VIRY.CZ

Zdravím všechny,
Před pár dny mi začal Eset hlásit tyto 2 viry. Nechápu, kudy se mi dostali do PC, protože stahuju jen ověřená data a nechávám si vše, co stáhnu scanovat přes net, tedy neznám zdroj, ze kterého se viry rozšířily a kamarád mi poradil tuto stránku. Takže poníženě žádám o pomoc


Log RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Malcolm at 2012-07-28 12:11:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 131 GB (14%) free of 954 GB
Total RAM: 8169 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:19, on 28.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Steam\steam.exe
c:\program files (x86)\steam\steamapps\pumrus\team fortress 2\hl2.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Malcolm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={50796532-0 ... 2012-07-14 15:08:03&v=11.1.0.12&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O1 - Hosts: set realmlist narnias.gamers.cz
O1 - Hosts: set patchlist eu.version.worldofwarcraft.com
O1 - Hosts: set realmlistbn ""
O1 - Hosts: set portal eu
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll (file missing)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14504 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2056
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4600 series#1313089467" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
"C:\Windows\System32\rundll32.exe" P17.dll,P17Helper
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Steam\steam.exe" "steam://rungameid/440"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"c:\program files (x86)\steam\steamapps\pumrus\team fortress 2\hl2.exe" -game tf -steam
C:\Program Files (x86)\Steam\GameOverlayUI.exe -pid 4940 -manuallyclearframes 0
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4792.12b71b60.947360638 "C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4792 "\\.\pipe\gecko-crash-server-pipe.4792" plugin
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey E328904C-C621-B757-6E94-333E277A7217 -Reinvoke
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Malcolm\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B9f ... &sap=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\extensions\
DTToolbar@toolbarnet.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-08-01 1536320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-08-01 1000768]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-02 11545192]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2010-10-27 613536]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2010-10-27 379040]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-08-13 1242448]
"OfficeSyncProcess"=C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-22 718720]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-08-01 124480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-26 375000]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-06-30 74752]
"CTSysVol"=C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-06-11 641704]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe []
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-04-19 336952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-28 12:11:15 ----D---- C:\rsit
2012-07-28 12:11:15 ----D---- C:\Program Files\trend micro
2012-07-28 12:01:22 ----D---- C:\Program Files\CCleaner
2012-07-24 17:46:38 ----SHD---- C:\Windows\system32\%APPDATA%
2012-07-21 21:22:47 ----D---- C:\Program Files (x86)\TERA
2012-07-14 16:45:00 ----D---- C:\ProgramData\Blizzard Entertainment
2012-07-14 16:40:43 ----D---- C:\Windows\Sun
2012-07-14 15:19:54 ----D---- C:\ProgramData\Blizzard
2012-07-14 15:12:09 ----D---- C:\Users\Malcolm\AppData\Roaming\PowerISO
2012-07-14 15:08:02 ----D---- C:\ProgramData\AVG Secure Search
2012-07-14 15:08:00 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-07-14 15:07:28 ----D---- C:\Program Files (x86)\PowerISO
2012-07-14 15:07:28 ----A---- C:\Windows\system32\drivers\scdemu.sys
2012-07-14 14:53:36 ----D---- C:\Program Files (x86)\World of Warcraft
2012-07-12 14:27:47 ----D---- C:\ProgramData\ATI
2012-07-12 14:27:45 ----D---- C:\Program Files (x86)\AMD APP
2012-07-11 15:10:46 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 15:08:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 15:08:25 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 15:08:25 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 15:08:25 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 15:08:25 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 15:08:25 ----A---- C:\Windows\system32\url.dll
2012-07-11 15:08:25 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 15:08:25 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 15:08:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 15:08:24 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 15:08:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 15:08:24 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 15:08:24 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 15:08:24 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 15:08:24 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 15:08:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 15:08:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 15:08:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 15:08:23 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 15:08:23 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 15:08:23 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 15:08:22 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 15:08:22 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 15:08:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 14:09:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 14:09:17 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 14:09:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 14:09:17 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 14:09:17 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 14:09:17 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 14:09:15 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 14:09:14 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 14:09:12 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 14:09:12 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 14:09:12 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 14:09:12 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 14:09:12 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 14:09:12 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 14:09:12 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 14:09:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 14:09:12 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 14:09:10 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 14:09:10 ----A---- C:\Windows\system32\cdosys.dll
2012-07-10 15:00:39 ----A---- C:\Windows\system32\browserchoice.exe
2012-07-01 19:02:11 ----D---- C:\Program Files (x86)\Drakensang - The River of Time
2012-06-30 21:40:29 ----SHD---- C:\ProgramData\DSS
2012-06-30 21:35:44 ----D---- C:\Users\Malcolm\AppData\Roaming\Lionhead Studios

======List of files/folders modified in the last 1 month======

2012-07-28 12:11:19 ----D---- C:\Windows\Temp
2012-07-28 12:11:15 ----RD---- C:\Program Files
2012-07-28 12:04:04 ----D---- C:\Users\Malcolm\AppData\Roaming\Winamp
2012-07-28 12:04:04 ----D---- C:\Users\Malcolm\AppData\Roaming\Vso
2012-07-28 12:04:04 ----D---- C:\Users\Malcolm\AppData\Roaming\Media Player Classic
2012-07-28 12:04:04 ----D---- C:\Users\Malcolm\AppData\Roaming\DAEMON Tools Lite
2012-07-28 12:04:04 ----D---- C:\Program Files (x86)\Steam
2012-07-28 12:03:41 ----D---- C:\Windows\Panther
2012-07-28 12:03:41 ----D---- C:\Windows\Minidump
2012-07-28 12:03:41 ----D---- C:\Windows\Logs
2012-07-28 12:03:41 ----D---- C:\Windows\inf
2012-07-28 12:03:41 ----D---- C:\Windows\debug
2012-07-28 12:03:41 ----D---- C:\Windows
2012-07-28 12:01:24 ----D---- C:\Windows\system32\Tasks
2012-07-28 12:01:22 ----D---- C:\Windows\Prefetch
2012-07-28 11:53:43 ----SHD---- C:\Windows\Installer
2012-07-28 11:53:42 ----HD---- C:\Config.Msi
2012-07-28 11:53:32 ----SHD---- C:\System Volume Information
2012-07-28 11:53:18 ----RD---- C:\Program Files (x86)
2012-07-28 11:53:06 ----D---- C:\Windows\System32
2012-07-28 11:53:03 ----D---- C:\Windows\SysWOW64
2012-07-28 11:09:36 ----D---- C:\Windows\system32\config
2012-07-28 10:57:19 ----D---- C:\Users\Malcolm\AppData\Roaming\ICQ
2012-07-27 05:21:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-26 05:14:07 ----HD---- C:\ProgramData
2012-07-26 05:12:50 ----D---- C:\Program Files (x86)\ICQ7.5
2012-07-25 23:05:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-25 18:39:08 ----D---- C:\Program Files (x86)\ESET
2012-07-25 14:21:33 ----D---- C:\Windows\Tasks
2012-07-21 21:23:57 ----RSD---- C:\Windows\assembly
2012-07-20 02:22:24 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-19 11:06:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-07-14 15:08:00 ----D---- C:\Program Files (x86)\Common Files
2012-07-14 15:07:28 ----D---- C:\Windows\system32\drivers
2012-07-13 17:13:44 ----D---- C:\Windows\system32\catroot2
2012-07-12 14:27:25 ----D---- C:\Program Files\ATI Technologies
2012-07-12 14:25:35 ----D---- C:\Windows\system32\catroot
2012-07-12 14:24:57 ----D---- C:\Windows\system32\DriverStore
2012-07-11 16:20:51 ----D---- C:\Windows\winsxs
2012-07-11 16:19:13 ----D---- C:\Windows\SYSWOW64\migration
2012-07-11 16:19:13 ----D---- C:\Windows\system32\migration
2012-07-11 16:19:13 ----D---- C:\Program Files\Internet Explorer
2012-07-11 16:19:13 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-11 15:10:19 ----D---- C:\ProgramData\Microsoft Help
2012-07-11 15:09:07 ----A---- C:\Windows\system32\MRT.exe
2012-07-01 18:53:36 ----D---- C:\Program Files (x86)\Reality Pump
2012-06-30 19:51:37 ----D---- C:\Program Files (x86)\Microsoft Games
2012-06-30 19:51:30 ----SD---- C:\ProgramData\Microsoft
2012-06-30 10:38:22 ----D---- C:\Users\Malcolm\AppData\Roaming\BitComet
2012-06-30 10:38:19 ----D---- C:\Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv91xx;mv91xx; C:\Windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-11 270912]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-04-19 126912]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-08-12 43168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\DRIVERS\ctsfm2k.sys [2005-02-28 284160]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-08-19 21832]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\DRIVERS\ctoss2k.sys [2005-02-28 205824]
R3 P1764;Sound Blaster Audigy; C:\Windows\system32\drivers\P1764.sys [2005-07-07 1579008]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-01-28 310728]
S3 ALSysIO;ALSysIO; \??\C:\Users\Malcolm\AppData\Local\Temp\ALSysIO64.sys []
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2010-10-27 55336]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-02 2536040]
S3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-02-05 1529856]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-06-11 239616]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-14 935008]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-19 529232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-20 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

Zdravim a pekny den preji

Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

Na ten NOD 32 mate zakoupenou licenci

Pak tam vidim i zbytky po avg a McAfee

Takze na konci leceni bychom udelali v zabezpeceni poradek a pripadne dali bezpaltne reseni

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Na Noda licensi nemám. Avg jsem nikdy neinstaloval (ikdyž před pár dny mi právě začal běžet proces od AVG) Mc Afee byl předinstalován na OS, ten jsem odinstaloval.

LOG TDSSKILLER
12:44:51.0864 4424 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:44:51.0973 4424 ============================================================
12:44:51.0973 4424 Current date / time: 2012/07/28 12:44:51.0973
12:44:51.0973 4424 SystemInfo:
12:44:51.0973 4424
12:44:51.0973 4424 OS Version: 6.1.7601 ServicePack: 1.0
12:44:51.0973 4424 Product type: Workstation
12:44:51.0973 4424 ComputerName: COOLER
12:44:51.0973 4424 UserName: Malcolm
12:44:51.0973 4424 Windows directory: C:\Windows
12:44:51.0973 4424 System windows directory: C:\Windows
12:44:51.0973 4424 Running under WOW64
12:44:51.0973 4424 Processor architecture: Intel x64
12:44:51.0973 4424 Number of processors: 4
12:44:51.0973 4424 Page size: 0x1000
12:44:51.0973 4424 Boot type: Normal boot
12:44:51.0973 4424 ============================================================
12:44:53.0488 4424 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
12:45:00.0802 4424 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:04.0570 4424 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:04.0575 4424 ============================================================
12:45:04.0575 4424 \Device\Harddisk2\DR2:
12:45:04.0576 4424 MBR partitions:
12:45:04.0576 4424 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:45:04.0576 4424 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
12:45:04.0576 4424 \Device\Harddisk0\DR0:
12:45:04.0592 4424 MBR partitions:
12:45:04.0592 4424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
12:45:04.0592 4424 \Device\Harddisk1\DR1:
12:45:04.0597 4424 MBR partitions:
12:45:04.0597 4424 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
12:45:04.0597 4424 ============================================================
12:45:04.0633 4424 C: <-> \Device\Harddisk2\DR2\Partition1
12:45:04.0659 4424 D: <-> \Device\Harddisk1\DR1\Partition0
12:45:04.0684 4424 F: <-> \Device\Harddisk0\DR0\Partition0
12:45:04.0684 4424 ============================================================
12:45:04.0684 4424 Initialize success
12:45:04.0684 4424 ============================================================
12:45:29.0116 1308 ============================================================
12:45:29.0116 1308 Scan started
12:45:29.0116 1308 Mode: Manual; SigCheck; TDLFS;
12:45:29.0116 1308 ============================================================
12:45:29.0449 1308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:45:29.0487 1308 1394ohci - ok
12:45:29.0505 1308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:45:29.0513 1308 ACPI - ok
12:45:29.0524 1308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:45:29.0577 1308 AcpiPmi - ok
12:45:29.0639 1308 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:45:29.0644 1308 AdobeARMservice - ok
12:45:29.0721 1308 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:29.0736 1308 AdobeFlashPlayerUpdateSvc - ok
12:45:29.0770 1308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:45:29.0790 1308 adp94xx - ok
12:45:29.0817 1308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:45:29.0837 1308 adpahci - ok
12:45:29.0869 1308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:45:29.0876 1308 adpu320 - ok
12:45:29.0898 1308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:45:29.0997 1308 AeLookupSvc - ok
12:45:30.0043 1308 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:45:30.0071 1308 AFD - ok
12:45:30.0084 1308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:45:30.0099 1308 agp440 - ok
12:45:30.0113 1308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:45:30.0147 1308 ALG - ok
12:45:30.0160 1308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:45:30.0172 1308 aliide - ok
12:45:30.0217 1308 ALSysIO - ok
12:45:30.0276 1308 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
12:45:30.0340 1308 AMD External Events Utility - ok
12:45:30.0362 1308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:45:30.0374 1308 amdide - ok
12:45:30.0387 1308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:45:30.0418 1308 AmdK8 - ok
12:45:30.0560 1308 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
12:45:30.0970 1308 amdkmdag - ok
12:45:31.0058 1308 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
12:45:31.0088 1308 amdkmdap - ok
12:45:31.0099 1308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:45:31.0127 1308 AmdPPM - ok
12:45:31.0156 1308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:45:31.0194 1308 amdsata - ok
12:45:31.0270 1308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:45:31.0283 1308 amdsbs - ok
12:45:31.0285 1308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:45:31.0297 1308 amdxata - ok
12:45:31.0327 1308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:45:31.0365 1308 AppID - ok
12:45:31.0375 1308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:45:31.0405 1308 AppIDSvc - ok
12:45:31.0419 1308 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:45:31.0446 1308 Appinfo - ok
12:45:31.0465 1308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:45:31.0477 1308 arc - ok
12:45:31.0497 1308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:45:31.0504 1308 arcsas - ok
12:45:31.0619 1308 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:45:31.0623 1308 aspnet_state - ok
12:45:31.0647 1308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:31.0679 1308 AsyncMac - ok
12:45:31.0681 1308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:45:31.0685 1308 atapi - ok
12:45:31.0714 1308 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
12:45:31.0719 1308 AthBTPort - ok
12:45:31.0723 1308 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
12:45:31.0737 1308 ATHDFU - ok
12:45:31.0766 1308 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
12:45:31.0770 1308 AtherosSvc - ok
12:45:31.0814 1308 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
12:45:31.0822 1308 AtiHDAudioService - ok
12:45:31.0852 1308 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
12:45:31.0865 1308 atksgt - ok
12:45:31.0907 1308 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:31.0949 1308 AudioEndpointBuilder - ok
12:45:31.0952 1308 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:31.0973 1308 AudioSrv - ok
12:45:32.0141 1308 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:45:32.0209 1308 AxInstSV - ok
12:45:32.0255 1308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:45:32.0305 1308 b06bdrv - ok
12:45:32.0337 1308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:45:32.0373 1308 b57nd60a - ok
12:45:32.0441 1308 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
12:45:32.0447 1308 BCUService - ok
12:45:32.0459 1308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:45:32.0486 1308 BDESVC - ok
12:45:32.0496 1308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:45:32.0526 1308 Beep - ok
12:45:32.0566 1308 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:45:32.0604 1308 BFE - ok
12:45:32.0649 1308 BITCOMET_HELPER_SERVICE - ok
12:45:32.0685 1308 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:45:32.0718 1308 BITS - ok
12:45:32.0758 1308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:32.0793 1308 blbdrive - ok
12:45:32.0831 1308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:45:32.0858 1308 bowser - ok
12:45:32.0888 1308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:45:32.0909 1308 BrFiltLo - ok
12:45:32.0924 1308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:45:32.0932 1308 BrFiltUp - ok
12:45:32.0956 1308 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:45:32.0995 1308 Browser - ok
12:45:33.0013 1308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:45:33.0046 1308 Brserid - ok
12:45:33.0061 1308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:33.0089 1308 BrSerWdm - ok
12:45:33.0102 1308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:33.0116 1308 BrUsbMdm - ok
12:45:33.0128 1308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:33.0149 1308 BrUsbSer - ok
12:45:33.0177 1308 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
12:45:33.0184 1308 BTATH_A2DP - ok
12:45:33.0202 1308 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
12:45:33.0217 1308 BTATH_BUS - ok
12:45:33.0237 1308 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:45:33.0243 1308 BTATH_HCRP - ok
12:45:33.0263 1308 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:45:33.0269 1308 BTATH_LWFLT - ok
12:45:33.0285 1308 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
12:45:33.0302 1308 BTATH_RCP - ok
12:45:33.0331 1308 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
12:45:33.0337 1308 BtFilter - ok
12:45:33.0353 1308 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:45:33.0390 1308 BthEnum - ok
12:45:33.0411 1308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:45:33.0432 1308 BTHMODEM - ok
12:45:33.0447 1308 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:45:33.0459 1308 BthPan - ok
12:45:33.0476 1308 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:45:33.0500 1308 BTHPORT - ok
12:45:33.0516 1308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:45:33.0544 1308 bthserv - ok
12:45:33.0555 1308 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:45:33.0571 1308 BTHUSB - ok
12:45:33.0585 1308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:33.0619 1308 cdfs - ok
12:45:33.0645 1308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:33.0658 1308 cdrom - ok
12:45:33.0680 1308 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:33.0715 1308 CertPropSvc - ok
12:45:33.0734 1308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:45:33.0754 1308 circlass - ok
12:45:33.0772 1308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:45:33.0792 1308 CLFS - ok
12:45:33.0841 1308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:33.0852 1308 clr_optimization_v2.0.50727_32 - ok
12:45:33.0888 1308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:45:33.0893 1308 clr_optimization_v2.0.50727_64 - ok
12:45:33.0990 1308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:34.0002 1308 clr_optimization_v4.0.30319_32 - ok
12:45:34.0044 1308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:45:34.0056 1308 clr_optimization_v4.0.30319_64 - ok
12:45:34.0090 1308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:45:34.0116 1308 CmBatt - ok
12:45:34.0133 1308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:45:34.0145 1308 cmdide - ok
12:45:34.0195 1308 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:45:34.0227 1308 CNG - ok
12:45:34.0244 1308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:45:34.0250 1308 Compbatt - ok
12:45:34.0276 1308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:45:34.0289 1308 CompositeBus - ok
12:45:34.0291 1308 COMSysApp - ok
12:45:34.0310 1308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:45:34.0315 1308 crcdisk - ok
12:45:34.0379 1308 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:45:34.0388 1308 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:45:34.0388 1308 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:45:34.0430 1308 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:45:34.0455 1308 CryptSvc - ok
12:45:34.0497 1308 ctsfm2k (3fd3e8de24fd26c7e1d68d00ea042d93) C:\Windows\system32\DRIVERS\ctsfm2k.sys
12:45:34.0533 1308 ctsfm2k - ok
12:45:34.0636 1308 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:45:34.0641 1308 DAUpdaterSvc - ok
12:45:34.0665 1308 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:34.0701 1308 DcomLaunch - ok
12:45:34.0725 1308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:45:34.0744 1308 defragsvc - ok
12:45:34.0771 1308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:45:34.0804 1308 DfsC - ok
12:45:34.0826 1308 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:45:34.0854 1308 Dhcp - ok
12:45:34.0871 1308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:45:34.0907 1308 discache - ok
12:45:34.0932 1308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:45:34.0944 1308 Disk - ok
12:45:34.0991 1308 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:45:35.0008 1308 Dnscache - ok
12:45:35.0023 1308 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:45:35.0045 1308 dot3svc - ok
12:45:35.0101 1308 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:45:35.0133 1308 Dot4 - ok
12:45:35.0135 1308 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:45:35.0154 1308 Dot4Print - ok
12:45:35.0169 1308 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:45:35.0198 1308 dot4usb - ok
12:45:35.0212 1308 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:45:35.0240 1308 DPS - ok
12:45:35.0259 1308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:45:35.0278 1308 drmkaud - ok
12:45:35.0313 1308 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:45:35.0319 1308 dtsoftbus01 - ok
12:45:35.0353 1308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:35.0366 1308 DXGKrnl - ok
12:45:35.0415 1308 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
12:45:35.0443 1308 eamonm - ok
12:45:35.0457 1308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:45:35.0476 1308 EapHost - ok
12:45:35.0522 1308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:45:35.0576 1308 ebdrv - ok
12:45:35.0643 1308 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:45:35.0670 1308 EFS - ok
12:45:35.0725 1308 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
12:45:35.0742 1308 ehdrv - ok
12:45:35.0789 1308 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:45:35.0817 1308 ehRecvr - ok
12:45:35.0835 1308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:45:35.0842 1308 ehSched - ok
12:45:35.0907 1308 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
12:45:35.0916 1308 EhttpSrv - ok
12:45:35.0979 1308 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
12:45:36.0005 1308 ekrn - ok
12:45:36.0112 1308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:45:36.0136 1308 elxstor - ok
12:45:36.0186 1308 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:45:36.0205 1308 epfwwfpr - ok
12:45:36.0212 1308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:45:36.0232 1308 ErrDev - ok
12:45:36.0258 1308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:45:36.0287 1308 EventSystem - ok
12:45:36.0313 1308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:45:36.0344 1308 exfat - ok
12:45:36.0362 1308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:45:36.0405 1308 fastfat - ok
12:45:36.0426 1308 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:45:36.0452 1308 Fax - ok
12:45:36.0454 1308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:45:36.0473 1308 fdc - ok
12:45:36.0485 1308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:45:36.0514 1308 fdPHost - ok
12:45:36.0525 1308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:45:36.0559 1308 FDResPub - ok
12:45:36.0574 1308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:45:36.0586 1308 FileInfo - ok
12:45:36.0597 1308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:45:36.0631 1308 Filetrace - ok
12:45:36.0638 1308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:45:36.0645 1308 flpydisk - ok
12:45:36.0666 1308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:45:36.0673 1308 FltMgr - ok
12:45:36.0722 1308 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:45:36.0753 1308 FontCache - ok
12:45:36.0799 1308 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:45:36.0804 1308 FontCache3.0.0.0 - ok
12:45:36.0823 1308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:45:36.0835 1308 FsDepends - ok
12:45:36.0876 1308 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:36.0887 1308 Fs_Rec - ok
12:45:36.0918 1308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:36.0938 1308 fvevol - ok
12:45:36.0962 1308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:45:36.0987 1308 gagp30kx - ok
12:45:37.0027 1308 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:37.0049 1308 gpsvc - ok
12:45:37.0100 1308 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
12:45:37.0111 1308 hamachi - ok
12:45:37.0121 1308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:37.0149 1308 hcw85cir - ok
12:45:37.0183 1308 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:37.0205 1308 HdAudAddService - ok
12:45:37.0228 1308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:45:37.0248 1308 HDAudBus - ok
12:45:37.0250 1308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:45:37.0275 1308 HidBatt - ok
12:45:37.0292 1308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:45:37.0346 1308 HidBth - ok
12:45:37.0354 1308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:45:37.0374 1308 HidIr - ok
12:45:37.0384 1308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:45:37.0403 1308 hidserv - ok
12:45:37.0410 1308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:37.0423 1308 HidUsb - ok
12:45:37.0438 1308 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:37.0474 1308 hkmsvc - ok
12:45:37.0494 1308 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:37.0510 1308 HomeGroupListener - ok
12:45:37.0563 1308 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:37.0579 1308 HomeGroupProvider - ok
12:45:37.0757 1308 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:45:37.0767 1308 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:45:37.0767 1308 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:45:37.0790 1308 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:45:37.0804 1308 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:45:37.0804 1308 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:45:37.0830 1308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:37.0845 1308 HpSAMD - ok
12:45:37.0875 1308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:37.0914 1308 HTTP - ok
12:45:37.0932 1308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:37.0944 1308 hwpolicy - ok
12:45:37.0966 1308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:45:37.0979 1308 i8042prt - ok
12:45:38.0005 1308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:38.0019 1308 iaStorV - ok
12:45:38.0105 1308 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:45:38.0107 1308 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:45:38.0107 1308 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:45:38.0179 1308 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:38.0206 1308 idsvc - ok
12:45:38.0273 1308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:45:38.0287 1308 iirsp - ok
12:45:38.0326 1308 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:38.0361 1308 IKEEXT - ok
12:45:38.0422 1308 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
12:45:38.0448 1308 IntcAzAudAddService - ok
12:45:38.0494 1308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:38.0500 1308 intelide - ok
12:45:38.0527 1308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:38.0547 1308 intelppm - ok
12:45:38.0569 1308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:38.0607 1308 IPBusEnum - ok
12:45:38.0624 1308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:38.0643 1308 IpFilterDriver - ok
12:45:38.0685 1308 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:38.0727 1308 iphlpsvc - ok
12:45:38.0742 1308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:38.0761 1308 IPMIDRV - ok
12:45:38.0789 1308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:38.0830 1308 IPNAT - ok
12:45:38.0845 1308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:38.0854 1308 IRENUM - ok
12:45:38.0857 1308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:38.0868 1308 isapnp - ok
12:45:38.0907 1308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:38.0921 1308 iScsiPrt - ok
12:45:38.0937 1308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:38.0943 1308 kbdclass - ok
12:45:38.0963 1308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:38.0982 1308 kbdhid - ok
12:45:39.0018 1308 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:39.0024 1308 KeyIso - ok
12:45:39.0059 1308 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:45:39.0066 1308 KSecDD - ok
12:45:39.0081 1308 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:39.0088 1308 KSecPkg - ok
12:45:39.0099 1308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:39.0149 1308 ksthunk - ok
12:45:39.0186 1308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:39.0221 1308 KtmRm - ok
12:45:39.0259 1308 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:45:39.0294 1308 LanmanServer - ok
12:45:39.0489 1308 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:39.0534 1308 LanmanWorkstation - ok
12:45:39.0613 1308 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:45:39.0628 1308 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:45:39.0629 1308 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:45:39.0662 1308 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
12:45:39.0683 1308 lirsgt - ok
12:45:39.0699 1308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:39.0740 1308 lltdio - ok
12:45:39.0776 1308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:39.0796 1308 lltdsvc - ok
12:45:39.0810 1308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:39.0835 1308 lmhosts - ok
12:45:39.0869 1308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:45:39.0882 1308 LSI_FC - ok
12:45:39.0887 1308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:45:39.0900 1308 LSI_SAS - ok
12:45:39.0916 1308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:45:39.0929 1308 LSI_SAS2 - ok
12:45:39.0934 1308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:45:39.0947 1308 LSI_SCSI - ok
12:45:39.0963 1308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:39.0993 1308 luafv - ok
12:45:40.0045 1308 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:45:40.0050 1308 McComponentHostService - ok
12:45:40.0082 1308 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:40.0090 1308 Mcx2Svc - ok
12:45:40.0103 1308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:45:40.0121 1308 megasas - ok
12:45:40.0156 1308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:45:40.0171 1308 MegaSR - ok
12:45:40.0191 1308 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:45:40.0195 1308 MEIx64 - ok
12:45:40.0262 1308 Microsoft SharePoint Workspace Audit Service - ok
12:45:40.0291 1308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:40.0316 1308 MMCSS - ok
12:45:40.0336 1308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:40.0363 1308 Modem - ok
12:45:40.0390 1308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:40.0416 1308 monitor - ok
12:45:40.0447 1308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:40.0453 1308 mouclass - ok
12:45:40.0460 1308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:40.0467 1308 mouhid - ok
12:45:40.0486 1308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:40.0498 1308 mountmgr - ok
12:45:40.0585 1308 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:40.0591 1308 MozillaMaintenance - ok
12:45:40.0629 1308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:40.0638 1308 mpio - ok
12:45:40.0652 1308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:40.0676 1308 mpsdrv - ok
12:45:40.0706 1308 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:40.0729 1308 MpsSvc - ok
12:45:40.0748 1308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:40.0766 1308 MRxDAV - ok
12:45:40.0793 1308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:40.0820 1308 mrxsmb - ok
12:45:40.0838 1308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:40.0858 1308 mrxsmb10 - ok
12:45:40.0868 1308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:40.0881 1308 mrxsmb20 - ok
12:45:40.0892 1308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:40.0904 1308 msahci - ok
12:45:40.0920 1308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:40.0933 1308 msdsm - ok
12:45:40.0950 1308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:40.0980 1308 MSDTC - ok
12:45:41.0004 1308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:41.0022 1308 Msfs - ok
12:45:41.0032 1308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:41.0067 1308 mshidkmdf - ok
12:45:41.0078 1308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:41.0090 1308 msisadrv - ok
12:45:41.0112 1308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:41.0142 1308 MSiSCSI - ok
12:45:41.0144 1308 msiserver - ok
12:45:41.0165 1308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:41.0188 1308 MSKSSRV - ok
12:45:41.0195 1308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:41.0218 1308 MSPCLOCK - ok
12:45:41.0220 1308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:41.0248 1308 MSPQM - ok
12:45:41.0263 1308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:41.0271 1308 MsRPC - ok
12:45:41.0284 1308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:45:41.0290 1308 mssmbios - ok
12:45:41.0292 1308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:41.0320 1308 MSTEE - ok
12:45:41.0336 1308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:45:41.0343 1308 MTConfig - ok
12:45:41.0358 1308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:41.0371 1308 Mup - ok
12:45:41.0393 1308 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
12:45:41.0400 1308 mv91xx - ok
12:45:41.0425 1308 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:41.0452 1308 napagent - ok
12:45:41.0492 1308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:41.0529 1308 NativeWifiP - ok
12:45:41.0600 1308 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
12:45:41.0608 1308 NAUpdate - ok
12:45:41.0634 1308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:41.0653 1308 NDIS - ok
12:45:41.0668 1308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:41.0693 1308 NdisCap - ok
12:45:41.0712 1308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:41.0744 1308 NdisTapi - ok
12:45:41.0764 1308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:41.0797 1308 Ndisuio - ok
12:45:41.0811 1308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:41.0844 1308 NdisWan - ok
12:45:41.0860 1308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:41.0890 1308 NDProxy - ok
12:45:41.0913 1308 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
12:45:41.0916 1308 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:41.0916 1308 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:41.0927 1308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:41.0970 1308 NetBIOS - ok
12:45:41.0978 1308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:42.0003 1308 NetBT - ok
12:45:42.0035 1308 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:42.0041 1308 Netlogon - ok
12:45:42.0096 1308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:42.0144 1308 Netman - ok
12:45:42.0252 1308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:42.0257 1308 NetMsmqActivator - ok
12:45:42.0259 1308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:42.0263 1308 NetPipeActivator - ok
12:45:42.0284 1308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:42.0316 1308 netprofm - ok
12:45:42.0318 1308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:42.0323 1308 NetTcpActivator - ok
12:45:42.0324 1308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:42.0329 1308 NetTcpPortSharing - ok
12:45:42.0374 1308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:45:42.0392 1308 nfrd960 - ok
12:45:42.0419 1308 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:42.0452 1308 NlaSvc - ok
12:45:42.0563 1308 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
12:45:42.0577 1308 NMIndexingService - ok
12:45:42.0592 1308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:42.0616 1308 Npfs - ok
12:45:42.0621 1308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:42.0648 1308 nsi - ok
12:45:42.0661 1308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:42.0696 1308 nsiproxy - ok
12:45:42.0738 1308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:42.0756 1308 Ntfs - ok
12:45:42.0805 1308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:42.0839 1308 Null - ok
12:45:42.0857 1308 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:45:42.0895 1308 nusb3hub - ok
12:45:42.0916 1308 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:45:42.0931 1308 nusb3xhc - ok
12:45:42.0973 1308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:42.0988 1308 nvraid - ok
12:45:43.0014 1308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:43.0033 1308 nvstor - ok
12:45:43.0062 1308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:43.0076 1308 nv_agp - ok
12:45:43.0088 1308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:43.0109 1308 ohci1394 - ok
12:45:43.0173 1308 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:43.0185 1308 ose - ok
12:45:43.0312 1308 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:43.0371 1308 osppsvc - ok
12:45:43.0466 1308 ossrv (8f1ae0e294fda33d5591c1120b39fd56) C:\Windows\system32\DRIVERS\ctoss2k.sys
12:45:43.0487 1308 ossrv - ok
12:45:43.0548 1308 P17 (9d8fd582c9c977a9675f9e987a8333dd) C:\Windows\system32\drivers\P17.sys
12:45:43.0573 1308 P17 - ok
12:45:43.0614 1308 P1764 (f9a7d851396745d75dd3fc98dd1f82e4) C:\Windows\system32\drivers\P1764.sys
12:45:43.0639 1308 P1764 - ok
12:45:43.0665 1308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:43.0699 1308 p2pimsvc - ok
12:45:43.0726 1308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:43.0734 1308 p2psvc - ok
12:45:43.0758 1308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:45:43.0786 1308 Parport - ok
12:45:43.0828 1308 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:43.0879 1308 partmgr - ok
12:45:43.0895 1308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:43.0911 1308 PcaSvc - ok
12:45:43.0930 1308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:43.0949 1308 pci - ok
12:45:43.0960 1308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:43.0972 1308 pciide - ok
12:45:43.0980 1308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:45:43.0993 1308 pcmcia - ok
12:45:44.0004 1308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:44.0016 1308 pcw - ok
12:45:44.0037 1308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:44.0072 1308 PEAUTH - ok
12:45:44.0126 1308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:44.0147 1308 PerfHost - ok
12:45:44.0189 1308 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:44.0226 1308 pla - ok
12:45:44.0281 1308 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:44.0306 1308 PlugPlay - ok
12:45:44.0326 1308 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
12:45:44.0341 1308 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:44.0341 1308 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:44.0351 1308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:44.0365 1308 PNRPAutoReg - ok
12:45:44.0408 1308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:44.0415 1308 PNRPsvc - ok
12:45:44.0446 1308 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:44.0480 1308 PolicyAgent - ok
12:45:44.0560 1308 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:44.0600 1308 Power - ok
12:45:44.0652 1308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:44.0721 1308 PptpMiniport - ok
12:45:44.0740 1308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:45:44.0767 1308 Processor - ok
12:45:44.0803 1308 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:45:44.0826 1308 ProfSvc - ok
12:45:44.0860 1308 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:44.0866 1308 ProtectedStorage - ok
12:45:44.0885 1308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:44.0925 1308 Psched - ok
12:45:44.0957 1308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:45:44.0975 1308 ql2300 - ok
12:45:45.0045 1308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:45:45.0059 1308 ql40xx - ok
12:45:45.0107 1308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:45.0118 1308 QWAVE - ok
12:45:45.0121 1308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:45.0137 1308 QWAVEdrv - ok
12:45:45.0151 1308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:45.0175 1308 RasAcd - ok
12:45:45.0193 1308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:45.0211 1308 RasAgileVpn - ok
12:45:45.0226 1308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:45.0252 1308 RasAuto - ok
12:45:45.0257 1308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:45.0297 1308 Rasl2tp - ok
12:45:45.0319 1308 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:45.0339 1308 RasMan - ok
12:45:45.0354 1308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:45.0382 1308 RasPppoe - ok
12:45:45.0412 1308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:45.0444 1308 RasSstp - ok
12:45:45.0456 1308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:45.0476 1308 rdbss - ok
12:45:45.0479 1308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:45:45.0505 1308 rdpbus - ok
12:45:45.0512 1308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:45.0530 1308 RDPCDD - ok
12:45:45.0546 1308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:45.0595 1308 RDPENCDD - ok
12:45:45.0598 1308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:45.0616 1308 RDPREFMP - ok
12:45:45.0651 1308 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:45:45.0699 1308 RDPWD - ok
12:45:45.0725 1308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:45.0732 1308 rdyboost - ok
12:45:45.0749 1308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:45.0769 1308 RemoteAccess - ok
12:45:45.0794 1308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:45.0822 1308 RemoteRegistry - ok
12:45:45.0847 1308 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:45.0870 1308 RFCOMM - ok
12:45:45.0879 1308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:45.0912 1308 RpcEptMapper - ok
12:45:45.0932 1308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:45.0947 1308 RpcLocator - ok
12:45:45.0966 1308 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:45.0987 1308 RpcSs - ok
12:45:46.0007 1308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:46.0032 1308 rspndr - ok
12:45:46.0087 1308 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:46.0106 1308 RTL8167 - ok
12:45:46.0134 1308 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:46.0140 1308 SamSs - ok
12:45:46.0162 1308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:46.0175 1308 sbp2port - ok
12:45:46.0195 1308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:46.0215 1308 SCardSvr - ok
12:45:46.0274 1308 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
12:45:46.0288 1308 SCDEmu - ok
12:45:46.0298 1308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:46.0334 1308 scfilter - ok
12:45:46.0365 1308 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:46.0400 1308 Schedule - ok
12:45:46.0413 1308 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:46.0430 1308 SCPolicySvc - ok
12:45:46.0442 1308 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:46.0483 1308 SDRSVC - ok
12:45:46.0515 1308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:46.0561 1308 secdrv - ok
12:45:46.0571 1308 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:46.0589 1308 seclogon - ok
12:45:46.0609 1308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:45:46.0639 1308 SENS - ok
12:45:46.0642 1308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:46.0653 1308 SensrSvc - ok
12:45:46.0657 1308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:46.0670 1308 Serenum - ok
12:45:46.0695 1308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:46.0724 1308 Serial - ok
12:45:46.0741 1308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:45:46.0764 1308 sermouse - ok
12:45:46.0784 1308 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:46.0807 1308 SessionEnv - ok
12:45:46.0825 1308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:46.0852 1308 sffdisk - ok
12:45:46.0854 1308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:46.0876 1308 sffp_mmc - ok
12:45:46.0878 1308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:46.0889 1308 sffp_sd - ok
12:45:46.0914 1308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:45:46.0928 1308 sfloppy - ok
12:45:46.0975 1308 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:47.0006 1308 SharedAccess - ok
12:45:47.0026 1308 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:47.0046 1308 ShellHWDetection - ok
12:45:47.0056 1308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:45:47.0073 1308 SiSRaid2 - ok
12:45:47.0093 1308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:45:47.0105 1308 SiSRaid4 - ok
12:45:47.0111 1308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:47.0130 1308 Smb - ok
12:45:47.0152 1308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:47.0174 1308 SNMPTRAP - ok
12:45:47.0270 1308 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
12:45:47.0280 1308 Sony Ericsson PCCompanion - ok
12:45:47.0291 1308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:47.0306 1308 spldr - ok
12:45:47.0320 1308 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:47.0341 1308 Spooler - ok
12:45:47.0386 1308 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:47.0433 1308 sppsvc - ok
12:45:47.0482 1308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:47.0516 1308 sppuinotify - ok
12:45:47.0585 1308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:47.0623 1308 srv - ok
12:45:47.0641 1308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:47.0664 1308 srv2 - ok
12:45:47.0701 1308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:47.0717 1308 srvnet - ok
12:45:47.0745 1308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:47.0785 1308 SSDPSRV - ok
12:45:47.0804 1308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:47.0822 1308 SstpSvc - ok
12:45:47.0866 1308 Steam Client Service - ok
12:45:47.0886 1308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:45:47.0892 1308 stexstor - ok
12:45:47.0925 1308 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:47.0937 1308 stisvc - ok
12:45:47.0948 1308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:45:47.0960 1308 swenum - ok
12:45:47.0981 1308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:48.0002 1308 swprv - ok
12:45:48.0032 1308 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:48.0061 1308 SysMain - ok
12:45:48.0108 1308 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:48.0119 1308 TabletInputService - ok
12:45:48.0137 1308 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:48.0162 1308 TapiSrv - ok
12:45:48.0172 1308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:48.0202 1308 TBS - ok
12:45:48.0277 1308 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:48.0306 1308 Tcpip - ok
12:45:48.0336 1308 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:48.0356 1308 TCPIP6 - ok
12:45:48.0375 1308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:48.0404 1308 tcpipreg - ok
12:45:48.0416 1308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:48.0446 1308 TDPIPE - ok
12:45:48.0474 1308 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:48.0484 1308 TDTCP - ok
12:45:48.0504 1308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:48.0555 1308 tdx - ok
12:45:48.0567 1308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:45:48.0579 1308 TermDD - ok
12:45:48.0601 1308 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:48.0628 1308 TermService - ok
12:45:48.0637 1308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:48.0646 1308 Themes - ok
12:45:48.0663 1308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:48.0682 1308 THREADORDER - ok
12:45:48.0701 1308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:48.0728 1308 TrkWks - ok
12:45:48.0773 1308 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:48.0806 1308 TrustedInstaller - ok
12:45:48.0830 1308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:48.0861 1308 tssecsrv - ok
12:45:48.0879 1308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:48.0906 1308 TsUsbFlt - ok
12:45:48.0908 1308 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:45:48.0915 1308 TsUsbGD - ok
12:45:48.0944 1308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:48.0978 1308 tunnel - ok
12:45:48.0982 1308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:45:48.0995 1308 uagp35 - ok
12:45:49.0013 1308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:49.0043 1308 udfs - ok
12:45:49.0060 1308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:49.0077 1308 UI0Detect - ok
12:45:49.0085 1308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:49.0097 1308 uliagpkx - ok
12:45:49.0108 1308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:45:49.0126 1308 umbus - ok
12:45:49.0154 1308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:45:49.0206 1308 UmPass - ok
12:45:49.0223 1308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:49.0243 1308 upnphost - ok
12:45:49.0261 1308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:49.0280 1308 usbccgp - ok
12:45:49.0286 1308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:49.0294 1308 usbcir - ok
12:45:49.0311 1308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:45:49.0333 1308 usbehci - ok
12:45:49.0356 1308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:49.0378 1308 usbhub - ok
12:45:49.0390 1308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:45:49.0415 1308 usbohci - ok
12:45:49.0429 1308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:49.0451 1308 usbprint - ok
12:45:49.0472 1308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:49.0501 1308 usbscan - ok
12:45:49.0516 1308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:49.0567 1308 USBSTOR - ok
12:45:49.0663 1308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:45:49.0739 1308 usbuhci - ok
12:45:49.0755 1308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:49.0783 1308 UxSms - ok
12:45:49.0817 1308 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:49.0823 1308 VaultSvc - ok
12:45:49.0842 1308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:49.0860 1308 vdrvroot - ok
12:45:49.0884 1308 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:49.0905 1308 vds - ok
12:45:49.0926 1308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:49.0934 1308 vga - ok
12:45:49.0951 1308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:49.0984 1308 VgaSave - ok
12:45:50.0008 1308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:50.0021 1308 vhdmp - ok
12:45:50.0030 1308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:50.0042 1308 viaide - ok
12:45:50.0069 1308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:50.0087 1308 volmgr - ok
12:45:50.0105 1308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:50.0113 1308 volmgrx - ok
12:45:50.0131 1308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:50.0138 1308 volsnap - ok
12:45:50.0179 1308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:45:50.0192 1308 vsmraid - ok
12:45:50.0238 1308 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:50.0273 1308 VSS - ok
12:45:50.0358 1308 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
12:45:50.0371 1308 vToolbarUpdater11.2.0 - ok
12:45:50.0420 1308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:45:50.0463 1308 vwifibus - ok
12:45:50.0495 1308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:50.0541 1308 W32Time - ok
12:45:50.0558 1308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:45:50.0564 1308 WacomPen - ok
12:45:50.0596 1308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:50.0628 1308 WANARP - ok
12:45:50.0636 1308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:50.0653 1308 Wanarpv6 - ok
12:45:50.0719 1308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:50.0734 1308 WatAdminSvc - ok
12:45:50.0765 1308 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:50.0799 1308 wbengine - ok
12:45:50.0863 1308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:50.0876 1308 WbioSrvc - ok
12:45:50.0891 1308 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:50.0905 1308 wcncsvc - ok
12:45:50.0915 1308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:50.0937 1308 WcsPlugInService - ok
12:45:50.0964 1308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:45:50.0970 1308 Wd - ok
12:45:50.0992 1308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:51.0003 1308 Wdf01000 - ok
12:45:51.0012 1308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:51.0066 1308 WdiServiceHost - ok
12:45:51.0068 1308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:51.0077 1308 WdiSystemHost - ok
12:45:51.0123 1308 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:51.0142 1308 WebClient - ok
12:45:51.0160 1308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:51.0189 1308 Wecsvc - ok
12:45:51.0207 1308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:51.0226 1308 wercplsupport - ok
12:45:51.0272 1308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:51.0290 1308 WerSvc - ok
12:45:51.0311 1308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:51.0335 1308 WfpLwf - ok
12:45:51.0351 1308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:51.0364 1308 WIMMount - ok
12:45:51.0406 1308 WinDefend - ok
12:45:51.0411 1308 WinHttpAutoProxySvc - ok
12:45:51.0437 1308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:51.0475 1308 Winmgmt - ok
12:45:51.0517 1308 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:51.0546 1308 WinRM - ok
12:45:51.0603 1308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:51.0630 1308 WinUsb - ok
12:45:51.0667 1308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:51.0680 1308 Wlansvc - ok
12:45:51.0827 1308 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:51.0850 1308 wlidsvc - ok
12:45:51.0882 1308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:45:51.0895 1308 WmiAcpi - ok
12:45:51.0915 1308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:51.0928 1308 wmiApSrv - ok
12:45:51.0940 1308 WMPNetworkSvc - ok
12:45:51.0960 1308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:51.0967 1308 WPCSvc - ok
12:45:51.0983 1308 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:51.0991 1308 WPDBusEnum - ok
12:45:52.0003 1308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:52.0027 1308 ws2ifsl - ok
12:45:52.0047 1308 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:45:52.0071 1308 wscsvc - ok
12:45:52.0072 1308 WSearch - ok
12:45:52.0129 1308 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:45:52.0153 1308 wuauserv - ok
12:45:52.0214 1308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:52.0260 1308 WudfPf - ok
12:45:52.0277 1308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:52.0301 1308 WUDFRd - ok
12:45:52.0315 1308 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:52.0334 1308 wudfsvc - ok
12:45:52.0348 1308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:52.0368 1308 WwanSvc - ok
12:45:52.0385 1308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:45:52.0501 1308 \Device\Harddisk2\DR2 - ok
12:45:52.0956 1308 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
12:45:53.0022 1308 \Device\Harddisk0\DR0 - ok
12:45:53.0042 1308 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
12:45:53.0382 1308 \Device\Harddisk1\DR1 - ok
12:45:53.0383 1308 Boot (0x1200) (ac04833c01c350a1d5972178f63e43ae) \Device\Harddisk2\DR2\Partition0
12:45:53.0384 1308 \Device\Harddisk2\DR2\Partition0 - ok
12:45:53.0391 1308 Boot (0x1200) (ff7c5acbf69870786d73eccc8364504a) \Device\Harddisk2\DR2\Partition1
12:45:53.0402 1308 \Device\Harddisk2\DR2\Partition1 - ok
12:45:53.0403 1308 Boot (0x1200) (1c9cefb2744d4da295bbb5f4770d5a44) \Device\Harddisk0\DR0\Partition0
12:45:53.0404 1308 \Device\Harddisk0\DR0\Partition0 - ok
12:45:53.0405 1308 Boot (0x1200) (585bb177ed138833c9c263e8365b78f9) \Device\Harddisk1\DR1\Partition0
12:45:53.0406 1308 \Device\Harddisk1\DR1\Partition0 - ok
12:45:53.0406 1308 ============================================================
12:45:53.0406 1308 Scan finished
12:45:53.0406 1308 ============================================================
12:45:53.0410 3296 Detected object count: 7
12:45:53.0411 3296 Actual detected object count: 7
12:46:47.0764 3296 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0764 3296 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0765 3296 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0765 3296 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0767 3296 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0767 3296 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0768 3296 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0768 3296 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0770 3296 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0770 3296 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0771 3296 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0771 3296 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:47.0772 3296 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:47.0772 3296 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:51:30.0708 5312 Deinitialize success




LOG RogueKiller
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Malcolm [Práva správce]
Mód: Kontrola -- Datum: 07/28/2012 12:55:05

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Malcolm\AppData\Local\{405f2825-468f-652f-8349-e686a78163c9}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\L --> FOUND
[ZeroAccess][FILE] n : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\n --> FOUND
[ZeroAccess][FILE] @ : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\L --> FOUND

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
set realmlist narnias.gamers.cz
set patchlist eu.version.worldofwarcraft.com
set realmlistbn ""
set portal eu


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500AACS-00D6B1 ATA Device +++++
--- User ---
[MBR] 537dc89f6b978757fe5dae3aba600782
[BSP] c821dde5924e8ea684e817c5137952be : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00B3A0 ATA Device +++++
--- User ---
[MBR] 1b44e963b3bab561ef5a2d33aa4a6623
[BSP] 7a031bc57413b9d902cc5521f5ba7f58 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD10 EALX-009BA0 SCSI Disk Device +++++
--- User ---
[MBR] 258147794a0d53e9b90eb4889adaadd6
[BSP] 235b7117f93bd1b35723b94f0e220aba : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

LOG 1

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Malcolm [Práva správce]
Mód: Odebrat -- Datum: 07/28/2012 13:04:31

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Malcolm\AppData\Local\{405f2825-468f-652f-8349-e686a78163c9}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000001.@ : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{405f2825-468f-652f-8349-e686a78163c9}\L --> REMOVED
[ZeroAccess][FILE] n : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\malcolm\appdata\local\{405f2825-468f-652f-8349-e686a78163c9}\L --> REMOVED

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
set realmlist narnias.gamers.cz
set patchlist eu.version.worldofwarcraft.com
set realmlistbn ""
set portal eu


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500AACS-00D6B1 ATA Device +++++
--- User ---
[MBR] 537dc89f6b978757fe5dae3aba600782
[BSP] c821dde5924e8ea684e817c5137952be : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00B3A0 ATA Device +++++
--- User ---
[MBR] 1b44e963b3bab561ef5a2d33aa4a6623
[BSP] 7a031bc57413b9d902cc5521f5ba7f58 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD10 EALX-009BA0 SCSI Disk Device +++++
--- User ---
[MBR] 258147794a0d53e9b90eb4889adaadd6
[BSP] 235b7117f93bd1b35723b94f0e220aba : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt




LOG 2
ogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Malcolm [Práva správce]
Mód: Oprava HOSTS -- Datum: 07/28/2012 13:05:30

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Uz se nam to pomalu cisti

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-07-27.03 - Malcolm 28.07.2012 13:21:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8169.5829 [GMT 2:00]
Spuštěný z: c:\users\Malcolm\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET\MiNODLogin
c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.jar
c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files (x86)\ESET\MiNODLogin\servidores.xml
c:\users\Malcolm\AppData\Local\{405f2825-468f-652f-8349-e686a78163c9}
c:\users\Malcolm\AppData\Local\{405f2825-468f-652f-8349-e686a78163c9}\n
c:\users\Malcolm\AppData\Roaming\vso_ts_preview.xml
c:\users\Malcolm\Documents\00000001.TMP
c:\users\Malcolm\Documents\iexplore.exe
c:\windows\Installer\{405f2825-468f-652f-8349-e686a78163c9}
c:\windows\Installer\{405f2825-468f-652f-8349-e686a78163c9}\@
c:\windows\settings.reg
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 11:25 . 2012-07-28 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 10:11 . 2012-07-28 10:11 -------- d-----w- C:\rsit
2012-07-28 10:11 . 2012-07-28 10:11 -------- d-----w- c:\program files\trend micro
2012-07-28 10:01 . 2012-07-28 10:01 -------- d-----w- c:\program files\CCleaner
2012-07-24 15:46 . 2012-07-24 15:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-21 19:22 . 2012-07-22 00:07 -------- d-----w- c:\program files (x86)\TERA
2012-07-21 19:22 . 2012-07-21 20:15 -------- d-----w- c:\users\Malcolm\AppData\Local\TERA
2012-07-14 14:45 . 2012-07-14 14:45 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-14 14:40 . 2012-07-14 14:40 -------- d-----w- c:\windows\Sun
2012-07-14 13:20 . 2012-07-14 13:34 -------- d-----w- c:\users\Public\Games
2012-07-14 13:19 . 2012-07-14 13:19 -------- d-----w- c:\programdata\Blizzard
2012-07-14 13:12 . 2012-07-14 13:12 -------- d-----w- c:\users\Malcolm\AppData\Roaming\PowerISO
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\users\Malcolm\AppData\Local\AVG Secure Search
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-14 13:08 . 2012-07-25 14:16 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-14 13:07 . 2012-07-14 13:08 -------- d-----w- c:\program files (x86)\PowerISO
2012-07-14 13:07 . 2012-04-19 03:57 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-14 12:53 . 2012-07-14 13:57 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-14 12:53 . 2012-07-14 13:20 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-07-12 12:27 . 2012-07-12 12:27 -------- d-----w- c:\programdata\ATI
2012-07-12 12:27 . 2012-07-12 12:27 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-11 13:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 13:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-01 17:02 . 2012-07-01 17:09 -------- d-----w- c:\program files (x86)\Drakensang - The River of Time
2012-07-01 16:58 . 2012-07-01 16:58 -------- d-----w- c:\users\Malcolm\AppData\Local\Two Worlds II
2012-06-30 19:40 . 2012-06-30 19:40 -------- d-sh--w- c:\programdata\DSS
2012-06-30 19:35 . 2012-06-30 19:35 -------- d-----w- c:\users\Malcolm\AppData\Roaming\Lionhead Studios
2012-06-30 19:24 . 2011-05-17 19:42 446976 ----a-r- c:\program files (x86)\Microsoft Games\Fable III\paul.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:21 . 2012-04-08 08:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:21 . 2008-01-01 12:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:09 . 2011-08-14 22:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-07-27 12:26 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F6BBE5-9600-4E39-83DB-C7FEC1139F0F}\mpengine.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-10-17 02:06 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-03-09 04:55 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-11-10 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-03-09 04:40 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-10-17 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-11-10 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-25 15:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 15:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 15:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 15:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 15:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 15:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 15:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 15:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 15:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 12:09 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 12:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 09:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 09:10 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:10 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 09:10 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-13 1242448]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-16 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]
"CTSysVol"="c:\program files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ALSysIO;ALSysIO;c:\users\Malcolm\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-20 79360]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-11 270912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-14 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 P1764;Sound Blaster Audigy;c:\windows\system32\drivers\P1764.sys [2005-07-07 1579008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b89ce8f-c45c-11e0-98e7-f46d04979e1d}]
\shell\AutoRun\command - H:\Installer.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 03:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={50796532-068E-4D48-85A6-D2C1EED37C75}&mid=d9f218e7b91a47d08b3ad16fc5f7e116-11f82656875f65a9b617473f7bf06bedfcd87d69&lang=cs&ds=st011&pr=sa&d=2012-07-14 15:08&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9fbd5901-b8d4-4130-bc1a-60324ba0edbd%7D&mid=d9f218e7b91a47d08b3ad16fc5f7e116-11f82656875f65a9b617473f7bf06bedfcd87d69&ds=st011&v=11.1.0.12&lang=cs&pr=sa&d=2012-07-14%2015%3A08%3A03&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
AddRemove-MiNODLogin - c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-355314947-142275837-2884409228-1000\Software\SecuROM\License information*]
"datasecu"=hex:f1,68,63,45,29,88,b4,4c,95,23,c7,f5,ac,a6,43,d2,a4,3f,8c,4c,10,
76,65,c1,71,a4,d9,98,32,c1,47,80,df,75,a0,88,0c,56,89,99,13,78,90,49,89,92,\
"rkeysecu"=hex:b5,01,33,48,3a,42,42,e4,48,af,74,29,2a,3a,7e,47
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2012-07-28 13:35:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-28 11:35
.
Před spuštěním: Volných bajtů: 136 474 320 896
Po spuštění: Volných bajtů: 136 362 348 544
.
- - End Of File - - DFFA5AC5B2008F45CA28157BEA7D86ED

Nelegalni ESET pujde pak na konci leceni tez pryc - dle pravidel fora se tu nelegalnim bezp. SW nezabyvame a pomoc odmitame

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  C:\Program Files (x86)\DAEMON Tools Toolbar
  C:\Program Files (x86)\AVG Secure Search
  C:\Windows\system32\%APPDATA%
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Steam"=-
  "OfficeSyncProcess"=-
  "ICQ"=-
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "BCU"=-
  "WinampAgent"=-
  "SunJavaUpdateSched"=-
  "PWRISOVM.EXE"=-
  [-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b89ce8f-c45c-11e0-98e7-f46d04979e1d}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
  "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
  "{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
  
  File::
  C:\Windows\tasks\AutoKMS.job
  c:\windows\Tasks\Adobe Flash Player Updater.job
  C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\searchplugins\daemon-search.xml
  C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
  C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\extensions\DTToolbar@toolbarnet.com
  
  DDS::
  uStart Page = hxxp://isearch.avg.com/?cid={50796532-068E-4D48-85A6-D2C1EED37C75}&mid=d9f218e7b91a47d08b3ad16fc5f7e116-11f82656875f65a9b617473f7bf06bedfcd87d69&lang=cs&ds=st011&pr=sa&d=2012-07-14 15:08&v=11.1.0.12&sap=hp
  
  Firefox::
  FF - ProfilePath - c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\
  FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9f ... &sap=ku&q=
  FF - prefs.js: network.proxy.type - 0
  
  RegNull::
  [HKEY_USERS\S-1-5-21-355314947-142275837-2884409228-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-07-27.03 - Malcolm 28.07.2012 14:00:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8169.4482 [GMT 2:00]
Spuštěný z: c:\users\Malcolm\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Malcolm\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml"
"c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\extensions\DTToolbar@toolbarnet.com"
"c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\searchplugins\daemon-search.xml"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\DAEMON Tools Toolbar
c:\program files (x86)\DAEMON Tools Toolbar\_DTLite.xml
c:\program files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
c:\program files (x86)\DAEMON Tools Toolbar\Resources\about.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ARA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\as.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\as.png
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_audio.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\az.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AZE.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\b1.png
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\cal.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\d.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\DEU.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ENG.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\faq.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\fb.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\features.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\FRA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\help.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\CHS.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\CHT.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ITA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\JPN.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\KOR.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\m.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\manual.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\map.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\op.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RUS.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\show.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\soft24.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\soft24_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\StartPage.jpg
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\style.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\u.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\UKR.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\searchplugins\daemon-search.xml
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 12:05 . 2012-07-28 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 10:11 . 2012-07-28 10:11 -------- d-----w- C:\rsit
2012-07-28 10:11 . 2012-07-28 10:11 -------- d-----w- c:\program files\trend micro
2012-07-28 10:01 . 2012-07-28 10:01 -------- d-----w- c:\program files\CCleaner
2012-07-27 12:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F6BBE5-9600-4E39-83DB-C7FEC1139F0F}\mpengine.dll
2012-07-24 15:46 . 2012-07-24 15:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-21 19:22 . 2012-07-22 00:07 -------- d-----w- c:\program files (x86)\TERA
2012-07-21 19:22 . 2012-07-21 20:15 -------- d-----w- c:\users\Malcolm\AppData\Local\TERA
2012-07-14 14:45 . 2012-07-14 14:45 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-14 14:40 . 2012-07-14 14:40 -------- d-----w- c:\windows\Sun
2012-07-14 13:20 . 2012-07-14 13:34 -------- d-----w- c:\users\Public\Games
2012-07-14 13:19 . 2012-07-14 13:19 -------- d-----w- c:\programdata\Blizzard
2012-07-14 13:12 . 2012-07-14 13:12 -------- d-----w- c:\users\Malcolm\AppData\Roaming\PowerISO
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\users\Malcolm\AppData\Local\AVG Secure Search
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-14 13:08 . 2012-07-14 13:08 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-14 13:07 . 2012-07-14 13:08 -------- d-----w- c:\program files (x86)\PowerISO
2012-07-14 13:07 . 2012-04-19 03:57 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-14 12:53 . 2012-07-14 13:57 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-14 12:53 . 2012-07-14 13:20 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-07-12 12:27 . 2012-07-12 12:27 -------- d-----w- c:\programdata\ATI
2012-07-12 12:27 . 2012-07-12 12:27 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-11 13:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 13:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-01 17:02 . 2012-07-01 17:09 -------- d-----w- c:\program files (x86)\Drakensang - The River of Time
2012-07-01 16:58 . 2012-07-01 16:58 -------- d-----w- c:\users\Malcolm\AppData\Local\Two Worlds II
2012-06-30 19:40 . 2012-06-30 19:40 -------- d-sh--w- c:\programdata\DSS
2012-06-30 19:35 . 2012-06-30 19:35 -------- d-----w- c:\users\Malcolm\AppData\Roaming\Lionhead Studios
2012-06-30 19:24 . 2011-05-17 19:42 446976 ----a-r- c:\program files (x86)\Microsoft Games\Fable III\paul.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:21 . 2012-04-08 08:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:21 . 2008-01-01 12:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:09 . 2011-08-14 22:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-10-17 02:06 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-03-09 04:55 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-11-10 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-03-09 04:40 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-10-17 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-11-10 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-25 15:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 15:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 15:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 15:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 15:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 15:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 15:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 15:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 15:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 12:09 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 12:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 09:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 09:10 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:10 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 09:10 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_11.29.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-28 11:27 . 2012-07-28 11:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 12:06 . 2012-07-28 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-28 11:27 . 2012-07-28 11:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 12:06 . 2012-07-28 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-28 12:05 393920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-28 11:26 393920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-05 21:14 . 2012-07-28 11:26 2491480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-05 21:14 . 2012-07-28 12:05 2491480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-11 20:47 . 2012-07-28 12:05 66666332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-355314947-142275837-2884409228-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"CTSysVol"="c:\program files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ALSysIO;ALSysIO;c:\users\Malcolm\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-20 79360]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-11 270912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-14 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 P1764;Sound Blaster Audigy;c:\windows\system32\drivers\P1764.sys [2005-07-07 1579008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\daaekwv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2012-07-28 14:12:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-28 12:12
ComboFix2.txt 2012-07-28 11:35
.
Před spuštěním: Volných bajtů: 136 799 522 816
Po spuštění: Volných bajtů: 136 485 675 008
.
- - End Of File - - 22FC522ED9BB971066B9449E6AC2A7C2

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "BCU"=-
  
  :files
  c:\windows\system32\%APPDATA%
  c:\users\Malcolm\AppData\Local\AVG Secure Search
  c:\programdata\AVG Secure Search
  c:\program files (x86)\Common Files\AVG Secure Search
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\%APPDATA% not found.
c:\users\Malcolm\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
c:\users\Malcolm\AppData\Local\AVG Secure Search folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\modules\skin folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\modules folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\locale\en-US folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\locale folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\components folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12\chrome folder moved successfully.
c:\programdata\AVG Secure Search\11.1.0.12 folder moved successfully.
c:\programdata\AVG Secure Search folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\11.2.0 folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
c:\program files (x86)\Common Files\AVG Secure Search folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder moved successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Malcolm
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 2054255 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 146675488 bytes
->Flash cache emptied: 831 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2859 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33758 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 642 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 47755423 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 187,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Malcolm
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Malcolm
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 07282012_143935

Files moved on Reboot...
C:\Users\Malcolm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Jak se chova PC

Hlášky, zmizely. Výkon a neobvyklé chování nedokážu posoudit, i s těmi hláškami se choval jako vždy.

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate

• http://download.mcafee.com/products/lic ... s/MCPR.exe
• http://download.eset.com/special/ESETUninstaller.exe navod zde http://www.viry.cz/forum/viewtopic.php?p=889437#p889437

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Nainstalujte free zabezpeceni - doporucuji Avast Free http://www.avast.com/cs-cz/free-antivirus-download

Poprosim o novy log z RSIT