpFilter - ok
11:24:29.0667 1132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:24:29.0690 1132 mpio - ok
11:24:29.0732 1132 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:24:29.0752 1132 MpNWMon - ok
11:24:29.0780 1132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:24:29.0822 1132 mpsdrv - ok
11:24:29.0850 1132 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:24:29.0937 1132 MpsSvc - ok
11:24:29.0967 1132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:24:30.0015 1132 MRxDAV - ok
11:24:30.0087 1132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:24:30.0157 1132 mrxsmb - ok
11:24:30.0185 1132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:24:30.0235 1132 mrxsmb10 - ok
11:24:30.0242 1132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:24:30.0270 1132 mrxsmb20 - ok
11:24:30.0305 1132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:24:30.0322 1132 msahci - ok
11:24:30.0355 1132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:24:30.0375 1132 msdsm - ok
11:24:30.0395 1132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:24:30.0455 1132 MSDTC - ok
11:24:30.0502 1132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:24:30.0542 1132 Msfs - ok
11:24:30.0557 1132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:24:30.0597 1132 mshidkmdf - ok
11:24:30.0615 1132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:24:30.0642 1132 msisadrv - ok
11:24:30.0682 1132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:24:30.0735 1132 MSiSCSI - ok
11:24:30.0742 1132 msiserver - ok
11:24:30.0768 1132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:24:30.0833 1132 MSKSSRV - ok
11:24:30.0940 1132 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11:24:30.0960 1132 MsMpSvc - ok
11:24:31.0015 1132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:24:31.0080 1132 MSPCLOCK - ok
11:24:31.0113 1132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:24:31.0173 1132 MSPQM - ok
11:24:31.0215 1132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:24:31.0243 1132 MsRPC - ok
11:24:31.0268 1132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:24:31.0285 1132 mssmbios - ok
11:24:31.0303 1132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:24:31.0368 1132 MSTEE - ok
11:24:31.0400 1132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:24:31.0418 1132 MTConfig - ok
11:24:31.0433 1132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:24:31.0450 1132 Mup - ok
11:24:31.0478 1132 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:24:31.0558 1132 napagent - ok
11:24:31.0598 1132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:24:31.0628 1132 NativeWifiP - ok
11:24:31.0660 1132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:24:31.0703 1132 NDIS - ok
11:24:31.0718 1132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:24:31.0778 1132 NdisCap - ok
11:24:31.0805 1132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:24:31.0870 1132 NdisTapi - ok
11:24:31.0915 1132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:24:31.0955 1132 Ndisuio - ok
11:24:31.0983 1132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:24:32.0045 1132 NdisWan - ok
11:24:32.0078 1132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:24:32.0143 1132 NDProxy - ok
11:24:32.0193 1132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:24:32.0260 1132 NetBIOS - ok
11:24:32.0298 1132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:24:32.0388 1132 NetBT - ok
11:24:32.0423 1132 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:32.0448 1132 Netlogon - ok
11:24:32.0480 1132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:24:32.0555 1132 Netman - ok
11:24:32.0585 1132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:24:32.0660 1132 netprofm - ok
11:24:32.0710 1132 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:32.0735 1132 NetTcpPortSharing - ok
11:24:32.0763 1132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:24:32.0780 1132 nfrd960 - ok
11:24:32.0830 1132 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:24:32.0848 1132 NisDrv - ok
11:24:32.0903 1132 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
11:24:32.0940 1132 NisSrv - ok
11:24:32.0973 1132 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:24:33.0048 1132 NlaSvc - ok
11:24:33.0103 1132 npf (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
11:24:33.0128 1132 npf - ok
11:24:33.0150 1132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:24:33.0190 1132 Npfs - ok
11:24:33.0215 1132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:24:33.0265 1132 nsi - ok
11:24:33.0275 1132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:24:33.0315 1132 nsiproxy - ok
11:24:33.0370 1132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:24:33.0433 1132 Ntfs - ok
11:24:33.0448 1132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:24:33.0503 1132 Null - ok
11:24:33.0735 1132 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:24:34.0839 1132 nvlddmkm - ok
11:24:34.0884 1132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:24:34.0906 1132 nvraid - ok
11:24:34.0924 1132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:24:34.0961 1132 nvstor - ok
11:24:35.0014 1132 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
11:24:35.0136 1132 nvsvc - ok
11:24:35.0231 1132 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:24:35.0401 1132 nvUpdatusService - ok
11:24:35.0471 1132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:24:35.0494 1132 nv_agp - ok
11:24:35.0556 1132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:24:35.0618 1132 odserv - ok
11:24:35.0638 1132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:24:35.0678 1132 ohci1394 - ok
11:24:35.0751 1132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:35.0793 1132 ose - ok
11:24:35.0828 1132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:35.0868 1132 p2pimsvc - ok
11:24:35.0888 1132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:24:35.0926 1132 p2psvc - ok
11:24:35.0956 1132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:24:35.0981 1132 Parport - ok
11:24:36.0003 1132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:24:36.0021 1132 partmgr - ok
11:24:36.0058 1132 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:24:36.0141 1132 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
11:24:36.0141 1132 PassThru Service - detected UnsignedFile.Multi.Generic (1)
11:24:36.0181 1132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:24:36.0238 1132 PcaSvc - ok
11:24:36.0278 1132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:24:36.0303 1132 pci - ok
11:24:36.0316 1132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:24:36.0333 1132 pciide - ok
11:24:36.0366 1132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:24:36.0391 1132 pcmcia - ok
11:24:36.0398 1132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:24:36.0416 1132 pcw - ok
11:24:36.0441 1132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:24:36.0513 1132 PEAUTH - ok
11:24:36.0556 1132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:24:36.0608 1132 PerfHost - ok
11:24:36.0693 1132 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:24:36.0796 1132 pla - ok
11:24:36.0848 1132 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:24:36.0896 1132 PlugPlay - ok
11:24:36.0916 1132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:24:36.0966 1132 PNRPAutoReg - ok
11:24:37.0001 1132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:37.0041 1132 PNRPsvc - ok
11:24:37.0068 1132 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:24:37.0146 1132 PolicyAgent - ok
11:24:37.0186 1132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:24:37.0261 1132 Power - ok
11:24:37.0303 1132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:24:37.0368 1132 PptpMiniport - ok
11:24:37.0398 1132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:24:37.0421 1132 Processor - ok
11:24:37.0448 1132 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:24:37.0521 1132 ProfSvc - ok
11:24:37.0558 1132 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:37.0583 1132 ProtectedStorage - ok
11:24:37.0618 1132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:24:37.0686 1132 Psched - ok
11:24:37.0781 1132 QipGuard (887090539d5f8843d6da09adf5692629) C:\Program Files (x86)\QipGuard\QipGuard.exe
11:24:43.0547 1132 QipGuard - ok
11:24:43.0612 1132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:24:43.0669 1132 ql2300 - ok
11:24:43.0684 1132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:24:43.0704 1132 ql40xx - ok
11:24:43.0729 1132 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:24:43.0767 1132 QWAVE - ok
11:24:43.0777 1132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:24:43.0822 1132 QWAVEdrv - ok
11:24:43.0857 1132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:24:43.0897 1132 RasAcd - ok
11:24:43.0917 1132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:24:43.0982 1132 RasAgileVpn - ok
11:24:44.0012 1132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:24:44.0089 1132 RasAuto - ok
11:24:44.0114 1132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:24:44.0182 1132 Rasl2tp - ok
11:24:44.0219 1132 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:24:44.0277 1132 RasMan - ok
11:24:44.0294 1132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:24:44.0362 1132 RasPppoe - ok
11:24:44.0397 1132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:24:44.0464 1132 RasSstp - ok
11:24:44.0509 1132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:24:44.0574 1132 rdbss - ok
11:24:44.0602 1132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:24:44.0639 1132 rdpbus - ok
11:24:44.0672 1132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:24:44.0712 1132 RDPCDD - ok
11:24:44.0744 1132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:24:44.0784 1132 RDPENCDD - ok
11:24:44.0797 1132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:24:44.0857 1132 RDPREFMP - ok
11:24:44.0897 1132 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:24:44.0942 1132 RDPWD - ok
11:24:44.0989 1132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:24:45.0012 1132 rdyboost - ok
11:24:45.0034 1132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:24:45.0109 1132 RemoteAccess - ok
11:24:45.0144 1132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:24:45.0217 1132 RemoteRegistry - ok
11:24:45.0264 1132 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:24:45.0317 1132 RFCOMM - ok
11:24:45.0364 1132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:24:45.0437 1132 RpcEptMapper - ok
11:24:45.0459 1132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:24:45.0484 1132 RpcLocator - ok
11:24:45.0517 1132 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:45.0574 1132 RpcSs - ok
11:24:45.0602 1132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:24:45.0664 1132 rspndr - ok
11:24:45.0702 1132 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:24:45.0757 1132 RTL8167 - ok
11:24:45.0784 1132 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:45.0809 1132 SamSs - ok
11:24:45.0829 1132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:24:45.0849 1132 sbp2port - ok
11:24:45.0882 1132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:24:45.0964 1132 SCardSvr - ok
11:24:46.0007 1132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:24:46.0047 1132 scfilter - ok
11:24:46.0084 1132 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:24:46.0159 1132 Schedule - ok
11:24:46.0187 1132 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:46.0239 1132 SCPolicySvc - ok
11:24:46.0264 1132 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:24:46.0322 1132 SDRSVC - ok
11:24:46.0414 1132 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:24:46.0492 1132 SeaPort - ok
11:24:46.0547 1132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:24:46.0609 1132 secdrv - ok
11:24:46.0644 1132 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:24:46.0719 1132 seclogon - ok
11:24:46.0767 1132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:24:46.0844 1132 SENS - ok
11:24:46.0877 1132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:24:46.0917 1132 SensrSvc - ok
11:24:46.0962 1132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:24:46.0982 1132 Serenum - ok
11:24:47.0002 1132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:24:47.0024 1132 Serial - ok
11:24:47.0049 1132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:24:47.0087 1132 sermouse - ok
11:24:47.0132 1132 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:24:47.0207 1132 SessionEnv - ok
11:24:47.0242 1132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:24:47.0304 1132 sffdisk - ok
11:24:47.0322 1132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:24:47.0362 1132 sffp_mmc - ok
11:24:47.0387 1132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:24:47.0432 1132 sffp_sd - ok
11:24:47.0472 1132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:24:47.0489 1132 sfloppy - ok
11:24:47.0509 1132 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:24:47.0568 1132 SharedAccess - ok
11:24:47.0588 1132 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:24:47.0665 1132 ShellHWDetection - ok
11:24:47.0708 1132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:24:47.0728 1132 SiSRaid2 - ok
11:24:47.0743 1132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:24:47.0760 1132 SiSRaid4 - ok
11:24:47.0783 1132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:24:47.0845 1132 Smb - ok
11:24:47.0900 1132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:24:47.0955 1132 SNMPTRAP - ok
11:24:47.0985 1132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:24:48.0003 1132 spldr - ok
11:24:48.0038 1132 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:24:48.0140 1132 Spooler - ok
11:24:48.0210 1132 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:24:48.0368 1132 sppsvc - ok
11:24:48.0398 1132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:24:48.0470 1132 sppuinotify - ok
11:24:48.0515 1132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:24:48.0590 1132 srv - ok
11:24:48.0613 1132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:24:48.0640 1132 srv2 - ok
11:24:48.0650 1132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:24:48.0693 1132 srvnet - ok
11:24:48.0733 1132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:24:48.0810 1132 SSDPSRV - ok
11:24:48.0830 1132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:24:48.0880 1132 SstpSvc - ok
11:24:48.0895 1132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:24:48.0913 1132 stexstor - ok
11:24:48.0948 1132 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:24:49.0010 1132 stisvc - ok
11:24:49.0040 1132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:24:49.0078 1132 swenum - ok
11:24:49.0103 1132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:24:49.0180 1132 swprv - ok
11:24:49.0238 1132 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:24:49.0328 1132 SysMain - ok
11:24:49.0375 1132 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:24:49.0435 1132 TabletInputService - ok
11:24:49.0468 1132 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:24:49.0543 1132 TapiSrv - ok
11:24:49.0575 1132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:24:49.0653 1132 TBS - ok
11:24:49.0710 1132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:24:49.0790 1132 Tcpip - ok
11:24:49.0835 1132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:24:49.0890 1132 TCPIP6 - ok
11:24:49.0923 1132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:24:49.0988 1132 tcpipreg - ok
11:24:50.0020 1132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:24:50.0063 1132 TDPIPE - ok
11:24:50.0098 1132 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:24:50.0138 1132 TDTCP - ok
11:24:50.0175 1132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:24:50.0233 1132 tdx - ok
11:24:50.0265 1132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:24:50.0285 1132 TermDD - ok
11:24:50.0315 1132 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:24:50.0375 1132 TermService - ok
11:24:50.0403 1132 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:24:50.0455 1132 Themes - ok
11:24:50.0483 1132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:24:50.0530 1132 THREADORDER - ok
11:24:50.0543 1132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:24:50.0618 1132 TrkWks - ok
11:24:50.0665 1132 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:24:50.0743 1132 TrustedInstaller - ok
11:24:50.0780 1132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:24:50.0843 1132 tssecsrv - ok
11:24:50.0900 1132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:24:50.0948 1132 TsUsbFlt - ok
11:24:51.0053 1132 TuneUp.UtilitiesSvc (dafeee8f55e0fa1567e734299ac0af06) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
11:24:51.0190 1132 TuneUp.UtilitiesSvc - ok
11:24:51.0278 1132 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
11:24:51.0293 1132 TuneUpUtilitiesDrv - ok
11:24:51.0360 1132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:24:51.0438 1132 tunnel - ok
11:24:51.0468 1132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:24:51.0503 1132 uagp35 - ok
11:24:51.0540 1132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:24:51.0605 1132 udfs - ok
11:24:51.0638 1132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:24:51.0668 1132 UI0Detect - ok
11:24:51.0698 1132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:24:51.0715 1132 uliagpkx - ok
11:24:51.0750 1132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:24:51.0800 1132 umbus - ok
11:24:51.0840 1132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:24:51.0883 1132 UmPass - ok
11:24:51.0920 1132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:24:51.0978 1132 upnphost - ok
11:24:52.0015 1132 uqcaaovm - ok
11:24:52.0043 1132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:24:52.0065 1132 usbccgp - ok
11:24:52.0088 1132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:24:52.0133 1132 usbcir - ok
11:24:52.0173 1132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:24:52.0208 1132 usbehci - ok
11:24:52.0253 1132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:24:52.0298 1132 usbhub - ok
11:24:52.0333 1132 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:24:52.0375 1132 usbohci - ok
11:24:52.0410 1132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:24:52.0455 1132 usbprint - ok
11:24:52.0500 1132 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:24:52.0523 1132 usbscan - ok
11:24:52.0545 1132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:24:52.0590 1132 USBSTOR - ok
11:24:52.0625 1132 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:24:52.0663 1132 usbuhci - ok
11:24:52.0703 1132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:24:52.0788 1132 UxSms - ok
11:24:52.0893 1132 UxTuneUp (ed551a5fa7dc414b050a1d7d55e56674) C:\Windows\System32\uxtuneup.dll
11:24:52.0918 1132 UxTuneUp - ok
11:24:52.0953 1132 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:52.0978 1132 VaultSvc - ok
11:24:53.0005 1132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:24:53.0023 1132 vdrvroot - ok
11:24:53.0055 1132 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:24:53.0133 1132 vds - ok
11:24:53.0165 1132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:24:53.0188 1132 vga - ok
11:24:53.0200 1132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:24:53.0260 1132 VgaSave - ok
11:24:53.0293 1132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:24:53.0315 1132 vhdmp - ok
11:24:53.0350 1132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:24:53.0368 1132 viaide - ok
11:24:53.0388 1132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:24:53.0408 1132 volmgr - ok
11:24:53.0433 1132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:24:53.0458 1132 volmgrx - ok
11:24:53.0483 1132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:24:53.0505 1132 volsnap - ok
11:24:53.0535 1132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:24:53.0555 1132 vsmraid - ok
11:24:53.0603 1132 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:24:53.0710 1132 VSS - ok
11:24:53.0735 1132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:24:53.0780 1132 vwifibus - ok
11:24:53.0840 1132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:24:53.0895 1132 W32Time - ok
11:24:53.0913 1132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:24:53.0958 1132 WacomPen - ok
11:24:53.0995 1132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:54.0060 1132 WANARP - ok
11:24:54.0085 1132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:54.0125 1132 Wanarpv6 - ok
11:24:54.0185 1132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:24:54.0478 1132 WatAdminSvc - ok
11:24:54.0515 1132 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:24:54.0685 1132 wbengine - ok
11:24:54.0755 1132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:24:54.0793 1132 WbioSrvc - ok
11:24:54.0823 1132 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:24:54.0880 1132 wcncsvc - ok
11:24:54.0908 1132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:24:54.0958 1132 WcsPlugInService - ok
11:24:54.0993 1132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:24:55.0010 1132 Wd - ok
11:24:55.0025 1132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:24:55.0055 1132 Wdf01000 - ok
11:24:55.0070 1132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:24:55.0160 1132 WdiServiceHost - ok
11:24:55.0163 1132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:24:55.0198 1132 WdiSystemHost - ok
11:24:55.0228 1132 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:24:55.0290 1132 WebClient - ok
11:24:55.0323 1132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:24:55.0400 1132 Wecsvc - ok
11:24:55.0438 1132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:24:55.0513 1132 wercplsupport - ok
11:24:55.0543 1132 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:24:55.0595 1132 WerSvc - ok
11:24:55.0625 1132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:24:55.0688 1132 WfpLwf - ok
11:24:55.0700 1132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:24:55.0720 1132 WIMMount - ok
11:24:55.0733 1132 WinDefend - ok
11:24:55.0738 1132 WinHttpAutoProxySvc - ok
11:24:55.0780 1132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:24:55.0835 1132 Winmgmt - ok
11:24:55.0883 1132 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:24:56.0005 1132 WinRM - ok
11:24:56.0070 1132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:24:56.0115 1132 WinUsb - ok
11:24:56.0158 1132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:24:56.0233 1132 Wlansvc - ok
11:24:56.0273 1132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:24:56.0293 1132 WmiAcpi - ok
11:24:56.0338 1132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:24:56.0395 1132 wmiApSrv - ok
11:24:56.0428 1132 WMPNetworkSvc - ok
11:24:56.0450 1132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:24:56.0498 1132 WPCSvc - ok
11:24:56.0525 1132 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:24:56.0565 1132 WPDBusEnum - ok
11:24:56.0580 1132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:24:56.0645 1132 ws2ifsl - ok
11:24:56.0673 1132 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:24:56.0733 1132 wscsvc - ok
11:24:56.0740 1132 WSearch - ok
11:24:56.0805 1132 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:24:56.0930 1132 wuauserv - ok
11:24:56.0970 1132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:24:57.0015 1132 WudfPf - ok
11:24:57.0038 1132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:24:57.0080 1132 WUDFRd - ok
11:24:57.0108 1132 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:24:57.0198 1132 wudfsvc - ok
11:24:57.0225 1132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:24:57.0283 1132 WwanSvc - ok
11:24:57.0325 1132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:24:57.0433 1132 \Device\Harddisk0\DR0 - ok
11:24:57.0458 1132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:24:57.0518 1132 \Device\Harddisk1\DR1 - ok
11:24:57.0520 1132 Boot (0x1200) (b7c28e98bb582548a2305bdf65d7b399) \Device\Harddisk0\DR0\Partition0
11:24:57.0520 1132 \Device\Harddisk0\DR0\Partition0 - ok
11:24:57.0548 1132 Boot (0x1200) (361cad6f73236cc2f0006fe7d4648b41) \Device\Harddisk0\DR0\Partition1
11:24:57.0548 1132 \Device\Harddisk0\DR0\Partition1 - ok
11:24:57.0553 1132 Boot (0x1200) (639a1a92e82b70861681499c2957aa89) \Device\Harddisk1\DR1\Partition0
11:24:57.0553 1132 \Device\Harddisk1\DR1\Partition0 - ok
11:24:57.0553 1132 ============================================================
11:24:57.0553 1132 Scan finished
11:24:57.0553 1132 ============================================================
11:24:57.0563 3332 Detected object count: 1
11:24:57.0563 3332 Actual detected object count: 1
11:25:39.0453 3332 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:39.0453 3332 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 Příspěvek od **vyosek** » 01 dub 2012 14:44

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

CUPR · #5 Příspěvek od **CUPR** » 01 dub 2012 22:07

Děkuji MOC za perfektní vedení k odstranění problému. Tak trochu mi ale zatrnulo, když mi ComboFix začal cosi mazat a pak restartoval PC, ale snad vše dopadne dle očekávání. Přikládám požadovaný log, který ComboFix vygeneroval. Mám stále vypnutý Firewall a odinstaloval jsem i antivir. Mohu ho již znovu nainstalovat a a Firewall opět zapnout?

ComboFix 12-04-01.01 - Karel Rösler 01.04.2012 22:44:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2451 [GMT 2:00]
Spuštěný z: c:\users\Karel R÷sler\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\QIP 2012\Core\MousePhone.dll
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\LICENSE
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 11:14 . 2012-04-01 11:14 -------- d-----w- c:\users\Karel Rösler\DoctorWeb
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\users\Karel Rösler\AppData\Local\antiphishing-vmntbcleaner1_0dn
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-01 09:01 . 2012-04-01 09:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-31 23:36 . 2012-03-31 23:44 -------- d-----w- c:\program files\trend micro
2012-03-31 23:36 . 2012-03-31 23:36 -------- d-----w- C:\rsit
2012-03-31 10:12 . 2012-03-31 10:12 -------- d-----w- c:\program files\iPod
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files\iTunes
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files (x86)\iTunes
2012-03-14 19:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 19:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:02 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:02 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:02 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 09:53 . 2012-03-08 09:53 -------- d-----w- c:\users\Karel Rösler\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2010-01-06 10:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 10:35 . 2011-05-19 05:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-20 09:06 . 2010-05-03 08:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-09 13:13 . 2011-12-19 20:43 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2011-12-19 20:43 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-02-09 13:13 . 2011-12-19 20:41 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-01-04 10:44 . 2012-02-15 08:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 08:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2010-01-26 09:11 . 2011-08-03 18:13 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-05 217256]
.
c:\users\Karel Rösler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CorelDRAW Graphics Suite 11b"=c:\program files (x86)\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=042110 serial=DR11CRD-0012082-DGW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
R1 plafvois;plafvois;c:\windows\system32\drivers\plafvois.sys [x]
R1 uqcaaovm;uqcaaovm;c:\windows\system32\drivers\uqcaaovm.sys [x]
R1 yrpkoabd;yrpkoabd;c:\windows\system32\drivers\yrpkoabd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 23:49]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6963232]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"combofix"="c:\combofix\CF23711.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 2
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-Run-Reasonable NoClone - c:\program files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
AddRemove-GeoKuk - c:\windows\system32\javaws.exe
AddRemove-UnityWebPlayer - c:\users\Karel Rösler\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"=hex:51,66,7a,6c,4c,1d,38,12,8f,08,b3,
1a,66,20,44,0b,ff,8f,2b,43,05,e1,67,f5
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"=hex:51,66,7a,6c,4c,1d,38,12,fb,9f,4c,
a1,83,65,cc,0b,c3,61,9c,ea,b2,d6,76,da
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EA837F48-5AD1-443E-AE34-FFE03CBF3099}"=hex:51,66,7a,6c,4c,1d,38,12,26,7c,90,
ee,e3,14,50,01,d1,22,bc,a0,39,e1,74,8d
"{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}"=hex:51,66,7a,6c,4c,1d,38,12,ec,d2,b9,
ff,48,72,aa,0e,da,ff,63,3b,8b,51,46,e9
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d9,11,7c,d3,31,ae,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,27,a8,6f,88,c4,95,43,82,55,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,27,a8,6f,88,c4,95,43,82,55,a8,\
.
[HKEY_USERS\S-1-5-21-1318475494-1401390998-2317853681-1000\x*E*¬ ]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:ce,df,a0,45,73,4c,d2,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Celkový čas: 2012-04-01 22:56:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-01 20:56
.
Před spuštěním: Volných bajtů: 159 642 382 336
Po spuštění: Volných bajtů: 159 329 869 824
.
- - End Of File - - 3BA2A8740E159E5A026520FA3F255399

Ještě jedno DĚKUJI za vaši pomoc !!!

CUPR · #6 Příspěvek od **CUPR** » 02 dub 2012 03:40

PROBLÉM VYŘEŠEN!!!
Tak mne napadlo, abych mohl smazat soubor tmp.edb musím vypnout funkci Windows Search v systému, protože pokud je v činnosti, soubor nelze smazat. Vypnul jsem tedy tuto funkci a šel do příslušné složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb abych soubor smazal. Vypnutím funkce však tento soubor díky tomu že je dočasný zmizel. Takže jsem ho nemusel ani mazat.

Pak mne napadlo, že když tedy "zmizel", vzal s sebou asi i toho Trojana

a tak jsem udělal kompletní sken celého PC a antivir nic nenašel. Znovu jsem zapnul funkci Windows Search - popravdě trochu s obavami, že tam ten Trojan někde sedí a číhá, ale po dalším podrobném skenu je PC čistý.
Takže mi zbývá MOC poděkovat za pomoc a podrobný návod. Snad bude teď klid.

#7 Příspěvek od **vyosek** » 02 dub 2012 09:37

Jeste tam ale spousta haveti je

Takze docistime

Pokud nemate, tak presunte Combofix primo na disk c:\ aby nebyl v zadne slozce

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\drivers\plafvois.sys
c:\windows\system32\drivers\uqcaaovm.sys
c:\windows\system32\drivers\yrpkoabd.sys

Driver::
plafvois
uqcaaovm
yrpkoabd
gupdate
gupdatem

Folder::
c:\program files (x86)\Ask.com

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
mStart Page = hxxp://search.myheritage.com
Trusted Zone: mojebanka.cz\www

Firefox::
FF - ProfilePath - c:\users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 2
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1318475494-1401390998-2317853681-1000\x*E*¬ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt taktez primo na disk c:\
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

CUPR · #8 Příspěvek od **CUPR** » 02 dub 2012 10:19

OK - ale než začnu raději se zeptám:
Mám opět nainstalovaný antivirový program, včetně zapnutého Firewallu, opět jsem nainstaloval softwareZrychlení počítače (mám koupenou licenci). Mohu to tak nechat, nebo opět odinstalovat a vypnout? ComboFix mám na ploše PC. To přetažení souboru *.txt na ikonu ComboFixu funguje jako vložení do programu i takto - jako kopírování do složky? Omlouvám se, ale dělám to poprvé.
Děkuji za péči a pomoc!

Toto je fakt prima web - obdivuji tu starost, obětavost a pomoc dotáhnout vše do konce! Pěkně podrobně, že snad nejde ani udělat chybu! Ještě jednou MOC díky, začíná se mi tady líbit!

#9 Příspěvek od **vyosek** » 02 dub 2012 10:35

Zrychlení počítače - uuuuuplne zbytecne vyhozene penize

vypnete stit antiviru, jinak bude branit CF v cinnosti

Je to normalni pretazeni - uchopite a pretahne a jak budete na Cf tak pustite

Jinak neni zac, pomahame radi. Ono podrobny navod je dobry i pro me - uzivatel se pak nemusi tolik ptat

CUPR · #10 Příspěvek od **CUPR** » 02 dub 2012 10:45

Musím ten antivir opět odinstalovat - používám Microsoft Security Essentials a nevidím nikde, že by se dal pouze vypnout. Firewall předpokládám také vypnout? No, ten software Zrychlení počítače si nemohu vynachválit, kolikrát mi najde řádově až tisíce nepotřebných souborů, které pak odstraním. Vedu si evidenci a rekord je 20 971 souborů.
Hlavně mi prosím neutečte, než to tady komplet vyčistíme! Díky!

CUPR · #11 Příspěvek od **CUPR** » 02 dub 2012 11:14

Tak vše jsem provedl dle vašeho návodu - odinstaloval jsem antivir, vypnul Firewall. Tentokrát nedošlo k restartu PC
Zde je vygenerovaný Log Report:

ComboFix 12-04-01.01 - Karel Rösler 02.04.2012 11:53:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.1846 [GMT 2:00]
Spuštěný z: c:\users\Karel R÷sler\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karel R÷sler\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 10:01 . 2012-04-02 10:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-02 10:01 . 2012-04-02 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 09:58 . 2012-04-02 09:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A95C7467-C04E-4662-8148-D8F49416B42F}\offreg.dll
2012-04-02 06:19 . 2012-04-02 06:19 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 02:55 . 2012-04-02 02:55 -------- d-----w- c:\program files\Google
2012-04-02 02:55 . 2012-04-02 06:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 01:32 . 2012-04-02 01:32 -------- d-----w- c:\users\Karel Rösler\AppData\Local\Speedchecker
2012-04-01 21:16 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A95C7467-C04E-4662-8148-D8F49416B42F}\mpengine.dll
2012-04-01 11:14 . 2012-04-01 11:14 -------- d-----w- c:\users\Karel Rösler\DoctorWeb
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\users\Karel Rösler\AppData\Local\antiphishing-vmntbcleaner1_0dn
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-01 09:01 . 2012-04-01 09:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-31 23:36 . 2012-03-31 23:44 -------- d-----w- c:\program files\trend micro
2012-03-31 23:36 . 2012-03-31 23:36 -------- d-----w- C:\rsit
2012-03-31 10:12 . 2012-03-31 10:12 -------- d-----w- c:\program files\iPod
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files\iTunes
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files (x86)\iTunes
2012-03-14 19:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 19:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:02 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:02 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:02 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 19:00 . 2012-03-13 19:00 830976 ----a-w- c:\windows\yowindow.scr
2012-03-08 09:53 . 2012-03-08 09:53 -------- d-----w- c:\users\Karel Rösler\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 06:19 . 2011-05-19 05:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 07:18 . 2010-01-06 10:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 09:06 . 2010-05-03 08:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-09 13:13 . 2011-12-19 20:43 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2011-12-19 20:43 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-02-09 13:13 . 2011-12-19 20:41 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-01-04 10:44 . 2012-02-15 08:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 08:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2010-01-26 09:11 . 2011-08-03 18:13 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_20.51.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-18 22:46 . 2012-04-01 00:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-18 22:46 . 2012-04-02 05:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-01 00:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-02 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 00:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 09:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 00:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-06 10:00 . 2012-04-02 01:38 50584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-02 05:35 42732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-06 10:00 . 2012-04-02 05:35 20056 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318475494-1401390998-2317853681-1000_UserData.bin
+ 2010-01-06 16:47 . 2012-04-02 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-06 16:47 . 2012-04-01 09:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-06 16:47 . 2012-04-01 09:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-06 16:47 . 2012-04-02 06:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 09:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-03-31 19:28 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-04-02 01:25 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-02 02:55 . 2012-04-02 02:55 28160 c:\windows\Installer\488d66.msi
+ 2011-06-06 14:08 . 2012-04-01 20:58 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-02 05:34 . 2012-04-02 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-01 20:51 . 2012-04-01 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 05:34 . 2012-04-02 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-01 20:51 . 2012-04-01 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-02 06:19 . 2012-04-02 06:19 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-02 02:55 . 2012-04-02 02:55 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-02 02:55 . 2012-04-02 02:55 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-02 02:55 . 2012-04-02 06:19 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 02:36 . 2012-04-02 09:47 619258 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-02 09:47 634852 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-02 09:47 107578 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-04-02 09:47 123442 c:\windows\system32\perfc005.dat
+ 2012-04-02 06:19 . 2012-04-02 06:19 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2012-04-02 02:55 . 2012-04-02 02:55 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe
+ 2012-04-02 02:55 . 2012-04-02 02:55 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.dll
- 2009-07-14 05:12 . 2012-02-18 19:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-02 02:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-02 03:16 401696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-01 20:50 401696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-02 06:19 . 2012-04-02 06:19 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2009-07-14 04:45 . 2012-04-02 01:25 7150372 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-15 13:11 7150372 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-22 22:42 . 2012-04-02 01:35 2898960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-19 00:52 . 2012-04-01 20:50 2047152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1318475494-1401390998-2317853681-1000-8192.dat
+ 2011-04-19 00:52 . 2012-04-02 03:16 2047152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1318475494-1401390998-2317853681-1000-8192.dat
+ 2011-04-19 23:33 . 2012-04-02 03:16 3540668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1318475494-1401390998-2317853681-1000-12288.dat
+ 2009-07-14 02:34 . 2012-04-02 01:24 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-15 13:08 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-02 06:19 . 2012-04-02 06:19 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-02-08 188640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-05 217256]
.
c:\users\Karel Rösler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CorelDRAW Graphics Suite 11b"=c:\program files (x86)\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=042110 serial=DR11CRD-0012082-DGW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
R1 plafvois;plafvois;c:\windows\system32\drivers\plafvois.sys [x]
R1 uqcaaovm;uqcaaovm;c:\windows\system32\drivers\uqcaaovm.sys [x]
R1 yrpkoabd;yrpkoabd;c:\windows\system32\drivers\yrpkoabd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-02-08 276704]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:19]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 23:49]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6963232]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 2
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
HKLM-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"=hex:51,66,7a,6c,4c,1d,38,12,8f,08,b3,
1a,66,20,44,0b,ff,8f,2b,43,05,e1,67,f5
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"=hex:51,66,7a,6c,4c,1d,38,12,fb,9f,4c,
a1,83,65,cc,0b,c3,61,9c,ea,b2,d6,76,da
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EA837F48-5AD1-443E-AE34-FFE03CBF3099}"=hex:51,66,7a,6c,4c,1d,38,12,26,7c,90,
ee,e3,14,50,01,d1,22,bc,a0,39,e1,74,8d
"{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}"=hex:51,66,7a,6c,4c,1d,38,12,ec,d2,b9,
ff,48,72,aa,0e,da,ff,63,3b,8b,51,46,e9
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d9,11,7c,d3,31,ae,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,27,a8,6f,88,c4,95,43,82,55,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,27,a8,6f,88,c4,95,43,82,55,a8,\
.
[HKEY_USERS\S-1-5-21-1318475494-1401390998-2317853681-1000\x*E*¬ ]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:ce,df,a0,45,73,4c,d2,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-02 12:09:57
ComboFix-quarantined-files.txt 2012-04-02 10:09
ComboFix2.txt 2012-04-01 20:56
.
Před spuštěním: Volných bajtů: 155 040 501 760
Po spuštění: Volných bajtů: 154 990 473 216
.
- - End Of File - - 9D9AE7E19E37FE2F86E775F7F765C6AB

#12 Příspěvek od **vyosek** » 02 dub 2012 12:06

Zrychleni PC se da nahradit uplne v pohode free aplikacemi

Stacilo napsat, MSE se da vypnout

CF neprovedl co mel, jelikoz jste se nedrzel navodu - CF i skript musi byt primo na disku c:\ a byly na plose = vadila mu diakritika v nazvu uctu proto neudelal co mel

Takze prosim jeste jednou

CUPR · #13 Příspěvek od **CUPR** » 02 dub 2012 14:35

Prosím, moc se omlouvám. Tentokrát je Log Report přímo z C:/
Budu rovněž rád, když mi napíšete, KDE se dá MSE vypnout.

Zde je požadovaný Log Report:

ComboFix 12-04-01.01 - Karel Rösler 02.04.2012 15:13:47.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2643 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_cac4.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_plafvois
-------\Service_uqcaaovm
-------\Service_yrpkoabd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 13:19 . 2012-04-02 13:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-02 13:19 . 2012-04-02 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 06:19 . 2012-04-02 06:19 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 02:55 . 2012-04-02 02:55 -------- d-----w- c:\program files\Google
2012-04-02 02:55 . 2012-04-02 06:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 01:32 . 2012-04-02 01:32 -------- d-----w- c:\users\Karel Rösler\AppData\Local\Speedchecker
2012-04-01 21:16 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A95C7467-C04E-4662-8148-D8F49416B42F}\mpengine.dll
2012-04-01 11:14 . 2012-04-01 11:14 -------- d-----w- c:\users\Karel Rösler\DoctorWeb
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\users\Karel Rösler\AppData\Local\antiphishing-vmntbcleaner1_0dn
2012-04-01 09:01 . 2012-04-01 09:01 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-01 09:01 . 2012-04-01 09:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-31 23:36 . 2012-03-31 23:44 -------- d-----w- c:\program files\trend micro
2012-03-31 23:36 . 2012-03-31 23:36 -------- d-----w- C:\rsit
2012-03-31 10:12 . 2012-03-31 10:12 -------- d-----w- c:\program files\iPod
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files\iTunes
2012-03-31 10:12 . 2012-03-31 10:13 -------- d-----w- c:\program files (x86)\iTunes
2012-03-14 19:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 19:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:02 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:02 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:02 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 19:00 . 2012-03-13 19:00 830976 ----a-w- c:\windows\yowindow.scr
2012-03-08 09:53 . 2012-03-08 09:53 -------- d-----w- c:\users\Karel Rösler\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 06:19 . 2011-05-19 05:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 07:18 . 2010-01-06 10:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 09:06 . 2010-05-03 08:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-09 13:13 . 2011-12-19 20:43 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2011-12-19 20:43 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-02-09 13:13 . 2011-12-19 20:41 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-02-09 13:13 . 2011-12-19 20:41 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-01-04 10:44 . 2012-02-15 08:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 08:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2010-01-26 09:11 . 2011-08-03 18:13 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-02_10.01.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-18 22:46 . 2012-04-02 13:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-18 22:46 . 2012-04-02 05:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-02 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-02 09:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-02 10:20 42772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-01-06 10:00 . 2012-04-02 05:35 20056 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318475494-1401390998-2317853681-1000_UserData.bin
+ 2010-01-06 10:00 . 2012-04-02 10:20 20056 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318475494-1401390998-2317853681-1000_UserData.bin
+ 2012-04-02 13:20 . 2012-04-02 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 05:34 . 2012-04-02 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 05:34 . 2012-04-02 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-02 13:20 . 2012-04-02 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-02 09:47 619258 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 10:22 619258 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-02 10:22 634852 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-04-02 09:47 634852 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-02 10:22 107578 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-02 09:47 107578 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-02 09:47 123442 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-02 10:22 123442 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-04-02 03:16 401696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 13:19 401696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 00:52 . 2012-04-02 13:19 2047152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1318475494-1401390998-2317853681-1000-8192.dat
- 2011-04-19 00:52 . 2012-04-02 03:16 2047152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1318475494-1401390998-2317853681-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-02-08 188640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-05 217256]
.
c:\users\Karel Rösler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CorelDRAW Graphics Suite 11b"=c:\program files (x86)\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=042110 serial=DR11CRD-0012082-DGW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-02-08 276704]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6963232]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.exe" [BU]
"combofix"="c:\combofix\CF21150.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Karel Rösler\AppData\Roaming\Mozilla\Firefox\Profiles\6j4c6wpn.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1318475494-1401390998-2317853681-1000\x*E*¬ ]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:ce,df,a0,45,73,4c,d2,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Celkový čas: 2012-04-02 15:25:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-02 13:25
ComboFix2.txt 2012-04-01 20:56
.
Před spuštěním: Volných bajtů: 155 061 571 584
Po spuštění: Volných bajtů: 154 761 838 592
.
- - End Of File - - A481119D251CF9F57589A7E8D10E69F4

#14 Příspěvek od **vyosek** » 02 dub 2012 14:37

Ja z logu poznam odkud je CF i skript spusten

Ad MSE - Nastaveni - Ochrana v realnem case

Jak se chova PC nyni

CUPR · #15 Příspěvek od **CUPR** » 02 dub 2012 14:41

PC se chová "normálně". Nezpozoroval jsem žádné problémy (zpomalení, chyby aplikací apod.) ani před naším čištěním. Jen mne rozhodil ten Trojan, který mi antivir našel při pravidelném (1x za měsíc projedu podrobně celý PC) skenu. Ani netuším kdy a při jaké příležitosti mi sem přiklusal.
Takže teď by mělo být vše OK?
Pokud jsme již vše vyčistili, nezbývá mi než Vám MOC poděkovat za Váš čas a trpělivost. Vážím si toho!
DĚKUJI a přeji pěkný den! Přeji rovněž hodně spokojených uživatelů!

VIRY.CZ

TrojanDownloader:Win32/Plingky.C - nelze odstranit

TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit

Re: TrojanDownloader:Win32/Plingky.C - nelze odstranit