Trojan Generic. 11

[mutycz]

Zdravim,
bohužel se opět vyskytl problém u jednoho PC - AVG během dneska dvakrat chytlo trojana PSW.Generic11.TLG vždycky v TEMPu

Tady je vypis z nalezu rezidentniho stitu
Nálezy Rezidentního štítu
"Infekce";"Objekt";"Výsledek";"Čas nálezu";"Typ objektu";"Proces"
"Trojský kůň PSW.Generic11.TLG";"c:\Users\judr.ACCONTESBRNO\AppData\Local\temp\BB18.tmp.exe";"Objekt je nedostupný.";"27.5.2013, 13:32:15";"Soubor";"C:\Windows\System32\svchost.exe"
"Trojský kůň PSW.Generic11.TLG";"c:\Users\judr.ACCONTESBRNO\AppData\Local\temp\2A62.tmp.exe";"Objekt je nedostupný.";"27.5.2013, 10:31:25";"Soubor";"C:\Windows\System32\svchost.exe"

Přidávám log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-05-27 19:06:17
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:28, on 27.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Users\judr.ACCONTESBRNO\Downloads\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [gemstrmw] C:\Windows\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-1616587249-3722754679-407430079-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1616587249-3722754679-407430079-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1942028738-3123094729-2533903162-1106\..\Run: [APC] C:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc\sagiagee.exe (User 'judr')
O4 - S-1-5-21-1942028738-3123094729-2533903162-1106 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'judr')
O4 - S-1-5-21-1942028738-3123094729-2533903162-1106 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'judr')
O4 - Global Startup: APC UPS Status.lnk = D:\Program Files\APC\PowerChute Personal Edition\Display.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accontesbrno.net
O17 - HKLM\Software\..\Telephony: DomainName = accontesbrno.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FAB7261-615B-478A-86D7-0D0213979C95}: NameServer = 192.168.2.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accontesbrno.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FAB7261-615B-478A-86D7-0D0213979C95}: NameServer = 192.168.2.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accontesbrno.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FAB7261-615B-478A-86D7-0D0213979C95}: NameServer = 192.168.2.150
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: APC Data Service - Schneider Electric - D:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - D:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7671 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files\AVG\AVG2012\avgdtiex.dll [2012-10-15 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-12-13 135536]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-04-12 222776]
"gemstrmw"=C:\Windows\system32\gemstrmw.exe [2003-08-29 24576]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2013-05-15 2255184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe [2010-11-20 1174016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - D:\Program Files\APC\PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-05-24 23:18:55 ----D---- C:\Windows\temp
2013-05-24 23:18:51 ----A---- C:\ComboFix.txt
2013-05-24 23:17:00 ----SHD---- C:\$RECYCLE.BIN
2013-05-24 23:05:43 ----ASH---- C:\pagefile.sys
2013-05-24 22:08:10 ----D---- C:\Users\Administrator.ACCONTESBRNO\AppData\Roaming\Adobe
2013-05-24 21:41:22 ----A---- C:\Windows\zip.exe
2013-05-24 21:41:22 ----A---- C:\Windows\SWSC.exe
2013-05-24 21:41:22 ----A---- C:\Windows\SWREG.exe
2013-05-24 21:41:22 ----A---- C:\Windows\sed.exe
2013-05-24 21:41:22 ----A---- C:\Windows\PEV.exe
2013-05-24 21:41:22 ----A---- C:\Windows\NIRCMD.exe
2013-05-24 21:41:22 ----A---- C:\Windows\MBR.exe
2013-05-24 21:41:22 ----A---- C:\Windows\grep.exe
2013-05-24 21:41:01 ----D---- C:\Qoobox
2013-05-24 21:40:45 ----D---- C:\Windows\erdnt
2013-05-24 18:12:52 ----D---- C:\Program Files\ESET
2013-05-24 18:07:30 ----D---- C:\Program Files\trend micro
2013-05-24 18:07:29 ----D---- C:\rsit
2013-05-23 10:57:46 ----D---- C:\Program Files\LogMeIn Hamachi
2013-05-17 14:41:11 ----D---- C:\Program Files\Common Files\Java
2013-05-17 12:04:57 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-05-17 12:04:57 ----A---- C:\Windows\system32\javaw.exe
2013-05-17 12:04:57 ----A---- C:\Windows\system32\java.exe
2013-05-16 04:05:30 ----D---- C:\Windows\rescache
2013-05-16 03:07:57 ----A---- C:\Windows\system32\jscript9.dll
2013-05-16 03:07:57 ----A---- C:\Windows\system32\jscript.dll
2013-05-16 03:07:55 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-16 03:07:55 ----A---- C:\Windows\system32\iesetup.dll
2013-05-16 03:07:54 ----A---- C:\Windows\system32\ieui.dll
2013-05-16 03:07:53 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-16 03:07:53 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-16 03:07:53 ----A---- C:\Windows\system32\iernonce.dll
2013-05-16 03:07:53 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-16 03:07:52 ----A---- C:\Windows\system32\urlmon.dll
2013-05-16 03:07:52 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-16 03:07:51 ----A---- C:\Windows\system32\iertutil.dll
2013-05-16 03:07:47 ----A---- C:\Windows\system32\wininet.dll
2013-05-16 03:07:45 ----A---- C:\Windows\system32\ieframe.dll
2013-05-16 03:07:38 ----A---- C:\Windows\system32\mshtml.dll
2013-05-16 00:08:05 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-16 00:08:05 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-16 00:08:04 ----A---- C:\Windows\system32\win32k.sys
2013-05-16 00:07:58 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-16 00:07:58 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-16 00:07:51 ----A---- C:\Windows\system32\shell32.dll
2013-05-16 00:07:50 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-16 00:07:50 ----A---- C:\Windows\system32\consent.exe
2013-05-16 00:07:50 ----A---- C:\Windows\system32\authui.dll
2013-05-16 00:07:50 ----A---- C:\Windows\system32\appinfo.dll
2013-05-06 13:46:40 ----D---- C:\RSAV

======List of files/folders modified in the last 1 month======

2013-05-27 19:06:28 ----D---- C:\Windows\Prefetch
2013-05-27 18:21:18 ----D---- C:\Windows\system32\config
2013-05-27 11:34:02 ----D---- C:\Windows\system32\drivers\AVG
2013-05-27 00:00:30 ----SHD---- C:\System Volume Information
2013-05-26 07:36:57 ----SHD---- C:\Windows\Installer
2013-05-24 23:22:45 ----D---- C:\Windows\System32
2013-05-24 23:18:58 ----D---- C:\Windows\system32\drivers
2013-05-24 23:18:55 ----D---- C:\Windows
2013-05-24 23:14:07 ----A---- C:\Windows\system.ini
2013-05-24 23:13:55 ----D---- C:\Windows\system32\drivers\etc
2013-05-24 23:05:51 ----D---- C:\ProgramData\NVIDIA
2013-05-24 23:05:05 ----A---- C:\Windows\system32\PCPELog.txt
2013-05-24 22:57:42 ----D---- C:\Windows\AppPatch
2013-05-24 22:57:38 ----D---- C:\Program Files\Common Files
2013-05-24 18:12:54 ----D---- C:\Windows\Downloaded Program Files
2013-05-24 18:12:52 ----RD---- C:\Program Files
2013-05-17 12:04:57 ----D---- C:\Program Files\Java
2013-05-16 03:40:40 ----D---- C:\Windows\Microsoft.NET
2013-05-16 03:39:51 ----RSD---- C:\Windows\assembly
2013-05-16 03:29:21 ----D---- C:\Windows\winsxs
2013-05-16 03:26:05 ----D---- C:\Program Files\Internet Explorer
2013-05-16 03:26:03 ----D---- C:\Windows\system32\cs-CZ
2013-05-16 03:08:28 ----D---- C:\Windows\system32\catroot
2013-05-16 03:08:24 ----D---- C:\Windows\system32\catroot2
2013-05-16 03:04:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-16 03:03:59 ----D---- C:\Windows\inf
2013-05-15 17:43:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-15 09:23:47 ----D---- C:\ProgramData\MFAData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7800832]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-25 245760]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-19 20992]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2010-12-13 30576]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2012-09-26 17408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7800832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\ADMINI~2.ACC\AppData\Local\Temp\catchme.sys []
S3 GemCCID;GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 mbr;mbr; \??\C:\Users\ADMINI~2.ACC\AppData\Local\Temp\mbr.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-25 176128]
R2 APC Data Service;APC Data Service; D:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; D:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 1435984]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2012-09-27 100256]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-12-13 135536]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 615528]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-05 1343400]

-----------------EOF-----------------


Děkuji za pomoc.

[mutycz]

Jedná se o stejný PC. PC je využiván i pro práci.

[mutycz]

Prvni log

19:33:38.0092 1760 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:33:38.0357 1760 ============================================================
19:33:38.0357 1760 Current date / time: 2013/05/27 19:33:38.0357
19:33:38.0357 1760 SystemInfo:
19:33:38.0357 1760
19:33:38.0357 1760 OS Version: 6.1.7601 ServicePack: 1.0
19:33:38.0357 1760 Product type: Workstation
19:33:38.0357 1760 ComputerName: JUDR
19:33:38.0357 1760 UserName: Administrator
19:33:38.0357 1760 Windows directory: C:\Windows
19:33:38.0357 1760 System windows directory: C:\Windows
19:33:38.0357 1760 Processor architecture: Intel x86
19:33:38.0357 1760 Number of processors: 4
19:33:38.0357 1760 Page size: 0x1000
19:33:38.0357 1760 Boot type: Normal boot
19:33:38.0357 1760 ============================================================
19:33:40.0373 1760 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:33:40.0435 1760 ============================================================
19:33:40.0435 1760 \Device\Harddisk0\DR0:
19:33:40.0466 1760 MBR partitions:
19:33:40.0466 1760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:33:40.0466 1760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4AF3000
19:33:40.0466 1760 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4B25800, BlocksNum 0x1869F800
19:33:40.0466 1760 ============================================================
19:33:40.0482 1760 C: <-> \Device\Harddisk0\DR0\Partition2
19:33:40.0513 1760 D: <-> \Device\Harddisk0\DR0\Partition3
19:33:40.0513 1760 ============================================================
19:33:40.0513 1760 Initialize success
19:33:40.0513 1760 ============================================================
19:34:12.0962 9388 ============================================================
19:34:12.0962 9388 Scan started
19:34:12.0962 9388 Mode: Manual; SigCheck; TDLFS;
19:34:12.0962 9388 ============================================================
19:34:14.0978 9388 ================ Scan system memory ========================
19:34:14.0978 9388 System memory - ok
19:34:14.0978 9388 ================ Scan services =============================
19:34:15.0150 9388 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:34:15.0603 9388 1394ohci - ok
19:34:15.0665 9388 [ 42FAEEF297D64C132862266418DBEF7F ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
19:34:15.0759 9388 602XML Updater - ok
19:34:15.0946 9388 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:34:16.0025 9388 ACPI - ok
19:34:16.0103 9388 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:34:16.0212 9388 AcpiPmi - ok
19:34:16.0290 9388 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:16.0321 9388 AdobeARMservice - ok
19:34:16.0415 9388 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:16.0446 9388 AdobeFlashPlayerUpdateSvc - ok
19:34:16.0493 9388 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:34:16.0556 9388 adp94xx - ok
19:34:16.0587 9388 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:34:16.0634 9388 adpahci - ok
19:34:16.0665 9388 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:34:16.0696 9388 adpu320 - ok
19:34:16.0743 9388 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:34:16.0853 9388 AeLookupSvc - ok
19:34:16.0915 9388 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:34:16.0993 9388 AFD - ok
19:34:17.0040 9388 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:34:17.0071 9388 agp440 - ok
19:34:17.0118 9388 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:34:17.0149 9388 aic78xx - ok
19:34:17.0181 9388 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:34:17.0243 9388 ALG - ok
19:34:17.0274 9388 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:34:17.0306 9388 aliide - ok
19:34:17.0353 9388 [ D16B67B26A1096EDF8B57D03513ECFA7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:34:17.0462 9388 AMD External Events Utility - ok
19:34:17.0493 9388 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:34:17.0540 9388 amdagp - ok
19:34:17.0556 9388 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:34:17.0603 9388 amdide - ok
19:34:17.0618 9388 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:34:17.0681 9388 AmdK8 - ok
19:34:17.0899 9388 [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:18.0243 9388 amdkmdag - ok
19:34:18.0290 9388 [ 60643C3ABE28015269A62EB3DD4A49F4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:34:18.0368 9388 amdkmdap - ok
19:34:18.0415 9388 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:34:18.0477 9388 AmdPPM - ok
19:34:18.0540 9388 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:34:18.0571 9388 amdsata - ok
19:34:18.0602 9388 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:34:18.0649 9388 amdsbs - ok
19:34:18.0681 9388 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:34:18.0712 9388 amdxata - ok
19:34:18.0774 9388 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service D:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
19:34:18.0821 9388 APC Data Service - ok
19:34:18.0884 9388 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service D:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
19:34:18.0946 9388 APC UPS Service - ok
19:34:19.0009 9388 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:34:19.0149 9388 AppID - ok
19:34:19.0180 9388 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:34:19.0290 9388 AppIDSvc - ok
19:34:19.0337 9388 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:34:19.0446 9388 Appinfo - ok
19:34:19.0493 9388 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:34:19.0571 9388 AppMgmt - ok
19:34:19.0587 9388 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:34:19.0634 9388 arc - ok
19:34:19.0665 9388 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:34:19.0696 9388 arcsas - ok
19:34:19.0727 9388 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:19.0852 9388 AsyncMac - ok
19:34:19.0899 9388 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:34:19.0930 9388 atapi - ok
19:34:20.0024 9388 [ 45FE74599FBA4070E7C7DAC928896474 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
19:34:20.0071 9388 AtiHDAudioService - ok
19:34:20.0258 9388 [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:20.0508 9388 atikmdag - ok
19:34:20.0555 9388 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:20.0665 9388 AudioEndpointBuilder - ok
19:34:20.0712 9388 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:34:20.0790 9388 Audiosrv - ok
19:34:20.0852 9388 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
19:34:20.0899 9388 AVGIDSHX - ok
19:34:20.0977 9388 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
19:34:21.0024 9388 Avgldx86 - ok
19:34:21.0086 9388 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
19:34:21.0118 9388 Avgmfx86 - ok
19:34:21.0180 9388 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
19:34:21.0211 9388 Avgrkx86 - ok
19:34:21.0274 9388 [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
19:34:21.0321 9388 Avgtdix - ok
19:34:21.0399 9388 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:34:21.0430 9388 avgwd - ok
19:34:21.0493 9388 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:34:21.0571 9388 AxInstSV - ok
19:34:21.0618 9388 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:34:21.0680 9388 b06bdrv - ok
19:34:21.0727 9388 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:34:21.0774 9388 b57nd60x - ok
19:34:21.0821 9388 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:34:21.0914 9388 BDESVC - ok
19:34:21.0930 9388 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:34:22.0024 9388 Beep - ok
19:34:22.0086 9388 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:34:22.0180 9388 BFE - ok
19:34:22.0227 9388 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:34:22.0321 9388 BITS - ok
19:34:22.0352 9388 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:34:22.0414 9388 blbdrive - ok
19:34:22.0446 9388 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:34:22.0508 9388 bowser - ok
19:34:22.0539 9388 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:34:22.0618 9388 BrFiltLo - ok
19:34:22.0649 9388 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:34:22.0711 9388 BrFiltUp - ok
19:34:22.0743 9388 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:34:22.0836 9388 BridgeMP - ok
19:34:22.0883 9388 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:34:22.0946 9388 Browser - ok
19:34:22.0992 9388 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:34:23.0071 9388 Brserid - ok
19:34:23.0102 9388 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:23.0149 9388 BrSerWdm - ok
19:34:23.0164 9388 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:23.0227 9388 BrUsbMdm - ok
19:34:23.0258 9388 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:23.0321 9388 BrUsbSer - ok
19:34:23.0336 9388 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:34:23.0383 9388 BTHMODEM - ok
19:34:23.0430 9388 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:34:23.0524 9388 bthserv - ok
19:34:23.0633 9388 catchme - ok
19:34:23.0664 9388 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:34:23.0742 9388 cdfs - ok
19:34:23.0789 9388 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:34:23.0836 9388 cdrom - ok
19:34:23.0883 9388 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:34:23.0961 9388 CertPropSvc - ok
19:34:23.0992 9388 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:34:24.0039 9388 circlass - ok
19:34:24.0086 9388 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:34:24.0117 9388 CLFS - ok
19:34:24.0180 9388 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:24.0211 9388 clr_optimization_v2.0.50727_32 - ok
19:34:24.0305 9388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:24.0430 9388 clr_optimization_v4.0.30319_32 - ok
19:34:24.0461 9388 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:34:24.0805 9388 CmBatt - ok
19:34:24.0820 9388 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:34:24.0867 9388 cmdide - ok
19:34:24.0914 9388 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:34:24.0977 9388 CNG - ok
19:34:25.0039 9388 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:34:25.0070 9388 Compbatt - ok
19:34:25.0086 9388 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:34:25.0352 9388 CompositeBus - ok
19:34:25.0398 9388 COMSysApp - ok
19:34:25.0477 9388 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:34:25.0508 9388 crcdisk - ok
19:34:25.0570 9388 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:34:25.0664 9388 CryptSvc - ok
19:34:25.0711 9388 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:34:25.0852 9388 CSC - ok
19:34:25.0898 9388 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:34:25.0976 9388 CscService - ok
19:34:26.0039 9388 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:34:26.0133 9388 DcomLaunch - ok
19:34:26.0180 9388 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:34:26.0258 9388 defragsvc - ok
19:34:26.0305 9388 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:34:26.0383 9388 DfsC - ok
19:34:26.0445 9388 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:34:26.0523 9388 Dhcp - ok
19:34:26.0539 9388 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:34:26.0633 9388 discache - ok
19:34:26.0664 9388 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:34:26.0711 9388 Disk - ok
19:34:26.0742 9388 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:34:26.0820 9388 Dnscache - ok
19:34:26.0867 9388 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:34:26.0961 9388 dot3svc - ok
19:34:26.0992 9388 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:34:27.0086 9388 DPS - ok
19:34:27.0101 9388 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:34:27.0164 9388 drmkaud - ok
19:34:27.0211 9388 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:34:27.0289 9388 DXGKrnl - ok
19:34:27.0320 9388 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:34:27.0398 9388 EapHost - ok
19:34:27.0492 9388 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:34:27.0664 9388 ebdrv - ok
19:34:27.0711 9388 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:34:27.0789 9388 EFS - ok
19:34:27.0851 9388 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:34:27.0961 9388 ehRecvr - ok
19:34:27.0992 9388 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:34:28.0039 9388 ehSched - ok
19:34:28.0086 9388 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:34:28.0148 9388 elxstor - ok
19:34:28.0179 9388 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:34:28.0242 9388 ErrDev - ok
19:34:28.0289 9388 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:34:28.0382 9388 EventSystem - ok
19:34:28.0414 9388 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:34:28.0507 9388 exfat - ok
19:34:28.0523 9388 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:34:28.0617 9388 fastfat - ok
19:34:28.0679 9388 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:34:28.0757 9388 Fax - ok
19:34:28.0773 9388 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:34:28.0836 9388 fdc - ok
19:34:28.0867 9388 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:34:28.0945 9388 fdPHost - ok
19:34:28.0976 9388 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:34:29.0070 9388 FDResPub - ok
19:34:29.0101 9388 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:34:29.0132 9388 FileInfo - ok
19:34:29.0164 9388 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:34:29.0242 9388 Filetrace - ok
19:34:29.0273 9388 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:34:29.0304 9388 flpydisk - ok
19:34:29.0335 9388 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:34:29.0382 9388 FltMgr - ok
19:34:29.0445 9388 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:34:29.0523 9388 FontCache - ok
19:34:29.0585 9388 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:34:29.0617 9388 FontCache3.0.0.0 - ok
19:34:29.0648 9388 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:34:29.0679 9388 FsDepends - ok
19:34:29.0726 9388 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:34:29.0773 9388 Fs_Rec - ok
19:34:29.0820 9388 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:34:29.0867 9388 fvevol - ok
19:34:29.0898 9388 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:34:29.0929 9388 gagp30kx - ok
19:34:29.0992 9388 [ 86D3D834D35EBE920D85FFEDCEF79FAF ] GemCCID C:\Windows\system32\Drivers\GemCCID.sys
19:34:30.0054 9388 GemCCID - ok
19:34:30.0117 9388 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:34:30.0226 9388 gpsvc - ok
19:34:30.0273 9388 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:34:30.0304 9388 hamachi - ok
19:34:30.0413 9388 [ FAC31204987B0BC037938DCEBFAAAE6F ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
19:34:30.0507 9388 Hamachi2Svc - ok
19:34:30.0538 9388 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:34:30.0601 9388 hcw85cir - ok
19:34:30.0663 9388 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:34:30.0726 9388 HdAudAddService - ok
19:34:30.0773 9388 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:34:30.0820 9388 HDAudBus - ok
19:34:30.0867 9388 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:34:30.0913 9388 HidBatt - ok
19:34:30.0945 9388 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:34:30.0992 9388 HidBth - ok
19:34:31.0023 9388 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:34:31.0085 9388 HidIr - ok
19:34:31.0132 9388 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:34:31.0210 9388 hidserv - ok
19:34:31.0273 9388 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:34:31.0304 9388 HidUsb - ok
19:34:31.0351 9388 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:34:31.0429 9388 hkmsvc - ok
19:34:31.0476 9388 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:34:31.0538 9388 HomeGroupListener - ok
19:34:31.0585 9388 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:34:31.0648 9388 HomeGroupProvider - ok
19:34:31.0695 9388 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:34:31.0741 9388 HpSAMD - ok
19:34:31.0788 9388 [ 29D484B97EA0E4BD0AE85E23A7656021 ] HPSIService C:\Windows\system32\HPSIsvc.exe
19:34:31.0820 9388 HPSIService - ok
19:34:31.0882 9388 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:34:31.0960 9388 HTTP - ok
19:34:31.0991 9388 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:34:32.0023 9388 hwpolicy - ok
19:34:32.0070 9388 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:34:32.0116 9388 i8042prt - ok
19:34:32.0163 9388 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:34:32.0210 9388 iaStorV - ok
19:34:32.0288 9388 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:34:32.0351 9388 idsvc - ok
19:34:32.0382 9388 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:34:32.0429 9388 iirsp - ok
19:34:32.0476 9388 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:34:32.0601 9388 IKEEXT - ok
19:34:32.0648 9388 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:34:32.0694 9388 intelide - ok
19:34:32.0741 9388 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:34:32.0788 9388 intelppm - ok
19:34:32.0835 9388 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:34:32.0913 9388 IPBusEnum - ok
19:34:32.0944 9388 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:33.0023 9388 IpFilterDriver - ok
19:34:33.0069 9388 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:34:33.0194 9388 iphlpsvc - ok
19:34:33.0241 9388 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:34:33.0288 9388 IPMIDRV - ok
19:34:33.0319 9388 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:34:33.0413 9388 IPNAT - ok
19:34:33.0444 9388 [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda C:\Windows\system32\DRIVERS\irda.sys
19:34:33.0522 9388 irda - ok
19:34:33.0554 9388 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:34:33.0616 9388 IRENUM - ok
19:34:33.0647 9388 [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon C:\Windows\System32\irmon.dll
19:34:33.0726 9388 Irmon - ok
19:34:33.0757 9388 [ 5896B5FF6332AB2BE1582523E9656A67 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
19:34:33.0819 9388 irsir - ok
19:34:33.0835 9388 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:34:33.0882 9388 isapnp - ok
19:34:33.0913 9388 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:34:33.0960 9388 iScsiPrt - ok
19:34:33.0991 9388 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:34:34.0038 9388 kbdclass - ok
19:34:34.0069 9388 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:34:34.0116 9388 kbdhid - ok
19:34:34.0147 9388 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:34:34.0179 9388 KeyIso - ok
19:34:34.0241 9388 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:34:34.0272 9388 KSecDD - ok
19:34:34.0319 9388 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:34:34.0366 9388 KSecPkg - ok
19:34:34.0397 9388 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:34:34.0491 9388 KtmRm - ok
19:34:34.0522 9388 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:34:34.0600 9388 LanmanServer - ok
19:34:34.0632 9388 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:34:34.0710 9388 LanmanWorkstation - ok
19:34:34.0772 9388 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:34:34.0850 9388 lltdio - ok
19:34:34.0897 9388 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:34:34.0991 9388 lltdsvc - ok
19:34:35.0022 9388 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:34:35.0116 9388 lmhosts - ok
19:34:35.0163 9388 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:34:35.0194 9388 LSI_FC - ok
19:34:35.0225 9388 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:34:35.0257 9388 LSI_SAS - ok
19:34:35.0303 9388 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:34:35.0335 9388 LSI_SAS2 - ok
19:34:35.0366 9388 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:34:35.0397 9388 LSI_SCSI - ok
19:34:35.0428 9388 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:34:35.0522 9388 luafv - ok
19:34:35.0569 9388 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:34:35.0616 9388 Mcx2Svc - ok
19:34:35.0647 9388 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:34:35.0678 9388 megasas - ok
19:34:35.0725 9388 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:34:35.0772 9388 MegaSR - ok
19:34:35.0803 9388 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:34:35.0897 9388 MMCSS - ok
19:34:35.0913 9388 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:34:36.0007 9388 Modem - ok
19:34:36.0053 9388 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:34:36.0100 9388 monitor - ok
19:34:36.0132 9388 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:34:36.0163 9388 mouclass - ok
19:34:36.0194 9388 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:34:36.0241 9388 mouhid - ok
19:34:36.0288 9388 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:34:36.0319 9388 mountmgr - ok
19:34:36.0366 9388 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:34:36.0413 9388 mpio - ok
19:34:36.0444 9388 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:34:36.0522 9388 mpsdrv - ok
19:34:36.0585 9388 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:34:36.0678 9388 MpsSvc - ok
19:34:36.0710 9388 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:34:36.0772 9388 MRxDAV - ok
19:34:36.0819 9388 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:36.0897 9388 mrxsmb - ok
19:34:36.0944 9388 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:36.0991 9388 mrxsmb10 - ok
19:34:37.0022 9388 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:37.0085 9388 mrxsmb20 - ok
19:34:37.0100 9388 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:34:37.0147 9388 msahci - ok
19:34:37.0241 9388 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:34:37.0272 9388 MSCamSvc - ok
19:34:37.0319 9388 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:34:37.0366 9388 msdsm - ok
19:34:37.0397 9388 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:34:37.0444 9388 MSDTC - ok
19:34:37.0506 9388 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:34:37.0584 9388 Msfs - ok
19:34:37.0600 9388 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:34:37.0694 9388 mshidkmdf - ok
19:34:37.0741 9388 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
19:34:37.0772 9388 MSHUSBVideo - ok
19:34:37.0819 9388 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:34:37.0850 9388 msisadrv - ok
19:34:37.0881 9388 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:34:37.0959 9388 MSiSCSI - ok
19:34:37.0975 9388 msiserver - ok
19:34:38.0022 9388 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:34:38.0100 9388 MSKSSRV - ok
19:34:38.0116 9388 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:38.0209 9388 MSPCLOCK - ok
19:34:38.0225 9388 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:34:38.0303 9388 MSPQM - ok
19:34:38.0334 9388 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:34:38.0366 9388 MsRPC - ok
19:34:38.0428 9388 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:34:38.0459 9388 mssmbios - ok
19:34:38.0506 9388 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:34:38.0569 9388 MSTEE - ok
19:34:38.0600 9388 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:34:38.0647 9388 MTConfig - ok
19:34:38.0678 9388 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:34:38.0709 9388 Mup - ok
19:34:38.0772 9388 [ BA574D2ECDDE374AE2BDFAC0BDA8AAD0 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
19:34:38.0834 9388 mvusbews - ok
19:34:38.0881 9388 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:34:38.0975 9388 napagent - ok
19:34:39.0022 9388 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:34:39.0069 9388 NativeWifiP - ok
19:34:39.0131 9388 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:34:39.0209 9388 NDIS - ok
19:34:39.0256 9388 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:34:39.0334 9388 NdisCap - ok
19:34:39.0381 9388 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:39.0459 9388 NdisTapi - ok
19:34:39.0490 9388 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:39.0569 9388 Ndisuio - ok
19:34:39.0615 9388 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:39.0709 9388 NdisWan - ok
19:34:39.0756 9388 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:34:39.0834 9388 NDProxy - ok
19:34:39.0881 9388 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:34:39.0897 9388 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:34:39.0897 9388 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:34:39.0928 9388 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:34:40.0022 9388 NetBIOS - ok
19:34:40.0069 9388 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:34:40.0147 9388 NetBT - ok
19:34:40.0178 9388 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:34:40.0209 9388 Netlogon - ok
19:34:40.0256 9388 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:34:40.0334 9388 Netman - ok
19:34:40.0365 9388 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:34:40.0475 9388 netprofm - ok
19:34:40.0506 9388 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:34:40.0537 9388 NetTcpPortSharing - ok
19:34:40.0584 9388 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:34:40.0615 9388 nfrd960 - ok
19:34:40.0647 9388 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:34:40.0897 9388 NlaSvc - ok
19:34:40.0928 9388 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:34:41.0006 9388 Npfs - ok
19:34:41.0037 9388 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:34:41.0115 9388 nsi - ok
19:34:41.0147 9388 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:34:41.0240 9388 nsiproxy - ok
19:34:41.0318 9388 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:34:41.0428 9388 Ntfs - ok
19:34:41.0459 9388 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:34:41.0553 9388 Null - ok
19:34:41.0615 9388 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
19:34:41.0678 9388 NVENETFD - ok
19:34:41.0740 9388 [ 0E616537F3E12D4C9FB71181C2F21BD5 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:34:41.0787 9388 NVHDA - ok
19:34:42.0053 9388 [ 847B1755F7757F825305A1FFE6DAC3E9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:34:42.0584 9388 nvlddmkm - ok
19:34:42.0631 9388 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:34:42.0678 9388 nvraid - ok
19:34:42.0724 9388 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:34:42.0756 9388 nvstor - ok
19:34:42.0818 9388 [ 7C732AFF202DCD06C3D262966D71604C ] nvsvc C:\Windows\system32\nvvsvc.exe
19:34:42.0865 9388 nvsvc - ok
19:34:42.0990 9388 [ 262D2FBF211A88DCB84249DF0F6EF6E7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:34:43.0099 9388 nvUpdatusService - ok
19:34:43.0131 9388 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:34:43.0178 9388 nv_agp - ok
19:34:43.0209 9388 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:34:43.0271 9388 ohci1394 - ok
19:34:43.0303 9388 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:34:43.0381 9388 p2pimsvc - ok
19:34:43.0412 9388 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:34:43.0474 9388 p2psvc - ok
19:34:43.0506 9388 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:34:43.0552 9388 Parport - ok
19:34:43.0599 9388 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:34:43.0631 9388 partmgr - ok
19:34:43.0662 9388 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:34:43.0693 9388 Parvdm - ok
19:34:43.0724 9388 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:34:43.0771 9388 PcaSvc - ok
19:34:43.0818 9388 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:34:43.0881 9388 pccsmcfd - ok
19:34:43.0896 9388 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:34:43.0943 9388 pci - ok
19:34:43.0990 9388 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:34:44.0021 9388 pciide - ok
19:34:44.0052 9388 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:34:44.0099 9388 pcmcia - ok
19:34:44.0131 9388 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:34:44.0162 9388 pcw - ok
19:34:44.0193 9388 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:34:44.0302 9388 PEAUTH - ok
19:34:44.0365 9388 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:34:44.0443 9388 PeerDistSvc - ok
19:34:44.0568 9388 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:34:44.0693 9388 pla - ok
19:34:44.0755 9388 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:34:44.0834 9388 PlugPlay - ok
19:34:44.0865 9388 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:34:44.0880 9388 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:34:44.0880 9388 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:34:44.0912 9388 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:34:44.0959 9388 PNRPAutoReg - ok
19:34:44.0990 9388 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:34:45.0037 9388 PNRPsvc - ok
19:34:45.0068 9388 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:34:45.0162 9388 PolicyAgent - ok
19:34:45.0240 9388 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:34:45.0318 9388 Power - ok
19:34:45.0334 9388 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:34:45.0427 9388 PptpMiniport - ok
19:34:45.0458 9388 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:34:45.0521 9388 Processor - ok
19:34:45.0568 9388 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:34:45.0646 9388 ProfSvc - ok
19:34:45.0677 9388 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:34:45.0708 9388 ProtectedStorage - ok
19:34:45.0740 9388 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:34:45.0818 9388 Psched - ok
19:34:45.0880 9388 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:34:45.0990 9388 ql2300 - ok
19:34:46.0021 9388 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:34:46.0068 9388 ql40xx - ok
19:34:46.0099 9388 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:34:46.0177 9388 QWAVE - ok
19:34:46.0193 9388 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:34:46.0240 9388 QWAVEdrv - ok
19:34:46.0271 9388 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:34:46.0365 9388 RasAcd - ok
19:34:46.0380 9388 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:34:46.0458 9388 RasAgileVpn - ok
19:34:46.0490 9388 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:34:46.0583 9388 RasAuto - ok
19:34:46.0615 9388 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:46.0693 9388 Rasl2tp - ok
19:34:46.0740 9388 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:34:46.0833 9388 RasMan - ok
19:34:46.0865 9388 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:46.0943 9388 RasPppoe - ok
19:34:46.0958 9388 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:34:47.0036 9388 RasSstp - ok
19:34:47.0083 9388 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:34:47.0177 9388 rdbss - ok
19:34:47.0208 9388 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:34:47.0271 9388 rdpbus - ok
19:34:47.0318 9388 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:47.0396 9388 RDPCDD - ok
19:34:47.0443 9388 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:34:47.0521 9388 RDPDR - ok
19:34:47.0552 9388 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:34:47.0630 9388 RDPENCDD - ok
19:34:47.0661 9388 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:34:47.0739 9388 RDPREFMP - ok
19:34:47.0786 9388 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:34:47.0864 9388 RDPWD - ok
19:34:47.0927 9388 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:34:47.0958 9388 rdyboost - ok
19:34:47.0989 9388 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:34:48.0099 9388 RemoteAccess - ok
19:34:48.0146 9388 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:34:48.0224 9388 RemoteRegistry - ok
19:34:48.0255 9388 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:34:48.0333 9388 RpcEptMapper - ok
19:34:48.0380 9388 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:34:48.0427 9388 RpcLocator - ok
19:34:48.0443 9388 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:34:48.0536 9388 RpcSs - ok
19:34:48.0567 9388 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:34:48.0646 9388 rspndr - ok
19:34:48.0692 9388 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:34:48.0739 9388 s3cap - ok
19:34:48.0755 9388 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:34:48.0802 9388 SamSs - ok
19:34:48.0833 9388 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:34:48.0864 9388 sbp2port - ok
19:34:48.0896 9388 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:34:48.0974 9388 SCardSvr - ok
19:34:48.0989 9388 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:34:49.0067 9388 scfilter - ok
19:34:49.0114 9388 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:34:49.0224 9388 Schedule - ok
19:34:49.0239 9388 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:34:49.0317 9388 SCPolicySvc - ok
19:34:49.0364 9388 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:34:49.0427 9388 SDRSVC - ok
19:34:49.0458 9388 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:34:49.0552 9388 secdrv - ok
19:34:49.0583 9388 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:34:49.0677 9388 seclogon - ok
19:34:49.0708 9388 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:34:49.0786 9388 SENS - ok
19:34:49.0833 9388 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:34:49.0895 9388 SensrSvc - ok
19:34:49.0927 9388 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:34:49.0974 9388 Serenum - ok
19:34:50.0020 9388 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:34:50.0067 9388 Serial - ok
19:34:50.0114 9388 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:34:50.0161 9388 sermouse - ok
19:34:50.0208 9388 [ 8988D1F32F56B3CD3F0F6C39F8A91A98 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:34:50.0255 9388 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:34:50.0255 9388 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:34:50.0333 9388 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:34:50.0411 9388 SessionEnv - ok
19:34:50.0458 9388 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:34:50.0505 9388 sffdisk - ok
19:34:50.0536 9388 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:34:50.0583 9388 sffp_mmc - ok
19:34:50.0614 9388 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:34:50.0661 9388 sffp_sd - ok
19:34:50.0708 9388 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:34:50.0739 9388 sfloppy - ok
19:34:50.0786 9388 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:34:50.0864 9388 SharedAccess - ok
19:34:50.0927 9388 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:34:51.0020 9388 ShellHWDetection - ok
19:34:51.0067 9388 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:34:51.0098 9388 sisagp - ok
19:34:51.0130 9388 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:34:51.0177 9388 SiSRaid2 - ok
19:34:51.0192 9388 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:34:51.0239 9388 SiSRaid4 - ok
19:34:51.0317 9388 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:34:51.0348 9388 SkypeUpdate - ok
19:34:51.0380 9388 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:34:51.0458 9388 Smb - ok
19:34:51.0520 9388 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:34:51.0552 9388 SNMPTRAP - ok
19:34:51.0598 9388 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:34:51.0630 9388 spldr - ok
19:34:51.0676 9388 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:34:51.0739 9388 Spooler - ok
19:34:51.0833 9388 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:34:52.0036 9388 sppsvc - ok
19:34:52.0083 9388 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:34:52.0176 9388 sppuinotify - ok
19:34:52.0223 9388 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:34:52.0301 9388 srv - ok
19:34:52.0348 9388 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:34:52.0411 9388 srv2 - ok
19:34:52.0458 9388 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:34:52.0505 9388 srvnet - ok
19:34:52.0536 9388 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:34:52.0614 9388 SSDPSRV - ok
19:34:52.0645 9388 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:34:52.0723 9388 SstpSvc - ok
19:34:52.0801 9388 [ 6086B60F2E36D06A063CB07ED0524332 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:34:52.0833 9388 Stereo Service - ok
19:34:52.0879 9388 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:34:52.0911 9388 stexstor - ok
19:34:52.0958 9388 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:34:53.0036 9388 StiSvc - ok
19:34:53.0067 9388 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:34:53.0098 9388 storflt - ok
19:34:53.0129 9388 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:34:53.0192 9388 StorSvc - ok
19:34:53.0239 9388 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:34:53.0270 9388 storvsc - ok
19:34:53.0301 9388 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:34:53.0348 9388 swenum - ok
19:34:53.0379 9388 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:34:53.0473 9388 swprv - ok
19:34:53.0536 9388 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:34:53.0614 9388 SysMain - ok
19:34:53.0661 9388 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:53.0723 9388 TabletInputService - ok
19:34:53.0770 9388 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:34:53.0848 9388 TapiSrv - ok
19:34:53.0879 9388 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:34:53.0973 9388 TBS - ok
19:34:54.0036 9388 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:34:54.0129 9388 Tcpip - ok
19:34:54.0192 9388 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:34:54.0270 9388 TCPIP6 - ok
19:34:54.0317 9388 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:34:54.0379 9388 tcpipreg - ok
19:34:54.0426 9388 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:34:54.0489 9388 TDPIPE - ok
19:34:54.0520 9388 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:34:54.0567 9388 TDTCP - ok
19:34:54.0614 9388 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:34:54.0692 9388 tdx - ok
19:34:54.0723 9388 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:34:54.0770 9388 TermDD - ok
19:34:54.0817 9388 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:34:54.0942 9388 TermService - ok
19:34:54.0973 9388 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:34:55.0051 9388 Themes - ok
19:34:55.0082 9388 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:34:55.0145 9388 THREADORDER - ok
19:34:55.0192 9388 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:34:55.0270 9388 TrkWks - ok
19:34:55.0332 9388 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:34:55.0426 9388 TrustedInstaller - ok
19:34:55.0473 9388 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:55.0551 9388 tssecsrv - ok
19:34:55.0598 9388 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:34:55.0660 9388 TsUsbFlt - ok
19:34:55.0707 9388 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:34:55.0770 9388 tunnel - ok
19:34:55.0817 9388 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:34:55.0863 9388 uagp35 - ok
19:34:55.0895 9388 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:34:55.0988 9388 udfs - ok
19:34:56.0035 9388 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:34:56.0082 9388 UI0Detect - ok
19:34:56.0113 9388 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:34:56.0160 9388 uliagpkx - ok
19:34:56.0207 9388 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:34:56.0254 9388 umbus - ok
19:34:56.0285 9388 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:34:56.0332 9388 UmPass - ok
19:34:56.0379 9388 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:34:56.0426 9388 UmRdpService - ok
19:34:56.0473 9388 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:34:56.0567 9388 upnphost - ok
19:34:56.0629 9388 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:34:56.0676 9388 usbaudio - ok
19:34:56.0723 9388 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:34:56.0770 9388 usbccgp - ok
19:34:56.0801 9388 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:34:56.0848 9388 usbcir - ok
19:34:56.0863 9388 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:34:56.0910 9388 usbehci - ok
19:34:56.0941 9388 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:34:56.0988 9388 usbhub - ok
19:34:57.0020 9388 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:34:57.0066 9388 usbohci - ok
19:34:57.0113 9388 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:34:57.0160 9388 usbprint - ok
19:34:57.0191 9388 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:57.0254 9388 USBSTOR - ok
19:34:57.0285 9388 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:34:57.0332 9388 usbuhci - ok
19:34:57.0348 9388 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:34:57.0410 9388 usbvideo - ok
19:34:57.0441 9388 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:34:57.0520 9388 UxSms - ok
19:34:57.0551 9388 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:34:57.0582 9388 VaultSvc - ok
19:34:57.0598 9388 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:34:57.0629 9388 vdrvroot - ok
19:34:57.0691 9388 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:34:57.0785 9388 vds - ok
19:34:57.0832 9388 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:57.0879 9388 vga - ok
19:34:57.0894 9388 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:34:57.0973 9388 VgaSave - ok
19:34:58.0035 9388 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:34:58.0066 9388 vhdmp - ok
19:34:58.0098 9388 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:34:58.0144 9388 viaagp - ok
19:34:58.0176 9388 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:34:58.0223 9388 ViaC7 - ok
19:34:58.0238 9388 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:34:58.0269 9388 viaide - ok
19:34:58.0316 9388 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:34:58.0363 9388 vmbus - ok
19:34:58.0394 9388 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:34:58.0426 9388 VMBusHID - ok
19:34:58.0457 9388 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:34:58.0504 9388 volmgr - ok
19:34:58.0535 9388 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:34:58.0582 9388 volmgrx - ok
19:34:58.0613 9388 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:34:58.0660 9388 volsnap - ok
19:34:58.0691 9388 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:34:58.0723 9388 vsmraid - ok
19:34:58.0785 9388 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:34:58.0910 9388 VSS - ok
19:34:58.0957 9388 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:34:59.0004 9388 vwifibus - ok
19:34:59.0035 9388 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:34:59.0129 9388 W32Time - ok
19:34:59.0176 9388 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:34:59.0222 9388 WacomPen - ok
19:34:59.0269 9388 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:34:59.0363 9388 WANARP - ok
19:34:59.0363 9388 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:34:59.0441 9388 Wanarpv6 - ok
19:34:59.0519 9388 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:34:59.0613 9388 WatAdminSvc - ok
19:34:59.0676 9388 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:34:59.0785 9388 wbengine - ok
19:34:59.0816 9388 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:34:59.0910 9388 WbioSrvc - ok
19:34:59.0988 9388 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:35:00.0066 9388 wcncsvc - ok
19:35:00.0113 9388 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:35:00.0191 9388 WcsPlugInService - ok
19:35:00.0222 9388 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:35:00.0269 9388 Wd - ok
19:35:00.0316 9388 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:35:00.0379 9388 Wdf01000 - ok
19:35:00.0410 9388 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:35:00.0472 9388 WdiServiceHost - ok
19:35:00.0504 9388 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:35:00.0550 9388 WdiSystemHost - ok
19:35:00.0582 9388 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:35:00.0660 9388 WebClient - ok
19:35:00.0691 9388 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:35:00.0769 9388 Wecsvc - ok
19:35:00.0785 9388 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:35:00.0878 9388 wercplsupport - ok
19:35:00.0910 9388 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:35:01.0003 9388 WerSvc - ok
19:35:01.0035 9388 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:01.0113 9388 WfpLwf - ok
19:35:01.0144 9388 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:35:01.0175 9388 WIMMount - ok
19:35:01.0253 9388 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:35:01.0316 9388 WinDefend - ok
19:35:01.0347 9388 WinHttpAutoProxySvc - ok
19:35:01.0410 9388 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:35:01.0488 9388 Winmgmt - ok
19:35:01.0550 9388 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:35:01.0675 9388 WinRM - ok
19:35:01.0753 9388 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
19:35:01.0800 9388 WinUsb - ok
19:35:01.0847 9388 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:35:01.0925 9388 Wlansvc - ok
19:35:01.0956 9388 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:35:02.0003 9388 WmiAcpi - ok
19:35:02.0050 9388 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:35:02.0097 9388 wmiApSrv - ok
19:35:02.0175 9388 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:02.0253 9388 WMPNetworkSvc - ok
19:35:02.0285 9388 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:35:02.0363 9388 WPCSvc - ok
19:35:02.0410 9388 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:35:02.0472 9388 WPDBusEnum - ok
19:35:02.0503 9388 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:35:02.0597 9388 ws2ifsl - ok
19:35:02.0613 9388 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:35:02.0675 9388 wscsvc - ok
19:35:02.0691 9388 WSearch - ok
19:35:02.0800 9388 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:35:02.0925 9388 wuauserv - ok
19:35:02.0972 9388 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:35:03.0034 9388 WudfPf - ok
19:35:03.0097 9388 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:03.0144 9388 WUDFRd - ok
19:35:03.0175 9388 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:35:03.0238 9388 wudfsvc - ok
19:35:03.0284 9388 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:35:03.0363 9388 WwanSvc - ok
19:35:03.0409 9388 ================ Scan global ===============================
19:35:03.0456 9388 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:35:03.0488 9388 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:35:03.0503 9388 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:35:03.0534 9388 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:35:03.0566 9388 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:35:03.0581 9388 [Global] - ok
19:35:03.0581 9388 ================ Scan MBR ==================================
19:35:03.0597 9388 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:35:03.0972 9388 \Device\Harddisk0\DR0 - ok
19:35:03.0972 9388 ================ Scan VBR ==================================
19:35:03.0972 9388 [ 6C271065D310F6BBA5A7EAAA6460E7F3 ] \Device\Harddisk0\DR0\Partition1
19:35:03.0987 9388 \Device\Harddisk0\DR0\Partition1 - ok
19:35:04.0034 9388 [ BD45288A44B204278A9B5DB036128BA7 ] \Device\Harddisk0\DR0\Partition2
19:35:04.0034 9388 \Device\Harddisk0\DR0\Partition2 - ok
19:35:04.0066 9388 [ 6670B82A39D3A6D763839100DC06CA10 ] \Device\Harddisk0\DR0\Partition3
19:35:04.0066 9388 \Device\Harddisk0\DR0\Partition3 - ok
19:35:04.0066 9388 ============================================================
19:35:04.0066 9388 Scan finished
19:35:04.0066 9388 ============================================================
19:35:04.0128 8016 Detected object count: 3
19:35:04.0128 8016 Actual detected object count: 3
19:35:19.0954 8016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:19.0954 8016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:19.0970 8016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:19.0970 8016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:19.0970 8016 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:19.0970 8016 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

Druhy

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-27 19:38:12
-----------------------------
19:38:12.854 OS Version: Windows 6.1.7601 Service Pack 1
19:38:12.854 Number of processors: 4 586 0x1C02
19:38:12.859 ComputerName: JUDR UserName:
19:38:13.874 Initialize success
19:38:32.339 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
19:38:32.344 Disk 0 Vendor: Hitachi_HDS721025CLA382 JP1OA3MA Size: 238475MB BusType: 3
19:38:32.455 Disk 0 MBR read successfully
19:38:32.460 Disk 0 MBR scan
19:38:32.465 Disk 0 Windows 7 default MBR code
19:38:32.477 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:38:32.491 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38374 MB offset 206848
19:38:32.514 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 199999 MB offset 78796800
19:38:32.523 Disk 0 scanning sectors +488394752
19:38:32.717 Disk 0 scanning C:\Windows\system32\drivers
19:38:41.053 Service scanning
19:39:10.634 Modules scanning
19:39:23.403 Disk 0 trace - called modules:
19:39:23.431 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:39:23.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85abe1c8]
19:39:23.465 3 CLASSPNP.SYS[89e8c59e] -> nt!IofCallDriver -> [0x859ae918]
19:39:23.480 5 ACPI.sys[896263d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x859b0030]
19:39:23.492 Scan finished successfully
19:39:34.036 Disk 0 MBR has been saved successfully to "C:\Users\Administrator.ACCONTESBRNO\Documents\MBR.dat"
19:39:34.052 The log file has been saved successfully to "C:\Users\Administrator.ACCONTESBRNO\Documents\aswMBR.txt"
19:39:53.790 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
19:39:53.806 The log file has been saved successfully to "C:\aswMBR.txt"

[mutycz]

Pri vyhledavani mi AVG vyhodilo ze naslo Trojan CRYPT.CDTN - nemuže to byt spojeno s tim scanem? Mam to smazat?

[mutycz]

Našel ho v C:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc

[mutycz]

Nejspíše je to OTL znovu ho to našlo , protože když jsem si rozklikl detaily o infekci tak jako proces to označuje právě OTL.exe. Jinak stejné adresa a jméno souboru.

[mutycz]

OTL ma prekroceny rozsah znaku fora - mam to hodit nekam online?

Prikladam zatim Extras
OTL Extras logfile created on: 27.5.2013 21:06:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\judr.ACCONTESBRNO\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,13% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,47 Gb Total Space | 3,43 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 129,25 Gb Free Space | 66,18% Space Free | Partition Type: NTFS

Computer Name: JUDR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1942028738-3123094729-2533903162-1106\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A371561-4F13-4BEB-98C4-159467042B75}" = lport=137 | protocol=17 | dir=in | app=system |
"{2AA279BF-FFC5-44BB-B7BB-2EDE85F303B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C66FBC8-F787-4D89-B615-D340EA582E7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C6F8D69-F481-4DAF-B482-A7F6622CB5ED}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FFF443A-D25D-416A-935A-523C1CE5EE0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F45DBC9-F8F2-4AAE-A469-7D00387693D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84B63269-82B3-4264-A563-0B1B064D6D1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9176C568-7D3E-4C0F-ACD1-004332C2B96F}" = lport=138 | protocol=17 | dir=in | app=system |
"{97451873-FA40-4012-867C-D660E94EEC30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7F7FD55-BECF-41A8-8D54-CCD25E2A9FDD}" = lport=139 | protocol=6 | dir=in | app=system |
"{B73F3D96-153D-43BB-BE77-0E5A3A2A78D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC189A6-5AD1-41AB-8AA4-D8CC15A4E936}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E4D29ACF-0A25-432B-8141-E20386507E42}" = rport=137 | protocol=17 | dir=out | app=system |
"{E77193BF-B67E-4450-9BCD-550C334FC81C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D802D05-2A2F-454B-ABD6-2172E3F122C4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{0E335B59-6539-4CF2-BF3C-E73BA1A53266}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{1050CE07-7420-42A4-A9EC-D4862F67F147}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1595656C-C293-42C1-9885-139F33B677DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1EE3672E-81BA-4386-AD2F-013F81FE4521}" = protocol=6 | dir=in | app=d:\cms\digitalvideorecordergui.exe |
"{2F34786E-64D4-4097-A574-84B94A2ACCDF}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{30C6D856-F755-4E24-860E-E843438F6155}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{3A8238CE-DD66-4865-9CE6-FB4C835ABE96}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{408DFE4B-4DE2-48CB-848C-E06756E0176A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{47C440D0-187E-4EDD-A7E0-FDFD05B870BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E7B177C-54CC-4FE8-8258-B640B4A194A7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{5B66C4F9-7821-4A4A-9FFA-50130B68E318}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5E1E04A5-1711-48E3-A4F3-D3A6BE6A80C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{63668F3D-C912-44F0-990C-73FAA405CA44}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{709D4518-2BFB-44C5-91C2-6216564FD741}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{78B7B8E2-BE0A-400B-A928-FFDD0DEF7E51}" = protocol=17 | dir=in | app=d:\cms\digitalvideorecordergui.exe |
"{7C88C898-1AAE-4F9D-8522-64A28CF8AF93}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{81096A80-4BBA-4E68-B7F9-AE5F60AD6C70}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8AAADFBA-1558-4073-B5BD-5A8416AAEEB8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9232DD6D-F4FE-4D93-9C01-123D9E1854FF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{92AE26BD-9063-4D48-A99D-D04F651FBB8A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{954CACFA-CE67-4AD7-846A-1E491EBFC4B7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{9D7B79FB-A5A1-41ED-BE8A-3FFC8F6104B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A711B883-BFCF-4D1F-9716-DE78F1B0C9EE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{BFF6D382-C6E7-4B57-ABD3-29CADF656AF2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3778C6F-B17C-46A0-97FF-A47BFD867E76}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{C4582FEB-8204-45B2-8E37-CC62D0F041F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C841BAAB-CCD3-42AE-B531-2A1B948800FC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{DB86BC42-70DA-4643-AC81-F731187A96E6}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{DC991CCA-B6B0-414A-A6A3-11D35CE0C8D9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E8BD2BF9-C951-44A1-A91B-7E1F9D6EC408}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{ECF2F5DB-7631-4651-921D-1EF328DED078}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FAE3B643-2AEB-4266-94BF-F7EFAA60EB2A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"TCP Query User{27F40750-FE2A-4257-980C-29C0DFC640B7}D:\cms\digitalvideorecordergui.exe" = protocol=6 | dir=in | app=d:\cms\digitalvideorecordergui.exe |
"TCP Query User{82DB63C6-4053-4111-B5A4-AA34396DDBB1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C0A3B789-C95D-4576-BFDB-7772B9EDD57C}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{D835AF7B-E260-4BF0-A954-6F3B45DB3843}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{2D32E001-340E-4274-B320-71C350EBCBDD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8A0E3434-F18D-458A-B4C4-5284EFBF99A1}D:\cms\digitalvideorecordergui.exe" = protocol=17 | dir=in | app=d:\cms\digitalvideorecordergui.exe |
"UDP Query User{A0A98A23-5001-4776-9543-8A85753D8481}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{D96AADCE-948F-4BE0-9CBB-EB67010A69B8}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027B17C7-C291-6FB5-0C82-8BC157599201}" = Catalyst Control Center
"{07D3F755-05A0-934E-6F48-706C43927AA9}" = CCC Help English
"{10944289-8401-4B95-8E2A-61B0024C8C3A}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{1320CACA-1955-4E9E-84A1-B75F064221BB}" = Software602 Form Filler
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F867717-8040-42A4-9410-0B5801550C6B}" = I.CA SecureStore 2.17
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6FF7F8-3754-4CC0-91F5-5270C80E7D29}" = PREMIER X3 Registrace knihoven
"{4EC0901D-FC4B-49EE-98FC-90C4E6BCA998}_is1" = CMS version 0.2.1.27 EN
"{6543AF6B-A923-45B8-B696-150BDDA5085E}" = AVG 2012
"{6BCC0A09-6235-C2DE-4E3D-09F7793C6FB3}" = Catalyst Control Center Graphics Previews Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{938F03A3-9932-DA4F-DDC1-49FABFD41B23}" = AMD Media Foundation Decoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Czech
"{AF595A9D-325A-0B86-4BFA-F2D90553A9FC}" = AMD Drag and Drop Transcoding
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3696FEF-0B27-459F-A661-A4134B6A063E}_is1" = OcxSetup version 1.0.5.4
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C1392D78-3958-03C8-E747-51DE7CEE8E03}" = Catalyst Control Center InstallProxy
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{D751FC11-146D-9848-6993-9A567E05B1EF}" = ccc-utility
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D8CD8BBE-81F6-49CB-84D2-A1E616875792}" = AVG 2012
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"ESET Online Scanner" = ESET Online Scanner v3
"FlpGrfCtrl" = Flipper Graph Control
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Lexicon5" = Lingea Lexicon 5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"XStandard" = XStandard

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.5.2013 18:32:24 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 15.5.2013 8:54:28 | Computer Name = JUDR.accontesbrno.net | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 15.5.2013 12:22:15 | Computer Name = JUDR.accontesbrno.net | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16537, časové
razítko: 0x512347f7 Název chybujícího modulu: jscript9.dll, verze: 10.0.9200.16540,
časové razítko: 0x5125e918 Kód výjimky: 0xc0000005 Posun chyby: 0x0006857a ID chybujícího
procesu: 0x15a4 Čas spuštění chybující aplikace: 0x01ce518854de2b9a Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\System32\jscript9.dll ID zprávy: 9a95ecd6-bd7b-11e2-a761-002522620ce3

Error - 15.5.2013 18:32:02 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 16.5.2013 18:32:10 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 18.5.2013 6:51:56 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 19.5.2013 5:40:33 | Computer Name = JUDR.accontesbrno.net | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725,
časové razítko: 0x4ec49b60 Kód výjimky: 0xc0000005 Posun chyby: 0x0003224d ID chybujícího
procesu: 0x169c Čas spuštění chybující aplikace: 0x01ce5473544471e9 Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 2604a997-c068-11e2-ba06-002522620ce3

Error - 23.5.2013 18:32:28 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.5.2013 9:14:47 | Computer Name = JUDR.accontesbrno.net | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 17.0.1.4715 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
1af4 Čas spuštění: 01ce583897c0b668 Čas ukončení: 109 Cesta k aplikaci: C:\Program
Files\Mozilla Firefox\firefox.exe ID hlášení: e4f4e0ab-c473-11e2-ba06-002522620ce3


Error - 24.5.2013 18:31:44 | Computer Name = JUDR.accontesbrno.net | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\Nokia\Nokia PC Suite
7\TIS_Windows7PIM.dll se nezdařilo. Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ System Events ]
Error - 5.6.2012 19:34:05 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 7.6.2012 0:56:30 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 9.6.2012 5:11:34 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 11.6.2012 13:47:00 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 12.6.2012 11:37:16 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 13.6.2012 21:10:07 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 13.6.2012 21:30:08 | Computer Name = U4.ACCONTES | Source = DCOM | ID = 10010
Description =

Error - 13.6.2012 21:32:38 | Computer Name = U4.ACCONTES | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 13.6.2012 22:02:46 | Computer Name = U4.ACCONTES | Source = BROWSER | ID = 8032
Description =

Error - 15.6.2012 13:31:44 | Computer Name = U4.ACCONTES | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.


< End of report >

[mutycz]

Pro jistotu jsem nahral na uloz.to http://uloz.to/xFKEJQjS/otl-txt
A bohužel se vrátil problém s tím, že nelze psát diakritická znaménka přes SHIFT :/ Přitom AVG je aktuální, systémové aktualizace povoleny a nainstalovaný, MS Firewall taky bezi

[mutycz]

AVG
"Trojský kůň PSW.Generic11.TLG";"c:\Users\judr.ACCONTESBRNO\AppData\Local\temp\2A62.tmp.exe";"Objekt je nedostupný.";"27.5.2013, 10:31:25";"Soubor";"C:\Windows\System32\svchost.exe"
"Trojský kůň PSW.Generic11.TLG";"c:\Users\judr.ACCONTESBRNO\AppData\Local\temp\BB18.tmp.exe";"Objekt je nedostupný.";"27.5.2013, 13:32:15";"Soubor";"C:\Windows\System32\svchost.exe"
"Trojský kůň Crypt.CDTN";"c:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc\sagiagee.exe";"Infikováno";"27.5.2013, 19:52:21";"Soubor";"C:\Users\judr.ACCONTESBRNO\Downloads\OTL.exe"
"Trojský kůň Crypt.CDTN";"c:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc\sagiagee.exe";"Infikováno";"27.5.2013, 20:07:19";"Soubor";"C:\Users\judr.ACCONTESBRNO\Downloads\OTL.exe"


Combofix
ComboFix 13-05-28.02 - Administrator 28.05.2013 19:18:44.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.944 [GMT 2:00]
Spuštěný z: c:\users\judr.ACCONTESBRNO\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 17:36 . 2013-05-28 17:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-28 17:36 . 2013-05-28 17:36 -------- d-----w- c:\users\ucetni4\AppData\Local\temp
2013-05-24 20:08 . 2013-05-28 17:36 -------- d-----w- c:\users\Administrator.ACCONTESBRNO\AppData\Local\temp
2013-05-24 16:12 . 2013-05-24 16:12 -------- d-----w- c:\program files\ESET
2013-05-24 16:07 . 2013-05-27 17:06 -------- d-----w- c:\program files\trend micro
2013-05-24 16:07 . 2013-05-24 16:07 -------- d-----w- C:\rsit
2013-05-24 10:39 . 2013-05-24 17:38 -------- d-----w- c:\users\judr.ACCONTESBRNO\AppData\Roaming\Xigyi
2013-05-24 10:39 . 2013-05-24 10:59 -------- d-----w- c:\users\judr.ACCONTESBRNO\AppData\Roaming\Atzus
2013-05-23 08:57 . 2013-05-23 08:57 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-05-17 12:41 . 2013-05-17 12:41 -------- d-----w- c:\program files\Common Files\Java
2013-05-17 10:04 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-16 02:05 . 2013-05-16 02:06 -------- d-----w- c:\windows\rescache
2013-05-15 22:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 22:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 22:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 22:07 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 22:07 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 22:07 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 22:07 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 22:07 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-06 11:46 . 2013-05-06 11:46 -------- d-----w- C:\RSAV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:43 . 2012-09-01 19:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:43 . 2011-07-04 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 04:45 . 2013-05-15 22:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 22:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 08:02 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:18 . 2013-04-11 01:18 302368 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-19 05:04 . 2013-04-10 08:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 08:04 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 08:04 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-15 02:02 . 2013-03-15 02:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 02:02 . 2013-03-15 02:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-15 02:02 . 2013-03-15 02:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-15 02:02 . 2013-03-15 02:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-15 02:02 . 2013-03-15 02:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-15 02:02 . 2013-03-15 02:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-15 02:02 . 2013-03-15 02:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-15 02:02 . 2013-03-15 02:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-15 02:02 . 2013-03-15 02:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-15 02:02 . 2013-03-15 02:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 02:02 . 2013-03-15 02:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-15 02:02 . 2013-03-15 02:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-15 02:02 . 2013-03-15 02:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-15 02:02 . 2013-03-15 02:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-15 02:02 . 2013-03-15 02:02 361984 ----a-w- c:\windows\system32\html.iec
2013-03-15 02:02 . 2013-03-15 02:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-15 02:02 . 2013-03-15 02:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-05 18:37 . 2013-01-06 14:13 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 18:37 . 2011-07-04 14:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-07 05:20 . 2011-12-13 08:03 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-04-12 222776]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\users\ucetni4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\Administrator.ACCONTES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2009-7-3 275736]
.
c:\users\judr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\judr.ACCONTES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\judr.ACCONTESBRNO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - d:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3248531015-3657829206-1257948550-1109\Scripts\Logoff\0\0]
"Script"=logoff.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3248531015-3657829206-1257948550-1109\Scripts\Logoff\0\1]
"Script"=logoff2.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3248531015-3657829206-1257948550-1109\Scripts\Logon\0\0]
"Script"=logon.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3248531015-3657829206-1257948550-1109\Scripts\Logon\0\1]
"Script"=logon2.cmd
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;d:\program files\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 41813708
*NewlyCreated* - ASWMBR
*NewlyCreated* - PCHUNTER32AA
*NewlyCreated* - WS2IFSL
*Deregistered* - 41813708
*Deregistered* - aswMBR
*Deregistered* - PCHunter32aa
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 15:43]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{5FAB7261-615B-478A-86D7-0D0213979C95}: NameServer = 192.168.2.150
FF - ProfilePath -
.
.
Celkový čas: 2013-05-28 19:41:16
ComboFix-quarantined-files.txt 2013-05-28 17:41
ComboFix2.txt 2013-05-24 21:18
ComboFix3.txt 2013-05-24 20:08
.
Před spuštěním: 3 638 493 184
Po spuštění: 3 608 199 168
.
- - End Of File - - BF679DFB638AEE28406CFA1ECA333409

[mutycz]

Po provedení testů mi nic nelze spustit - všechno hlasí Pokus použít neplatnou operaci na klíč registru, který je označen k odstranění

[mutycz]

První log:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1942028738-3123094729-2533903162-1106\Software\Microsoft\Windows\CurrentVersion\Run\\{6FD9F1D3-8BA1-CA33-C0C3-0EAE63AB4A64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FD9F1D3-8BA1-CA33-C0C3-0EAE63AB4A64}\ not found.
Registry value HKEY_USERS\S-1-5-21-1942028738-3123094729-2533903162-1106\Software\Microsoft\Windows\CurrentVersion\Run\\APC deleted successfully.
C:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc\sagiagee.exe moved successfully.
C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Xigyi folder moved successfully.
C:\Users\judr.ACCONTESBRNO\AppData\Roaming\rduwdvrc folder moved successfully.
========== FILES ==========
c:\users\judr.ACCONTESBRNO\AppData\Roaming\Atzus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 60530209 bytes
->Flash cache emptied: 672 bytes

User: Administrator.ACCONTES
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 54274194 bytes
->Flash cache emptied: 734 bytes

User: Administrator.ACCONTESBRNO
->Temp folder emptied: 744 bytes
->Temporary Internet Files folder emptied: 195 bytes
->Java cache emptied: 0 bytes

User: Administrator.U4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: judr
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 31949622 bytes
->Java cache emptied: 2681684 bytes
->FireFox cache emptied: 61871848 bytes
->Flash cache emptied: 1732 bytes

User: judr.ACCONTES
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 99660974 bytes
->Java cache emptied: 3821835 bytes
->FireFox cache emptied: 92004630 bytes
->Flash cache emptied: 7913 bytes

User: judr.ACCONTESBRNO
->Temp folder emptied: 1422 bytes
->Temporary Internet Files folder emptied: 403711804 bytes
->Java cache emptied: 8442981 bytes
->FireFox cache emptied: 10612807 bytes
->Flash cache emptied: 2863 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ucetni3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9102019 bytes

User: ucetni4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32231632 bytes
->FireFox cache emptied: 57155527 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 885,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.ACCONTES
->Flash cache emptied: 0 bytes

User: Administrator.ACCONTESBRNO

User: Administrator.U4

User: All Users

User: Default

User: Default User

User: judr
->Flash cache emptied: 0 bytes

User: judr.ACCONTES
->Flash cache emptied: 0 bytes

User: judr.ACCONTESBRNO
->Flash cache emptied: 0 bytes

User: Public

User: ucetni3

User: ucetni4

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: Administrator.ACCONTES

User: Administrator.ACCONTESBRNO
->Java cache emptied: 0 bytes

User: Administrator.U4

User: All Users

User: Default

User: Default User

User: judr
->Java cache emptied: 0 bytes

User: judr.ACCONTES
->Java cache emptied: 0 bytes

User: judr.ACCONTESBRNO
->Java cache emptied: 0 bytes

User: Public

User: ucetni3

User: ucetni4

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05292013_054142

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[mutycz]

Omlouvám se za odmlku - pár dnů jsem byl mimo PC.

Přídávám LOG - musel jsem vypnout AVG (pokud bylo AVG zapnuto tak test nedobehl - AVG vyhazovalo stejnou hlasku jako predtim a OTL vyhodilo že nemůže spustit cmd.bat)

OTL logfile created on: 1.6.2013 20:57:50 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\judr.ACCONTESBRNO\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,88% Memory free
4,00 Gb Paging File | 2,75 Gb Available in Paging File | 68,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,47 Gb Total Space | 4,63 Gb Free Space | 12,36% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 129,22 Gb Free Space | 66,16% Space Free | Partition Type: NTFS

Computer Name: JUDR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.27 19:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\judr.ACCONTESBRNO\Downloads\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012.09.27 02:27:23 | 000,100,256 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe
PRC - [2012.01.24 17:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- D:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012.01.24 17:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- D:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012.01.24 17:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- D:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.25 05:03:54 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.12 10:58:04 | 000,222,776 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\Print2PDF.exe
PRC - [2011.03.14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.11.20 14:17:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2010.06.07 22:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.07 22:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.16 03:36:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.16 03:32:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.16 03:31:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 03:30:46 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.16 03:30:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 03:29:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.14 04:33:59 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013.02.14 04:26:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.10 04:34:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 04:33:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:31:25 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:31:15 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013.01.10 04:30:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:29:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:29:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.31 16:02:10 | 000,274,432 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100sd.dll
MOD - [2012.08.31 16:02:02 | 002,306,048 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100su.dll
MOD - [2012.08.31 16:01:20 | 000,794,624 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\HP1100GC.DLL
MOD - [2011.05.24 23:50:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.01.28 11:11:23 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.01.28 11:11:23 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.12.02 02:13:18 | 000,214,528 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\Software602.dll
MOD - [2010.11.13 04:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV - [2013.05.15 17:43:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.27 02:27:23 | 000,100,256 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.24 17:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- D:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012.01.24 17:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- D:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2011.02.05 04:01:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~2.ACC\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.04.11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.11.08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.26 07:45:35 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.05.25 09:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.30 20:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.12.13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.08.10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.19 06:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1942028738-3123094729-2533903162-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@xstandard.com/XStandard: C:\Program Files\XStandard\Bin\NPXStandard.dll (Belus Technology Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.09.01 21:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 07:20:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 23:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.14 21:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.12.13 10:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.22 14:05:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 14:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012.12.05 14:51:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 14:51:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.07 07:20:54 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.01 21:49:24 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.19 06:10:52 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.19 06:10:52 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.07 09:48:19 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2012.06.19 06:10:52 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.19 06:10:52 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.19 06:10:52 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2013.05.24 23:13:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [gemstrmw] C:\Windows\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1616587249-3722754679-407430079-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator.ACCONTES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O4 - Startup: C:\Users\judr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\judr.ACCONTES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\ucetni4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1616587249-3722754679-407430079-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1942028738-3123094729-2533903162-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1942028738-3123094729-2533903162-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1942028738-3123094729-2533903162-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1942028738-3123094729-2533903162-1106\..Trusted Domains: mfcr.cz ([]* in Důvěryhodné weby)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accontesbrno.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FAB7261-615B-478A-86D7-0D0213979C95}: NameServer = 192.168.2.150
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.29 05:41:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.28 19:41:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.28 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator.ACCONTESBRNO\AppData\Local\temp
[2013.05.28 19:39:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.24 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator.ACCONTESBRNO\AppData\Roaming\Adobe
[2013.05.24 21:41:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.24 21:41:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.24 21:41:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.24 21:41:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.24 21:40:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.24 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.05.24 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.05.24 18:07:29 | 000,000,000 | ---D | C] -- C:\rsit
[2013.05.17 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.17 12:04:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.17 12:04:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.17 12:04:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.16 04:05:30 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013.05.16 03:07:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:07:57 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:07:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 03:07:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:07:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:07:53 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:07:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 03:07:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 03:07:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 03:07:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 00:08:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 00:08:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 00:07:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 00:07:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 00:07:50 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 09:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.06 13:46:40 | 000,000,000 | ---D | C] -- C:\RSAV

========== Files - Modified Within 30 Days ==========

[2013.06.01 20:43:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 15:33:46 | 121,606,266 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013.05.30 07:32:52 | 000,381,364 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013.05.29 06:18:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.29 06:07:16 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 06:07:16 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 05:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.29 05:59:52 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.27 19:39:53 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2013.05.27 19:39:34 | 000,000,512 | ---- | M] () -- C:\Users\Administrator.ACCONTESBRNO\Documents\MBR.dat
[2013.05.24 23:13:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.24 18:04:10 | 000,000,017 | ---- | M] () -- C:\Users\Administrator.ACCONTESBRNO\AppData\Local\resmon.resmoncfg
[2013.05.16 03:28:51 | 000,291,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 03:04:01 | 000,631,276 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.05.16 03:04:01 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 03:04:01 | 000,121,930 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.05.16 03:04:01 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.15 17:43:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 17:43:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.05.27 19:53:43 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.27 19:39:53 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2013.05.27 19:39:34 | 000,000,512 | ---- | C] () -- C:\Users\Administrator.ACCONTESBRNO\Documents\MBR.dat
[2013.05.24 21:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.24 21:41:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.24 21:41:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.24 21:41:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.24 21:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.24 18:04:10 | 000,000,017 | ---- | C] () -- C:\Users\Administrator.ACCONTESBRNO\AppData\Local\resmon.resmoncfg
[2012.11.06 08:05:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.11.06 08:04:59 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012.11.06 08:04:48 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012.11.06 08:04:48 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012.11.06 08:03:03 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2011.08.07 16:47:40 | 000,003,096 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.07 14:07:09 | 000,110,992 | ---- | C] () -- C:\Windows\System32\SAWZip.dll
[2011.07.07 14:07:09 | 000,045,432 | ---- | C] () -- C:\Windows\System32\FlpGrfADO.dll
[2011.07.07 14:07:08 | 000,076,688 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011.07.04 18:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.07.04 15:14:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.14 08:39:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.07.04 16:21:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\602XML
[2011.07.04 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011.07.04 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011.07.04 15:19:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2012.09.01 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator.ACCONTES\AppData\Roaming\AVG2012
[2013.03.05 20:32:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator.ACCONTESBRNO\AppData\Roaming\AVG2012
[2013.01.06 15:35:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator.U4\AppData\Roaming\AVG2012
[2011.08.07 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator.U4\AppData\Roaming\PC Suite
[2011.07.04 16:21:19 | 000,000,000 | ---D | M] -- C:\Users\judr\AppData\Roaming\602Installer
[2011.07.07 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\judr\AppData\Roaming\OpenOffice.org
[2011.07.04 16:36:17 | 000,000,000 | ---D | M] -- C:\Users\judr\AppData\Roaming\PC Suite
[2011.07.08 13:15:44 | 000,000,000 | ---D | M] -- C:\Users\judr\AppData\Roaming\Software602
[2011.07.04 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\judr\AppData\Roaming\Thunderbird
[2012.09.17 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\602XML
[2012.09.04 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\AVG2012
[2012.08.10 09:27:40 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\AVG9
[2011.08.08 14:22:34 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\OpenOffice.org
[2012.02.01 15:41:27 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\Software602
[2012.05.14 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTES\AppData\Roaming\Thunderbird
[2013.01.06 15:50:43 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\602XML
[2013.05.29 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Aqkama
[2013.01.06 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\AVG2012
[2013.05.28 09:46:11 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Ipcure
[2013.01.06 15:52:14 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\OpenOffice.org
[2013.03.06 08:10:59 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Software602
[2013.01.06 15:55:04 | 000,000,000 | ---D | M] -- C:\Users\judr.ACCONTESBRNO\AppData\Roaming\Thunderbird
[2011.02.02 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\ucetni4\AppData\Roaming\OpenOffice.org
[2011.01.28 10:53:59 | 000,000,000 | ---D | M] -- C:\Users\ucetni4\AppData\Roaming\Thunderbird

========== Purity Check ==========



< End of report >

[mutycz]

Diakritika je funkcni (i po restartu).
Dále jsem projel PC AVG i Eset Online a nic nenalezl.

Log je jiz cisty?