Prosím o kontrolu logu - RSIT, zavirovane PC?

Zpráva

jlopaur · #1 Příspěvek od **jlopaur** » 30 dub 2014 14:05

Dobrý den,
prosím o kontrolu logu z RSIT.
PC bylo náhle pomalé, proces system vytěžoval (vytěžuje) jedno CPU na 100%.
Provedl jsem kontrolu programem AVAST, který našel několik breberek, (nechal jsem ukládat do truhly).

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-04-30 14:46:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 195 GB (64%) free of 305 GB
Total RAM: 2540 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:44, on 30.4.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SIMULIA\Documentation\monitor.exe
D:\SIMULIA\Documentation\monitor.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Documents and Settings\tatinek\Local Settings\Data aplikací\Mozilla Firefox\firefox.exe
D:\Utils\doublecmd\doublecmd.exe
D:\Download\viry\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\276cdfdc-ee66-4d37-ac5d-54a3b28f80ac.exe /check
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1085031214-1659004503-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'tatinek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - D:\SIMULIA\Documentation\monitor.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 8155 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lvo7xbo1.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-25 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-30 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-25 3873704]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"=C:\Program Files\AVAST Software\Avast\setup\emupdate\276cdfdc-ee66-4d37-ac5d-54a3b28f80ac.exe [2014-04-30 181136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-06-19 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2013-01-24 701872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol]
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -controlservice -slave []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
C:\PROGRA~1\PANASO~1\PHOTOF~1.0HD\AUTOST~1.EXE [2009-10-01 146360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Start GeekBuddy.lnk]
C:\PROGRA~1\Comodo\GEEKBU~1\launcher.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2013-09-24 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe"="C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe:*:Enabled:Magic 2014 Demo"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe:*:Enabled:Dungeon Siege"
"C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe"="C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe:*:Enabled:Prince of Persia: The Forgotten Sands"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2"
"C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe"="C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe"="C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe"="C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe:*:Enabled:Ohm Studio"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe:*:Enabled:Dungeon Siege III"
"C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe:*:Enabled:Magic 2014 "
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe:*:Enabled:Spore"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization IV: Beyond the Sword"
"C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe"="C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV: Colonization"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Steam\SteamApps\common\Spore\runme.exe"="C:\Program Files\Steam\SteamApps\common\Spore\runme.exe:*:Enabled:Spore: Creepy & Cute Parts Pack"
"C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe:*:Enabled:Spore: Galactic Adventures"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe:*:Enabled:Sid Meier's Ace Patrol"
"C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe"="C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe:*:Enabled:Sid Meier’s Ace Patrol: Pacific Skies"
"C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe"="C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe:*:Enabled:Bridge Constructor"
"D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe"="D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe:*:Enabled:RaceRoom Racing Experience "
"C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe"="C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe:*:Enabled:Talisman: Prologue"
"C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe"="C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe:*:Enabled:Ravensword: Shadowlands"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Desktop App"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe"="C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe:*:Enabled:Bridge It demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-30 14:47:04 ----D---- C:\Program Files\trend micro
2014-04-30 14:46:53 ----D---- C:\rsit
2014-04-28 17:31:56 ----ASH---- C:\hiberfil.sys
2014-04-27 16:58:49 ----D---- C:\WINDOWS\system32\NtmsData
2014-04-27 16:27:32 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-26 12:18:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\Comodo
2014-04-25 17:18:30 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-04-25 17:17:22 ----A---- C:\WINDOWS\avastSS.scr
2014-04-23 18:43:50 ----A---- C:\WINDOWS\system32\drivers\usbfilter.sys
2014-04-23 18:43:49 ----A---- C:\WINDOWS\system32\drivers\amdhub30.sys
2014-04-23 18:43:46 ----A---- C:\WINDOWS\system32\drivers\amdxhc.sys
2014-04-23 18:41:10 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2014-04-23 18:30:41 ----D---- C:\Program Files\ATI Technologies
2014-04-21 20:39:36 ----D---- C:\Program Files\HD Tune
2014-04-20 16:46:45 ----D---- C:\WINDOWS\GBD
2014-04-20 15:14:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\InstallShield
2014-04-19 13:09:48 ----D---- C:\Program Files\LibreOffice 4
2014-04-18 12:39:56 ----D---- C:\Program Files\Jack v1.9.6
2014-04-18 12:39:09 ----D---- C:\Program Files\Hydrogen
2014-04-18 12:15:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\library_dir
2014-04-12 14:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$

======List of files/folders modified in the last 1 month======

2014-04-30 14:47:29 ----D---- C:\WINDOWS\Prefetch
2014-04-30 14:47:04 ----RD---- C:\Program Files
2014-04-30 14:44:04 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-30 14:41:06 ----D---- C:\WINDOWS\Temp
2014-04-29 22:06:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-27 16:58:49 ----D---- C:\WINDOWS\system32
2014-04-27 16:44:49 ----SHD---- C:\WINDOWS\Installer
2014-04-27 16:42:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-27 16:38:20 ----D---- C:\WINDOWS
2014-04-27 16:27:45 ----D---- C:\Documents and Settings
2014-04-27 13:22:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-27 13:22:12 ----D---- C:\WINDOWS\system32\drivers
2014-04-27 13:21:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-04-27 13:21:07 ----HD---- C:\WINDOWS\inf
2014-04-27 13:20:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-04-27 13:12:48 ----D---- C:\Program Files\GIGABYTE
2014-04-25 17:18:51 ----SD---- C:\WINDOWS\Tasks
2014-04-25 17:17:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-04-23 18:58:33 ----D---- C:\Program Files\Steam
2014-04-23 18:25:43 ----A---- C:\WINDOWS\GSetup.ini
2014-04-23 17:29:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\DAEMON Tools Lite
2014-04-23 17:29:18 ----D---- C:\WINDOWS\Debug
2014-04-22 16:38:26 ----D---- C:\WINDOWS\Microsoft.NET
2014-04-22 16:38:25 ----RSD---- C:\WINDOWS\assembly
2014-04-20 18:04:07 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-20 18:01:09 ----D---- C:\WINDOWS\system32\config
2014-04-20 16:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2014-04-20 16:46:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-04-20 16:23:51 ----A---- C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat
2014-04-20 16:07:00 ----D---- C:\AMD
2014-04-20 16:05:23 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2014-04-20 15:40:38 ----D---- C:\WINDOWS\system32\RTCOM
2014-04-20 15:40:29 ----D---- C:\Program Files\Realtek
2014-04-19 13:10:32 ----RSD---- C:\WINDOWS\Fonts
2014-04-18 12:40:14 ----D---- C:\WINDOWS\WinSxS
2014-04-18 12:37:55 ----D---- C:\Program Files\LMMS
2014-04-12 14:52:46 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-12 14:50:25 ----D---- C:\WINDOWS\system32\MRT
2014-04-12 14:46:42 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-12 14:46:27 ----D---- C:\Program Files\Internet Explorer
2014-04-12 14:46:16 ----D---- C:\WINDOWS\ie8updates
2014-04-01 17:00:12 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-04-01 17:00:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-04-01 16:59:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-04-01 16:53:05 ----D---- C:\Program Files\Microsoft.NET
2014-04-01 16:53:05 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2014-04-01 16:53:05 ----D---- C:\Program Files\Common Files
2014-04-01 16:53:00 ----D---- C:\WINDOWS\system32\1033
2014-04-01 16:46:47 ----D---- C:\Program Files\Microsoft Visual Studio 2008 SDK
2014-04-01 16:41:56 ----D---- C:\Program Files\Common Files\Intel
2014-04-01 16:41:44 ----D---- C:\Program Files\Intel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86;ahcix86; C:\WINDOWS\system32\DRIVERS\ahcix86.sys [2012-07-10 228688]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-25 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-25 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-09-29 66048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-03-01 466008]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2013-04-11 94416]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2012-03-08 19056]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-04-25 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-04-25 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-04-25 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-04-25 57672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-04-25 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-25 67824]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\WINDOWS\system32\DRIVERS\amdhub30.sys [2013-02-26 86624]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\WINDOWS\system32\DRIVERS\amdxhc.sys [2013-02-26 179296]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2013-09-24 6852096]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2013-07-09 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-03-26 242240]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-07-02 43816]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S3 acsint;acsint; C:\WINDOWS\system32\DRIVERS\acsint.sys [2013-01-24 39888]
S3 acsmux;acsmux; C:\WINDOWS\system32\DRIVERS\acsmux.sys [2013-01-24 58320]
S3 ai6ausbg;ai6ausbg; C:\WINDOWS\system32\drivers\ai6ausbg.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AtiDCM;AtiDCM; \??\C:\Documents and Settings\Administrator\Local Settings\Temp\atidcmxx.sys []
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 OSFMount;OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2013-01-24 23976]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2013-09-24 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-25 50344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-01-30 182696]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2013-10-02 17153952]
R2 Texis Monitor;Texis Monitor; D:\SIMULIA\Documentation\monitor.exe [2008-05-05 4493312]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20 257712]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2014-01-10 1074480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-02-25 568512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

jlopaur · #2 Příspěvek od **jlopaur** » 30 dub 2014 19:43

Provedl jsem Scan a Clean programem AdwCleaner.
přikládám log.

# AdwCleaner v3.205 - Report created 30/04/2014 at 20:27:05
# Updated 28/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - HOME-PC
# Running from : C:\Documents and Settings\tatinek\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\simplitec
Folder Deleted : C:\Documents and Settings\tatinek\.android
Folder Deleted : C:\Documents and Settings\tatinek\Data aplikací\simplitec

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lvo7xbo1.default\prefs.js ]

[ File : C:\Documents and Settings\tatinek\Data aplikací\Mozilla\Firefox\Profiles\rbydmhlb.default-1366725677468\prefs.js ]

*************************

AdwCleaner[R0].txt - [1453 octets] - [30/04/2014 20:24:11]
AdwCleaner[S0].txt - [1394 octets] - [30/04/2014 20:27:05]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1454 octets] ##########

#3 Příspěvek od **Rudy** » 30 dub 2014 20:15

Zdravím!
Dejte nový log RSIT.

jlopaur · #4 Příspěvek od **jlopaur** » 30 dub 2014 20:21

přeji pěkný večer.

nový log RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-04-30 21:19:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 196 GB (64%) free of 305 GB
Total RAM: 2540 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:05, on 30.4.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SIMULIA\Documentation\monitor.exe
D:\SIMULIA\Documentation\monitor.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\tatinek\Local Settings\Data aplikací\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
D:\Utils\doublecmd\doublecmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Download\viry\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1085031214-1659004503-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'tatinek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - D:\SIMULIA\Documentation\monitor.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 8083 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lvo7xbo1.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-25 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-30 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-25 3873704]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=\AdwCleaner\AdwCleaner[S0].txt [2014-04-30 1532]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-06-19 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2013-01-24 701872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol]
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -controlservice -slave []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
C:\PROGRA~1\PANASO~1\PHOTOF~1.0HD\AUTOST~1.EXE [2009-10-01 146360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Start GeekBuddy.lnk]
C:\PROGRA~1\Comodo\GEEKBU~1\launcher.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2013-09-24 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe"="C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe:*:Enabled:Magic 2014 Demo"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe:*:Enabled:Dungeon Siege"
"C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe"="C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe:*:Enabled:Prince of Persia: The Forgotten Sands"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2"
"C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe"="C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe"="C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe"="C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe:*:Enabled:Ohm Studio"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe:*:Enabled:Dungeon Siege III"
"C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe:*:Enabled:Magic 2014 "
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe:*:Enabled:Spore"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization IV: Beyond the Sword"
"C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe"="C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV: Colonization"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Steam\SteamApps\common\Spore\runme.exe"="C:\Program Files\Steam\SteamApps\common\Spore\runme.exe:*:Enabled:Spore: Creepy & Cute Parts Pack"
"C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe:*:Enabled:Spore: Galactic Adventures"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe:*:Enabled:Sid Meier's Ace Patrol"
"C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe"="C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe:*:Enabled:Sid Meier’s Ace Patrol: Pacific Skies"
"C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe"="C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe:*:Enabled:Bridge Constructor"
"D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe"="D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe:*:Enabled:RaceRoom Racing Experience "
"C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe"="C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe:*:Enabled:Talisman: Prologue"
"C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe"="C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe:*:Enabled:Ravensword: Shadowlands"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Desktop App"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe"="C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe:*:Enabled:Bridge It demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-30 20:18:11 ----D---- C:\AdwCleaner
2014-04-30 14:47:04 ----D---- C:\Program Files\trend micro
2014-04-30 14:46:53 ----D---- C:\rsit
2014-04-28 17:31:56 ----ASH---- C:\hiberfil.sys
2014-04-27 16:58:49 ----D---- C:\WINDOWS\system32\NtmsData
2014-04-27 16:27:32 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-26 12:18:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\Comodo
2014-04-25 17:18:30 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-04-25 17:17:22 ----A---- C:\WINDOWS\avastSS.scr
2014-04-23 18:43:50 ----A---- C:\WINDOWS\system32\drivers\usbfilter.sys
2014-04-23 18:43:49 ----A---- C:\WINDOWS\system32\drivers\amdhub30.sys
2014-04-23 18:43:46 ----A---- C:\WINDOWS\system32\drivers\amdxhc.sys
2014-04-23 18:41:10 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2014-04-23 18:30:41 ----D---- C:\Program Files\ATI Technologies
2014-04-21 20:39:36 ----D---- C:\Program Files\HD Tune
2014-04-20 16:46:45 ----D---- C:\WINDOWS\GBD
2014-04-20 15:14:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\InstallShield
2014-04-19 13:09:48 ----D---- C:\Program Files\LibreOffice 4
2014-04-18 12:39:56 ----D---- C:\Program Files\Jack v1.9.6
2014-04-18 12:39:09 ----D---- C:\Program Files\Hydrogen
2014-04-18 12:15:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\library_dir
2014-04-12 14:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$

======List of files/folders modified in the last 1 month======

2014-04-30 20:37:00 ----D---- C:\WINDOWS\Temp
2014-04-30 20:27:31 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-30 20:27:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-30 20:27:10 ----D---- C:\WINDOWS\Prefetch
2014-04-30 16:06:44 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-30 14:47:04 ----RD---- C:\Program Files
2014-04-27 16:58:49 ----D---- C:\WINDOWS\system32
2014-04-27 16:44:49 ----SHD---- C:\WINDOWS\Installer
2014-04-27 16:42:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-27 16:38:20 ----D---- C:\WINDOWS
2014-04-27 16:27:45 ----D---- C:\Documents and Settings
2014-04-27 13:22:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-27 13:22:12 ----D---- C:\WINDOWS\system32\drivers
2014-04-27 13:21:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-04-27 13:21:07 ----HD---- C:\WINDOWS\inf
2014-04-27 13:20:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-04-27 13:12:48 ----D---- C:\Program Files\GIGABYTE
2014-04-25 17:18:51 ----SD---- C:\WINDOWS\Tasks
2014-04-25 17:17:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-04-23 18:58:33 ----D---- C:\Program Files\Steam
2014-04-23 18:25:43 ----A---- C:\WINDOWS\GSetup.ini
2014-04-23 17:29:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\DAEMON Tools Lite
2014-04-23 17:29:18 ----D---- C:\WINDOWS\Debug
2014-04-22 16:38:26 ----D---- C:\WINDOWS\Microsoft.NET
2014-04-22 16:38:25 ----RSD---- C:\WINDOWS\assembly
2014-04-20 18:04:07 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-20 18:01:09 ----D---- C:\WINDOWS\system32\config
2014-04-20 16:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2014-04-20 16:46:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-04-20 16:23:51 ----A---- C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat
2014-04-20 16:07:00 ----D---- C:\AMD
2014-04-20 16:05:23 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2014-04-20 15:40:38 ----D---- C:\WINDOWS\system32\RTCOM
2014-04-20 15:40:29 ----D---- C:\Program Files\Realtek
2014-04-19 13:10:32 ----RSD---- C:\WINDOWS\Fonts
2014-04-18 12:40:14 ----D---- C:\WINDOWS\WinSxS
2014-04-18 12:37:55 ----D---- C:\Program Files\LMMS
2014-04-12 14:52:46 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-12 14:50:25 ----D---- C:\WINDOWS\system32\MRT
2014-04-12 14:46:42 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-12 14:46:27 ----D---- C:\Program Files\Internet Explorer
2014-04-12 14:46:16 ----D---- C:\WINDOWS\ie8updates
2014-04-01 17:00:12 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-04-01 17:00:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-04-01 16:59:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-04-01 16:53:05 ----D---- C:\Program Files\Microsoft.NET
2014-04-01 16:53:05 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2014-04-01 16:53:05 ----D---- C:\Program Files\Common Files
2014-04-01 16:53:00 ----D---- C:\WINDOWS\system32\1033
2014-04-01 16:46:47 ----D---- C:\Program Files\Microsoft Visual Studio 2008 SDK
2014-04-01 16:41:56 ----D---- C:\Program Files\Common Files\Intel
2014-04-01 16:41:44 ----D---- C:\Program Files\Intel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86;ahcix86; C:\WINDOWS\system32\DRIVERS\ahcix86.sys [2012-07-10 228688]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-25 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-25 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-09-29 66048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-03-01 466008]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2013-04-11 94416]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2012-03-08 19056]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-04-25 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-04-25 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-04-25 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-04-25 57672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-04-25 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-25 67824]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\WINDOWS\system32\DRIVERS\amdhub30.sys [2013-02-26 86624]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\WINDOWS\system32\DRIVERS\amdxhc.sys [2013-02-26 179296]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2013-09-24 6852096]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2013-07-09 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-03-26 242240]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-07-02 43816]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S3 a5aiq32g;a5aiq32g; C:\WINDOWS\system32\drivers\a5aiq32g.sys []
S3 acsint;acsint; C:\WINDOWS\system32\DRIVERS\acsint.sys [2013-01-24 39888]
S3 acsmux;acsmux; C:\WINDOWS\system32\DRIVERS\acsmux.sys [2013-01-24 58320]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AtiDCM;AtiDCM; \??\C:\Documents and Settings\Administrator\Local Settings\Temp\atidcmxx.sys []
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 OSFMount;OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2013-01-24 23976]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2013-09-24 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-25 50344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-01-30 182696]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2013-10-02 17153952]
R2 Texis Monitor;Texis Monitor; D:\SIMULIA\Documentation\monitor.exe [2008-05-05 4493312]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20 257712]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2014-01-10 1074480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-02-25 568512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#5 Příspěvek od **Rudy** » 30 dub 2014 21:25

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

jlopaur · #6 Příspěvek od **jlopaur** » 01 kvě 2014 10:18

nevím, jestli jsem to udělal správně, antivir jsem nechal vypnout do restartu

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-05-01 11:10:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 197 GB (65%) free of 305 GB
Total RAM: 2540 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:43, on 1.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SIMULIA\Documentation\monitor.exe
D:\SIMULIA\Documentation\monitor.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Documents and Settings\tatinek\Local Settings\Data aplikací\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\tatinek\Local Settings\Data aplikací\Mozilla Firefox\plugin-container.exe
D:\Utils\doublecmd\doublecmd.exe
D:\Download\viry\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1085031214-1659004503-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'tatinek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - D:\SIMULIA\Documentation\monitor.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 8207 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lvo7xbo1.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-25 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-30 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-25 3873704]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=\AdwCleaner\AdwCleaner[S0].txt [2014-04-30 1532]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-06-19 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2013-01-24 701872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol]
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -controlservice -slave []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
C:\PROGRA~1\PANASO~1\PHOTOF~1.0HD\AUTOST~1.EXE [2009-10-01 146360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Start GeekBuddy.lnk]
C:\PROGRA~1\Comodo\GEEKBU~1\launcher.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2013-09-24 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe"="C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe:*:Enabled:Magic 2014 Demo"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 1\DungeonSiege.exe:*:Enabled:Dungeon Siege"
"C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe"="C:\Program Files\Steam\SteamApps\common\Prince of Persia Forgotten Sands\Prince of Persia.exe:*:Enabled:Prince of Persia: The Forgotten Sands"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2"
"C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe"="C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe"="C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe"="C:\Program Files\Steam\SteamApps\common\OhmStudio\ohm_studio_net_mp_host.exe:*:Enabled:Ohm Studio"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\SteamApps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Need for Speed: Hot Pursuit"
"C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe"="C:\Program Files\Steam\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe:*:Enabled:Dungeon Siege III"
"C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe"="C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe:*:Enabled:Magic 2014 "
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe:*:Enabled:Spore"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization IV: Beyond the Sword"
"C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe"="C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV: Colonization"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Steam\SteamApps\common\Spore\runme.exe"="C:\Program Files\Steam\SteamApps\common\Spore\runme.exe:*:Enabled:Spore: Creepy & Cute Parts Pack"
"C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe"="C:\Program Files\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe:*:Enabled:Spore: Galactic Adventures"
"C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe"="C:\Program Files\Steam\SteamApps\common\Sid Meier's Ace Patrol\AcePatrol.exe:*:Enabled:Sid Meier's Ace Patrol"
"C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe"="C:\Program Files\Steam\SteamApps\common\Pacific Skies\AcePatrol2.exe:*:Enabled:Sid Meier’s Ace Patrol: Pacific Skies"
"C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe"="C:\Program Files\Steam\SteamApps\common\BridgeConstructor\BridgeConstructor.exe:*:Enabled:Bridge Constructor"
"D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe"="D:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe:*:Enabled:RaceRoom Racing Experience "
"C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe"="C:\Program Files\Steam\SteamApps\common\Talisman Prologue\Talisman.exe:*:Enabled:Talisman: Prologue"
"C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe"="C:\Program Files\Steam\SteamApps\common\Ravensword2\Ravensword2.exe:*:Enabled:Ravensword: Shadowlands"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Desktop App"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe"="C:\Program Files\Steam\SteamApps\common\Bridge It Demo\BridgeIt.exe:*:Enabled:Bridge It demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2014-05-01 10:57:16 ----D---- C:\_OTM
2014-04-30 20:18:11 ----D---- C:\AdwCleaner
2014-04-30 14:47:04 ----D---- C:\Program Files\trend micro
2014-04-30 14:46:53 ----D---- C:\rsit
2014-04-28 17:31:56 ----ASH---- C:\hiberfil.sys
2014-04-27 16:58:49 ----D---- C:\WINDOWS\system32\NtmsData
2014-04-27 16:27:32 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-26 12:18:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\Comodo
2014-04-25 17:18:30 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-04-25 17:17:22 ----A---- C:\WINDOWS\avastSS.scr
2014-04-23 18:43:50 ----A---- C:\WINDOWS\system32\drivers\usbfilter.sys
2014-04-23 18:43:49 ----A---- C:\WINDOWS\system32\drivers\amdhub30.sys
2014-04-23 18:43:46 ----A---- C:\WINDOWS\system32\drivers\amdxhc.sys
2014-04-23 18:41:10 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2014-04-23 18:30:41 ----D---- C:\Program Files\ATI Technologies
2014-04-21 20:39:36 ----D---- C:\Program Files\HD Tune
2014-04-20 16:46:45 ----D---- C:\WINDOWS\GBD
2014-04-20 15:14:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\InstallShield
2014-04-19 13:09:48 ----D---- C:\Program Files\LibreOffice 4
2014-04-18 12:39:56 ----D---- C:\Program Files\Jack v1.9.6
2014-04-18 12:39:09 ----D---- C:\Program Files\Hydrogen
2014-04-18 12:15:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\library_dir
2014-04-12 14:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$

======List of files/folders modified in the last 1 month======

2014-05-01 11:07:42 ----D---- C:\WINDOWS\Temp
2014-05-01 11:06:37 ----D---- C:\WINDOWS\Prefetch
2014-05-01 11:01:27 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-01 10:57:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-01 10:57:19 ----D---- C:\WINDOWS\system32
2014-05-01 10:57:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-01 10:57:17 ----SD---- C:\WINDOWS\Tasks
2014-04-30 16:06:44 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-30 14:47:04 ----RD---- C:\Program Files
2014-04-27 16:44:49 ----SHD---- C:\WINDOWS\Installer
2014-04-27 16:38:20 ----D---- C:\WINDOWS
2014-04-27 16:27:45 ----D---- C:\Documents and Settings
2014-04-27 13:22:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-27 13:22:12 ----D---- C:\WINDOWS\system32\drivers
2014-04-27 13:21:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-04-27 13:21:07 ----HD---- C:\WINDOWS\inf
2014-04-27 13:20:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-04-27 13:12:48 ----D---- C:\Program Files\GIGABYTE
2014-04-25 17:17:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-04-23 18:58:33 ----D---- C:\Program Files\Steam
2014-04-23 18:25:43 ----A---- C:\WINDOWS\GSetup.ini
2014-04-23 17:29:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\DAEMON Tools Lite
2014-04-23 17:29:18 ----D---- C:\WINDOWS\Debug
2014-04-22 16:38:26 ----D---- C:\WINDOWS\Microsoft.NET
2014-04-22 16:38:25 ----RSD---- C:\WINDOWS\assembly
2014-04-20 18:04:07 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-20 18:01:09 ----D---- C:\WINDOWS\system32\config
2014-04-20 16:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2014-04-20 16:46:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-04-20 16:23:51 ----A---- C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat
2014-04-20 16:07:00 ----D---- C:\AMD
2014-04-20 16:05:23 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2014-04-20 15:40:38 ----D---- C:\WINDOWS\system32\RTCOM
2014-04-20 15:40:29 ----D---- C:\Program Files\Realtek
2014-04-19 13:10:32 ----RSD---- C:\WINDOWS\Fonts
2014-04-18 12:40:14 ----D---- C:\WINDOWS\WinSxS
2014-04-18 12:37:55 ----D---- C:\Program Files\LMMS
2014-04-12 14:52:46 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-12 14:50:25 ----D---- C:\WINDOWS\system32\MRT
2014-04-12 14:46:42 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-12 14:46:27 ----D---- C:\Program Files\Internet Explorer
2014-04-12 14:46:16 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86;ahcix86; C:\WINDOWS\system32\DRIVERS\ahcix86.sys [2012-07-10 228688]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-25 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-25 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-09-29 66048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-03-01 466008]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2013-04-11 94416]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2012-03-08 19056]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-04-25 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-04-25 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-04-25 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-04-25 57672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-04-25 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-25 67824]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\WINDOWS\system32\DRIVERS\amdhub30.sys [2013-02-26 86624]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\WINDOWS\system32\DRIVERS\amdxhc.sys [2013-02-26 179296]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2013-09-24 6852096]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2013-07-09 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-03-26 242240]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-07-02 43816]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S3 acsint;acsint; C:\WINDOWS\system32\DRIVERS\acsint.sys [2013-01-24 39888]
S3 acsmux;acsmux; C:\WINDOWS\system32\DRIVERS\acsmux.sys [2013-01-24 58320]
S3 afa6lkjk;afa6lkjk; C:\WINDOWS\system32\drivers\afa6lkjk.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AtiDCM;AtiDCM; \??\C:\Documents and Settings\Administrator\Local Settings\Temp\atidcmxx.sys []
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 OSFMount;OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2013-01-24 23976]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2013-09-24 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-25 50344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-01-30 182696]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2013-10-02 17153952]
R2 Texis Monitor;Texis Monitor; D:\SIMULIA\Documentation\monitor.exe [2008-05-05 4493312]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20 257712]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2014-01-10 1074480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-01 136176]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-02-25 568512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#7 Příspěvek od **Rudy** » 01 kvě 2014 10:45

Dvouklikem na soubor C:\Program Files\trend micro\Admin.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1085031214-1659004503-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'tatinek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

jlopaur · #8 Příspěvek od **jlopaur** » 01 kvě 2014 11:05

Provedeno, nemusel jsem tentokrát vypínat avast?
Jinak se mi tam pořád cpe proces System s vytížením 100% jednoho CPU,
a systém je zabržděný.

#9 Příspěvek od **Rudy** » 01 kvě 2014 12:18

Dejte ještě log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

jlopaur · #10 Příspěvek od **jlopaur** » 01 kvě 2014 18:01

comboFix:

ComboFix 14-04-30.01 - Admin 01.05.2014 14:42:44.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2540.1824 [GMT 2:00]
Spuštěný z: c:\documents and settings\tatinek\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
D:\install.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . chybí !!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VPNAGENT
-------\Service_vpnagent
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-01 do 2014-05-01 )))))))))))))))))))))))))))))))
.
.
2014-04-30 18:18 . 2014-04-30 18:27 -------- d-----w- C:\AdwCleaner
2014-04-30 12:47 . 2014-05-01 09:53 -------- d-----w- c:\program files\trend micro
2014-04-30 12:46 . 2014-04-30 12:50 -------- d-----w- C:\rsit
2014-04-27 14:58 . 2014-04-27 14:58 -------- d-----w- c:\windows\system32\NtmsData
2014-04-27 14:27 . 2014-04-30 06:00 -------- d-----w- c:\documents and settings\Administrator
2014-04-26 10:18 . 2014-04-26 10:18 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Comodo
2014-04-25 15:18 . 2014-04-25 15:17 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-25 15:17 . 2014-04-25 15:17 43152 ----a-w- c:\windows\avastSS.scr
2014-04-23 16:43 . 2012-07-02 20:00 43816 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2014-04-23 16:43 . 2013-02-26 14:35 86624 ----a-w- c:\windows\system32\drivers\amdhub30.sys
2014-04-23 16:43 . 2013-02-26 14:35 179296 ----a-w- c:\windows\system32\drivers\amdxhc.sys
2014-04-23 16:41 . 2013-07-09 17:38 96256 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2014-04-23 16:30 . 2014-04-25 15:51 -------- d-----w- c:\program files\ATI Technologies
2014-04-21 18:39 . 2014-04-21 18:39 -------- d-----w- c:\program files\HD Tune
2014-04-20 14:47 . 2014-04-20 14:47 -------- d-----w- c:\documents and settings\Admin\AppData
2014-04-20 14:46 . 2014-04-20 14:47 -------- d-----w- c:\windows\GBD
2014-04-20 14:44 . 2014-04-20 14:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2014-04-20 13:14 . 2014-04-20 13:14 -------- d-----w- c:\documents and settings\Admin\Data aplikací\InstallShield
2014-04-19 11:09 . 2014-04-19 11:11 -------- d-----w- c:\program files\LibreOffice 4
2014-04-19 09:39 . 2014-04-19 09:39 -------- d-----w- c:\documents and settings\tatinek\Local Settings\Data aplikací\Crescent Moon Games LLC
2014-04-18 10:39 . 2014-04-18 10:39 -------- d-----w- c:\program files\Jack v1.9.6
2014-04-18 10:39 . 2014-04-18 10:39 -------- d-----w- c:\program files\Hydrogen
2014-04-18 10:15 . 2014-04-18 10:15 -------- d-----w- c:\documents and settings\Admin\Data aplikací\library_dir
2014-04-18 10:10 . 2014-04-18 10:10 -------- d-----w- c:\documents and settings\tatinek\Data aplikací\library_dir
2014-04-18 10:10 . 2014-04-18 10:10 -------- d-----w- c:\documents and settings\tatinek\Data aplikací\Raptr
2014-04-16 13:07 . 2014-04-16 13:07 -------- d-----w- c:\documents and settings\tatinek\Data aplikací\Talisman Prologue
2014-04-06 19:36 . 2014-04-06 19:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\ClockStone Software GmbH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-25 15:17 . 2013-03-01 17:00 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-25 15:17 . 2013-03-01 17:00 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-25 15:17 . 2013-03-01 17:00 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-25 15:17 . 2013-03-01 17:00 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-04-25 15:17 . 2013-03-01 17:00 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-25 15:17 . 2013-03-01 17:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-25 15:17 . 2013-03-01 17:00 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-04-25 15:17 . 2013-03-01 17:00 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-20 16:04 . 2013-03-02 15:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-20 16:04 . 2013-03-02 15:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-20 14:23 . 2013-03-23 11:27 133 ----a-w- c:\documents and settings\All Users\Data aplikací\LaunchURL.bat
2014-04-18 10:20 . 2013-03-01 16:40 17488 ----a-w- c:\windows\etdrv.sys
2014-04-18 10:17 . 2013-03-01 16:40 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2014-04-16 21:12 . 2013-01-16 18:51 104920 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-04-16 21:12 . 2013-01-16 18:51 607448 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-04-16 21:12 . 2013-01-16 18:51 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-04-16 21:12 . 2013-01-16 18:51 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-04-01 14:45 . 2014-01-16 15:01 94496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2014-03-25 19:22 . 2013-01-24 21:43 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2013-01-24 21:43 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 19:22 . 2013-01-24 21:42 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 19:22 . 2013-01-24 21:42 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-06 17:58 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2008-04-14 06:51 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-23 10:49 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2008-04-14 05:45 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 06:51 563712 ----a-w- c:\windows\system32\qedit.dll
2013-07-25 15:18 . 2013-07-25 15:18 4188160 ----a-w- c:\program files\GUT7B.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-25 15:16 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-25 3873704]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Start GeekBuddy.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Start GeekBuddy.lnk
backup=c:\windows\pss\Start GeekBuddy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-06-19 09:44 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2013-01-24 07:33 701872 ----a-w- c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 15:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Dungeon Siege 1\\DungeonSiege.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Prince of Persia Forgotten Sands\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\uvnc bvba\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\uvnc bvba\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\OhmStudio\\ohm_studio_net_mp_host.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Need for Speed Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Need for Speed Hot Pursuit\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Dungeon Siege III\\Dungeon Siege III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Magic 2014\\DotP_D14.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Civilization IV\\Civilization4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Spore\\SporeBin\\SporeApp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Civilization IV Beyond the Sword\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Civilization IV Warlords\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Civilization IV Warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Railroads\\RailRoads.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Spore\\runme.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Spore\\SporebinEP1\\SporeApp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Ace Patrol\\AcePatrol.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Pacific Skies\\AcePatrol2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\BridgeConstructor\\BridgeConstructor.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\raceroom racing experience\\Game\\RRRE.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Talisman Prologue\\Talisman.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Ravensword2\\Ravensword2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Bridge It Demo\\BridgeIt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [28.2.2013 20:25 228688]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1.3.2013 19:00 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1.3.2013 19:00 180632]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1.3.2013 18:34 19056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.3.2013 19:00 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1.3.2013 19:00 411552]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16.1.2013 20:51 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16.1.2013 20:51 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.1.2013 20:51 29912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [30.1.2014 19:49 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [30.1.2014 19:49 103696]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [25.4.2014 17:18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1.3.2013 19:00 67824]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [24.5.2011 11:33 1840128]
R2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2.10.2013 7:32 17153952]
R2 Texis Monitor;Texis Monitor;d:\simulia\Documentation\monitor.exe [2.3.2013 21:48 4493312]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [23.4.2014 18:43 86624]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [23.4.2014 18:43 179296]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.3.2013 18:42 1714176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [23.4.2014 18:41 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.3.2013 11:36 242240]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [23.4.2014 18:43 43816]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.12.2013 18:38 114960]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.12.2013 18:38 126224]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [14.9.2013 14:32 39888]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [14.9.2013 14:32 58320]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.3.2013 18:11 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\Administrator\Local Settings\Temp\atidcmxx.sys --> c:\documents and settings\Administrator\Local Settings\Temp\atidcmxx.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.1.2013 23:42 1663192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [1.3.2013 18:40 17488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [26.4.2011 14:54 2702848]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1.3.2013 18:40 24944]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [1.3.2013 18:36 160256]
S3 OSFMount;OSFMount;c:\program files\OSFMount\OSFMount.sys [2.3.2013 22:42 346176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 12:38 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:04]
.
2014-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-05-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25 15:16]
.
2014-05-01 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 21:12]
.
2014-05-01 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 21:12]
.
2014-04-01 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-23 23:28]
.
2014-05-01 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-23 23:28]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lvo7xbo1.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-gbrspcontrol - c:\program files\Common Files\COMODO\GeekBuddyRSP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-01 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG rev.CP100-12 -> Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target1Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PaceLicenseDServices]
"ImagePath"="\"c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1628)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1684)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(1584)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\RTHDCPL.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Celkový čas: 2014-05-01 18:55:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-01 16:55
.
Před spuštěním: Volných bajtů: 206 289 809 408
Po spuštění: Volných bajtů: 207 731 011 584
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E1B4CF185F5187B04694A1127C814443
9CD62DE933473FD4E87440529E7FFB14

#11 Příspěvek od **Rudy** » 01 kvě 2014 18:12

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Configurations]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Data]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Options]
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spsutí a vykoná příkazy ze skriptu.

Obrázek

Dále ještě spusťte TDSSKiller:

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte.

jlopaur · #12 Příspěvek od **jlopaur** » 01 kvě 2014 21:43

log z TDSSKiller

22:38:55.0015 0x0780 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
22:39:04.0531 0x0780 ============================================================
22:39:04.0531 0x0780 Current date / time: 2014/05/01 22:39:04.0531
22:39:04.0531 0x0780 SystemInfo:
22:39:04.0531 0x0780
22:39:04.0531 0x0780 OS Version: 5.1.2600 ServicePack: 3.0
22:39:04.0531 0x0780 Product type: Workstation
22:39:04.0531 0x0780 ComputerName: HOME-PC
22:39:04.0531 0x0780 UserName: Admin
22:39:04.0531 0x0780 Windows directory: C:\WINDOWS
22:39:04.0531 0x0780 System windows directory: C:\WINDOWS
22:39:04.0531 0x0780 Processor architecture: Intel x86
22:39:04.0531 0x0780 Number of processors: 4
22:39:04.0531 0x0780 Page size: 0x1000
22:39:04.0531 0x0780 Boot type: Normal boot
22:39:04.0531 0x0780 ============================================================
22:39:04.0656 0x0780 KLMD registered as C:\WINDOWS\system32\drivers\61414614.sys
22:39:04.0718 0x0780 System UUID: {0ED869EB-25CC-2230-0243-173E01FD9C0E}
22:39:05.0093 0x0780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:39:05.0093 0x0780 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:39:05.0093 0x0780 ============================================================
22:39:05.0093 0x0780 \Device\Harddisk0\DR0:
22:39:05.0093 0x0780 MBR partitions:
22:39:05.0093 0x0780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542EA71
22:39:05.0093 0x0780 \Device\Harddisk1\DR1:
22:39:05.0093 0x0780 MBR partitions:
22:39:05.0093 0x0780 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6A35D848
22:39:05.0140 0x0780 ============================================================
22:39:05.0156 0x0780 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:05.0203 0x0780 D: <-> \Device\Harddisk1\DR1\Partition1
22:39:05.0203 0x0780 ============================================================
22:39:05.0203 0x0780 Initialize success
22:39:05.0203 0x0780 ============================================================
22:39:35.0531 0x0b18 ============================================================
22:39:35.0531 0x0b18 Scan started
22:39:35.0531 0x0b18 Mode: Manual; SigCheck; TDLFS;
22:39:35.0531 0x0b18 ============================================================
22:39:35.0531 0x0b18 KSN ping started
22:39:37.0953 0x0b18 KSN ping finished: true
22:39:38.0109 0x0b18 ================ Scan system memory ========================
22:39:38.0109 0x0b18 System memory - ok
22:39:38.0109 0x0b18 ================ Scan services =============================
22:39:38.0203 0x0b18 Abiosdsk - ok
22:39:38.0203 0x0b18 abp480n5 - ok
22:39:38.0296 0x0b18 [ 769DB4F484957CC98153B3C1B5D1162F, 8F83E208DBF0F51AE635736D72B554BEF10926D8DAAF537981F0F4B92562C68B ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:39:38.0421 0x0b18 ACDaemon - ok
22:39:38.0515 0x0b18 [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:39:38.0703 0x0b18 ACPI - ok
22:39:38.0718 0x0b18 [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:39:38.0812 0x0b18 ACPIEC - ok
22:39:38.0828 0x0b18 [ D2523D28674B03976AFC1AB6EF712F27, 2E7619535A54B4CC296BD67A678A31A6E2AADEE6848957F1467AA3EE2D129F00 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
22:39:38.0843 0x0b18 acsint - ok
22:39:38.0859 0x0b18 [ 9A7D29DAE24A01DCD33D8F563559B3AB, 0EB90904B708F89D9641044B62D2A6635282EB1463C60143FA3E27AC180B2CB6 ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
22:39:38.0875 0x0b18 acsmux - ok
22:39:38.0937 0x0b18 [ C2CE3311D2477B1B24CFB67020AD49B6, 5F800CDD69BA4E8813876BE82FC9FED3F2584DB8C8ADED345F7B5C2A32F809AE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:38.0968 0x0b18 AdobeFlashPlayerUpdateSvc - ok
22:39:38.0968 0x0b18 adpu160m - ok
22:39:39.0015 0x0b18 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:39:39.0078 0x0b18 aec - ok
22:39:39.0093 0x0b18 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc C:\WINDOWS\system32\drivers\Afc.sys
22:39:39.0109 0x0b18 Afc - ok
22:39:39.0156 0x0b18 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:39:39.0203 0x0b18 AFD - ok
22:39:39.0203 0x0b18 Aha154x - ok
22:39:39.0218 0x0b18 [ D298CA68D92C8560746E037E260DCBA7, CD7A8150053C666398C7B15F1FACC808CEF6D7686FFF9F178AEBFDA96A64C480 ] ahcix86 C:\WINDOWS\system32\DRIVERS\ahcix86.sys
22:39:39.0234 0x0b18 ahcix86 - ok
22:39:39.0234 0x0b18 aic78u2 - ok
22:39:39.0234 0x0b18 aic78xx - ok
22:39:39.0265 0x0b18 [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:39:39.0359 0x0b18 Alerter - ok
22:39:39.0375 0x0b18 [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
22:39:39.0421 0x0b18 ALG - ok
22:39:39.0421 0x0b18 AliIde - ok
22:39:39.0500 0x0b18 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:39:39.0578 0x0b18 Ambfilt - ok
22:39:39.0609 0x0b18 [ 339135D55F7FEB8AF829D78B5ECB488B, 691B1D30E74993C9FEAE057E67A84DDB9026964D76D4A898C501BE1C5FD96616 ] amdhub30 C:\WINDOWS\system32\DRIVERS\amdhub30.sys
22:39:39.0625 0x0b18 amdhub30 - ok
22:39:39.0656 0x0b18 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:39:39.0671 0x0b18 AmdPPM - ok
22:39:39.0687 0x0b18 [ E6E6F76647EB1E728239BFEF9AF3EB47, BC675D58752DCD7476CD880BEC44316F5384F6196278950AD8F88D7333BE855F ] amdxhc C:\WINDOWS\system32\DRIVERS\amdxhc.sys
22:39:39.0703 0x0b18 amdxhc - ok
22:39:39.0703 0x0b18 amsint - ok
22:39:39.0734 0x0b18 [ 205958759F914EE79A9BBDD539587FE4, DFCACB3CD71F6B98C0780FA69672606254F0427F17EE92EDFD8B220141488C09 ] AppleCharger C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
22:39:39.0734 0x0b18 AppleCharger - ok
22:39:39.0765 0x0b18 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\WINDOWS\system32\AppleChargerSrv.exe
22:39:39.0765 0x0b18 AppleChargerSrv - ok
22:39:39.0781 0x0b18 AppMgmt - ok
22:39:39.0875 0x0b18 [ 8E2257584B2C52D44B4CB1949947D885, 968B83A759DE6D6466C408126658B2FF0933D247D370C7B6AC867AE55FBB0387 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
22:39:39.0953 0x0b18 AR9271 - ok
22:39:39.0968 0x0b18 asc - ok
22:39:39.0968 0x0b18 asc3350p - ok
22:39:39.0968 0x0b18 asc3550 - ok
22:39:40.0078 0x0b18 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:39:40.0093 0x0b18 aspnet_state - ok
22:39:40.0140 0x0b18 [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
22:39:40.0140 0x0b18 aswHwid - ok
22:39:40.0171 0x0b18 [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:39:40.0187 0x0b18 aswMonFlt - ok
22:39:40.0234 0x0b18 [ 46B3ABE51856A9F5B2ABBA0221F4C360, EAAE03D497BA03EAE5EC0D29ADD7FBCED7E744B45071A9CA706D3B78F24D2868 ] AswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
22:39:40.0250 0x0b18 AswRdr - ok
22:39:40.0250 0x0b18 [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
22:39:40.0265 0x0b18 aswRvrt - ok
22:39:40.0296 0x0b18 [ A148A36F871BFDBF80654D28D6B59FAE, BA7B127D2B64EF969D0C040589CB740E068DF7CE8B964B3CABB7511BCD389DC5 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:39:40.0328 0x0b18 aswSnx - ok
22:39:40.0359 0x0b18 [ EBD3B15E2E01EE94BA5262FAFC691A8E, F58A08B5467FCF527DC97E000496284584DFF890AAC3E19BC650FF160DD2EA79 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:39:40.0375 0x0b18 aswSP - ok
22:39:40.0406 0x0b18 [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:39:40.0421 0x0b18 aswTdi - ok
22:39:40.0421 0x0b18 [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
22:39:40.0453 0x0b18 aswVmm - ok
22:39:40.0468 0x0b18 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:39:40.0562 0x0b18 AsyncMac - ok
22:39:40.0578 0x0b18 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:39:40.0656 0x0b18 atapi - ok
22:39:40.0656 0x0b18 Atdisk - ok
22:39:40.0750 0x0b18 [ E93C15D8A2A94A697954CD21578821D7, B28F076ECF5B9CFCCAFA1297ADAC071AECEEC26C08CF20921348043BDFF7372D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:39:40.0796 0x0b18 Ati HotKey Poller - ok
22:39:41.0046 0x0b18 [ 7265BA6CC92627143939F96E2331D9E9, 7FA47222BF52A2FB629ABF8D33DB05E83561C87992C18DDBBBD422908ADD0A69 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:39:41.0296 0x0b18 ati2mtag - ok
22:39:41.0406 0x0b18 AtiDCM - ok
22:39:41.0437 0x0b18 [ EB3C656C5269090B8D70E90DA303AACA, 79F2A9805F4003FB65A3AB1FD0452A1865E400D4FCA33BEC1DEE69EDA1243D7A ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
22:39:41.0468 0x0b18 AtiHDAudioService - ok
22:39:41.0484 0x0b18 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:39:41.0578 0x0b18 Atmarpc - ok
22:39:41.0593 0x0b18 [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:39:41.0687 0x0b18 AudioSrv - ok
22:39:41.0718 0x0b18 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:39:41.0781 0x0b18 audstub - ok
22:39:41.0875 0x0b18 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:39:41.0890 0x0b18 avast! Antivirus - ok
22:39:41.0937 0x0b18 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:39:42.0000 0x0b18 Beep - ok
22:39:42.0046 0x0b18 [ ACC9C8C560C567FAD6F79C977AB2EA09, 24FF3254680E46B5F3822D26E9AA5020B4B9809AC7B4FF32D95B7D4EAD808AD5 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
22:39:42.0062 0x0b18 bgsvcgen - ok
22:39:42.0109 0x0b18 [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\system32\qmgr.dll
22:39:42.0218 0x0b18 BITS - ok
22:39:42.0250 0x0b18 [ 89E739BBA5F636297EA5B5F811189E06, 151B32B12F5DD0D388134DA2471FE9741CF22B9C408DA58FEF8019D3C4EC836B ] Browser C:\WINDOWS\System32\browser.dll
22:39:42.0296 0x0b18 Browser - ok
22:39:42.0296 0x0b18 catchme - ok
22:39:42.0312 0x0b18 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:39:42.0390 0x0b18 cbidf2k - ok
22:39:42.0421 0x0b18 [ 359E5A91D26D0439933BEF1C29CEDEF7, 648563646BA023C7C0CB2A707062E5B93DC4C81D904726D5002FB316C8623D66 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
22:39:42.0437 0x0b18 CCALib8 - detected UnsignedFile.Multi.Generic ( 1 )
22:39:44.0796 0x0b18 Detect skipped due to KSN trusted
22:39:44.0796 0x0b18 CCALib8 - ok
22:39:44.0796 0x0b18 cd20xrnt - ok
22:39:44.0812 0x0b18 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:39:44.0875 0x0b18 Cdaudio - ok
22:39:44.0921 0x0b18 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:39:44.0984 0x0b18 Cdfs - ok
22:39:45.0031 0x0b18 [ E0042BD5BEF17A6A3EF1DF576BDE24D1, 7C9C3351943527FC605D1D2C3FD31CA2F48318F57BBFA42E979CAF9B4DAF8C02 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
22:39:45.0031 0x0b18 cdrbsdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:39:47.0406 0x0b18 Detect skipped due to KSN trusted
22:39:47.0406 0x0b18 cdrbsdrv - ok
22:39:47.0406 0x0b18 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:39:47.0484 0x0b18 Cdrom - ok
22:39:47.0484 0x0b18 Changer - ok
22:39:47.0484 0x0b18 [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:39:47.0562 0x0b18 CiSvc - ok
22:39:47.0578 0x0b18 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:39:47.0656 0x0b18 ClipSrv - ok
22:39:47.0781 0x0b18 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:47.0796 0x0b18 clr_optimization_v2.0.50727_32 - ok
22:39:47.0812 0x0b18 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:47.0828 0x0b18 clr_optimization_v4.0.30319_32 - ok
22:39:48.0046 0x0b18 [ DFACF6F69457E3EE2CE81EDCB4693674, E04CA54BCF6C75C6382423A5BC965744E76EB67E6448C1094AD4C4DBE02670DB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:39:48.0265 0x0b18 cmdAgent - ok
22:39:48.0296 0x0b18 [ 5C634AABDD28F349C6457BEEE84D4D7B, 2227EC6C47CCD7B82744AB4976D065887967710E7E37CB5567916702BF7FA008 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
22:39:48.0312 0x0b18 cmderd - ok
22:39:48.0343 0x0b18 [ 16F731584ECBA307EB4AD9C4D8507B27, D309691DDE199137367FAD32F730CFD21A498E7498E91BCAAB772F5472A06F14 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
22:39:48.0375 0x0b18 cmdGuard - ok
22:39:48.0390 0x0b18 [ 1FAAF13D85A36D448238F53C42FE7A67, 09B23F591291C53616EF28E8D4842707AB9E445BA3D2D74BEAC98C7C2AF2D430 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
22:39:48.0406 0x0b18 cmdHlp - ok
22:39:48.0406 0x0b18 CmdIde - ok
22:39:48.0515 0x0b18 [ A665EF912EEFD99EA557C6AB35CA1021, D8B53E70DF25E036F02D3707CF18ED2980F42A99D655230A9F7804E5F5D4BAB4 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
22:39:48.0578 0x0b18 cmdvirth - ok
22:39:48.0593 0x0b18 COMSysApp - ok
22:39:48.0593 0x0b18 Cpqarray - ok
22:39:48.0640 0x0b18 [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:39:48.0734 0x0b18 CryptSvc - ok
22:39:48.0734 0x0b18 dac2w2k - ok
22:39:48.0734 0x0b18 dac960nt - ok
22:39:48.0781 0x0b18 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:39:48.0796 0x0b18 DcomLaunch - ok
22:39:48.0828 0x0b18 [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:39:48.0921 0x0b18 Dhcp - ok
22:39:48.0921 0x0b18 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:39:49.0015 0x0b18 Disk - ok
22:39:49.0015 0x0b18 dmadmin - ok
22:39:49.0046 0x0b18 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:39:49.0140 0x0b18 dmboot - ok
22:39:49.0171 0x0b18 [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:39:49.0250 0x0b18 dmio - ok
22:39:49.0281 0x0b18 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:39:49.0359 0x0b18 dmload - ok
22:39:49.0359 0x0b18 [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:39:49.0437 0x0b18 dmserver - ok
22:39:49.0468 0x0b18 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:39:49.0531 0x0b18 DMusic - ok
22:39:49.0562 0x0b18 [ DFAA406BF19F4EE806A6F8D4342137F7, EE2C11B3E37565FC009E323607B2F5F148F9219012EDF848CEFC1B273DAA98A9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:39:49.0578 0x0b18 Dnscache - ok
22:39:49.0593 0x0b18 [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:39:49.0671 0x0b18 Dot3svc - ok
22:39:49.0671 0x0b18 dpti2o - ok
22:39:49.0671 0x0b18 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:39:49.0750 0x0b18 drmkaud - ok
22:39:49.0796 0x0b18 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
22:39:49.0812 0x0b18 dtsoftbus01 - ok
22:39:49.0843 0x0b18 [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:39:49.0921 0x0b18 EapHost - ok
22:39:49.0953 0x0b18 [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:39:50.0015 0x0b18 ERSvc - ok
22:39:50.0062 0x0b18 [ 3AF0AE042AFE486B22644CD3FBEBF2E2, 755A18C1507D0C3F3BF1B0CFAB96BB7D1C3D9D6F862F94B3069D00FC6B92A8AA ] etdrv C:\WINDOWS\etdrv.sys
22:39:50.0062 0x0b18 etdrv - ok
22:39:50.0109 0x0b18 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
22:39:50.0125 0x0b18 Eventlog - ok
22:39:50.0171 0x0b18 [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\system32\es.dll
22:39:50.0187 0x0b18 EventSystem - ok
22:39:50.0234 0x0b18 Fabs - ok
22:39:50.0250 0x0b18 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:39:50.0328 0x0b18 Fastfat - ok
22:39:50.0375 0x0b18 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:39:50.0390 0x0b18 FastUserSwitchingCompatibility - ok
22:39:50.0406 0x0b18 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:39:50.0484 0x0b18 Fdc - ok
22:39:50.0500 0x0b18 [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:39:50.0578 0x0b18 Fips - ok
22:39:50.0671 0x0b18 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:39:50.0812 0x0b18 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
22:39:53.0187 0x0b18 Detect skipped due to KSN trusted
22:39:53.0187 0x0b18 FirebirdServerMAGIXInstance - ok
22:39:53.0281 0x0b18 [ ACAEC7A7A641C40747DB76CDADCD9626, 0BAC4F22000E34F0DF8C5B3D4647ADE7CB46FA8DBA38E3D6129D826CF60812C9 ] FlexNet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
22:39:53.0328 0x0b18 FlexNet Licensing Service - ok
22:39:53.0328 0x0b18 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:39:53.0437 0x0b18 Flpydisk - ok
22:39:53.0468 0x0b18 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:39:53.0562 0x0b18 FltMgr - ok
22:39:53.0625 0x0b18 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:39:53.0625 0x0b18 FontCache3.0.0.0 - ok
22:39:53.0671 0x0b18 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:39:53.0734 0x0b18 Fs_Rec - ok
22:39:53.0750 0x0b18 [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:39:53.0828 0x0b18 Ftdisk - ok
22:39:53.0828 0x0b18 gdrv - ok
22:39:53.0859 0x0b18 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:39:53.0953 0x0b18 Gpc - ok
22:39:54.0031 0x0b18 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:39:54.0046 0x0b18 gupdate - ok
22:39:54.0046 0x0b18 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:39:54.0062 0x0b18 gupdatem - ok
22:39:54.0093 0x0b18 [ 689A8EEF2A2D62B28A0A578A6196531C, 76732A6D009D498D3D8AE687D8E0FB472C9A660494C86AD6242CA606AE76671F ] GVTDrv C:\WINDOWS\system32\Drivers\GVTDrv.sys
22:39:54.0109 0x0b18 GVTDrv - ok
22:39:54.0140 0x0b18 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:39:54.0218 0x0b18 HDAudBus - ok
22:39:54.0265 0x0b18 [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:39:54.0359 0x0b18 helpsvc - ok
22:39:54.0375 0x0b18 [ 00E25EE90166B3E1BE6E74AEBF858306, 92C2F020EF14DE3B4F09E2C5DFF3D2F35D8C50F6D0188F9CEEFE3B6075602EFE ] HidServ C:\WINDOWS\System32\hidserv.dll
22:39:54.0453 0x0b18 HidServ - ok
22:39:54.0453 0x0b18 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:39:54.0531 0x0b18 hidusb - ok
22:39:54.0546 0x0b18 [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:39:54.0625 0x0b18 hkmsvc - ok
22:39:54.0625 0x0b18 hpn - ok
22:39:54.0671 0x0b18 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:39:54.0703 0x0b18 HTTP - ok
22:39:54.0734 0x0b18 [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:39:54.0812 0x0b18 HTTPFilter - ok
22:39:54.0812 0x0b18 i2omgmt - ok
22:39:54.0812 0x0b18 i2omp - ok
22:39:54.0875 0x0b18 [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
22:39:54.0906 0x0b18 ICCS - detected UnsignedFile.Multi.Generic ( 1 )
22:39:57.0281 0x0b18 Detect skipped due to KSN trusted
22:39:57.0281 0x0b18 ICCS - ok
22:39:57.0343 0x0b18 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:39:57.0375 0x0b18 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
22:39:59.0968 0x0b18 Detect skipped due to KSN trusted
22:39:59.0968 0x0b18 IDriverT - ok
22:40:00.0093 0x0b18 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:00.0140 0x0b18 idsvc - ok
22:40:00.0171 0x0b18 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:40:00.0250 0x0b18 Imapi - ok
22:40:00.0281 0x0b18 [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:40:00.0375 0x0b18 ImapiService - ok
22:40:00.0375 0x0b18 ini910u - ok
22:40:00.0421 0x0b18 [ F84E7F907434450B00E753D44AEC8EAA, A4C0C5230471B3D3FF4AA4B76A8E5F3986DD8FB8C2A2E180CDF216216FC8B10A ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
22:40:00.0437 0x0b18 Inspect - ok
22:40:00.0687 0x0b18 [ 063DD51CBDC37B8668E09148E0A118BC, 5FBBD6C067B4614DF99562B3A46EEBD08588CA71D640BBA0BB9A1DAB6CA34D07 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:40:00.0890 0x0b18 IntcAzAudAddService - ok
22:40:00.0906 0x0b18 IntelIde - ok
22:40:00.0921 0x0b18 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:40:00.0984 0x0b18 Ip6Fw - ok
22:40:01.0015 0x0b18 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:40:01.0093 0x0b18 IpFilterDriver - ok
22:40:01.0109 0x0b18 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:40:01.0171 0x0b18 IpInIp - ok
22:40:01.0171 0x0b18 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:40:01.0265 0x0b18 IpNat - ok
22:40:01.0265 0x0b18 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:40:01.0328 0x0b18 IPSec - ok
22:40:01.0359 0x0b18 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:40:01.0390 0x0b18 IRENUM - ok
22:40:01.0406 0x0b18 [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:40:01.0468 0x0b18 isapnp - ok
22:40:01.0531 0x0b18 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:40:01.0562 0x0b18 JavaQuickStarterService - ok
22:40:01.0593 0x0b18 [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:40:01.0656 0x0b18 Kbdclass - ok
22:40:01.0671 0x0b18 [ 86C8F23616C6C6E5B2776901C17B945B, 211B63FC405A2DDB126D204D61E779D66C7211882CC0374521926C633E180B91 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:40:01.0734 0x0b18 kbdhid - ok
22:40:01.0765 0x0b18 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:40:01.0828 0x0b18 kmixer - ok
22:40:01.0859 0x0b18 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:40:01.0890 0x0b18 KSecDD - ok
22:40:01.0921 0x0b18 [ 3428E8F86F8ADD36B42FB23542C7B3E4, 9CF643D1A70AF08407ACD5FD6FE4B8777521DDF41B5E63C2E6E1E4CAAC69A403 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:40:01.0937 0x0b18 LanmanServer - ok
22:40:01.0984 0x0b18 [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:40:02.0000 0x0b18 lanmanworkstation - ok
22:40:02.0000 0x0b18 lbrtfdc - ok
22:40:02.0046 0x0b18 [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:40:02.0140 0x0b18 LmHosts - ok
22:40:02.0156 0x0b18 [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:40:02.0234 0x0b18 Messenger - ok
22:40:02.0265 0x0b18 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:40:02.0328 0x0b18 mnmdd - ok
22:40:02.0343 0x0b18 [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:40:02.0421 0x0b18 mnmsrvc - ok
22:40:02.0437 0x0b18 [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:40:02.0500 0x0b18 Modem - ok
22:40:02.0578 0x0b18 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:40:02.0640 0x0b18 Monfilt - ok
22:40:02.0671 0x0b18 [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:40:02.0734 0x0b18 Mouclass - ok
22:40:02.0750 0x0b18 [ BB269EBA740737AB749B214D568B6812, ABF41D9B521EBBE674E76981CAD31F8FD05976DE7070266C3956FDB67C83C4C2 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:40:02.0812 0x0b18 mouhid - ok
22:40:02.0812 0x0b18 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:40:02.0890 0x0b18 MountMgr - ok
22:40:02.0937 0x0b18 [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:40:02.0953 0x0b18 MozillaMaintenance - ok
22:40:02.0953 0x0b18 mraid35x - ok
22:40:02.0968 0x0b18 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:40:03.0031 0x0b18 MRxDAV - ok
22:40:03.0093 0x0b18 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:40:03.0125 0x0b18 MRxSmb - ok
22:40:03.0156 0x0b18 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:40:03.0218 0x0b18 MSDTC - ok
22:40:03.0234 0x0b18 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:40:03.0296 0x0b18 Msfs - ok
22:40:03.0296 0x0b18 MSIServer - ok
22:40:03.0328 0x0b18 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:40:03.0406 0x0b18 MSKSSRV - ok
22:40:03.0437 0x0b18 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:40:03.0500 0x0b18 MSPCLOCK - ok
22:40:03.0531 0x0b18 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:40:03.0609 0x0b18 MSPQM - ok
22:40:03.0609 0x0b18 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:40:03.0687 0x0b18 mssmbios - ok
22:40:03.0718 0x0b18 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:40:03.0734 0x0b18 Mup - ok
22:40:03.0781 0x0b18 [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
22:40:03.0859 0x0b18 napagent - ok
22:40:03.0875 0x0b18 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:40:03.0953 0x0b18 NDIS - ok
22:40:03.0984 0x0b18 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:40:04.0000 0x0b18 NdisTapi - ok
22:40:04.0015 0x0b18 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:40:04.0093 0x0b18 Ndisuio - ok
22:40:04.0109 0x0b18 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:40:04.0171 0x0b18 NdisWan - ok
22:40:04.0187 0x0b18 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:40:04.0203 0x0b18 NDProxy - ok
22:40:04.0203 0x0b18 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:40:04.0281 0x0b18 NetBIOS - ok
22:40:04.0312 0x0b18 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:40:04.0375 0x0b18 NetBT - ok
22:40:04.0406 0x0b18 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
22:40:04.0468 0x0b18 NetDDE - ok
22:40:04.0468 0x0b18 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:40:04.0546 0x0b18 NetDDEdsdm - ok
22:40:04.0578 0x0b18 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:40:04.0656 0x0b18 Netlogon - ok
22:40:04.0687 0x0b18 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
22:40:04.0765 0x0b18 Netman - ok
22:40:04.0796 0x0b18 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:04.0812 0x0b18 NetTcpPortSharing - ok
22:40:04.0843 0x0b18 [ 39EE7C3BFBC64BA87CC8CF67386E814C, B93CCB625CE370D9A49C9374D24C939D7C9FEF81401F4F822C51E12677D77E01 ] Nla C:\WINDOWS\System32\mswsock.dll
22:40:04.0859 0x0b18 Nla - ok
22:40:04.0859 0x0b18 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:40:04.0937 0x0b18 Npfs - ok
22:40:04.0953 0x0b18 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:40:05.0031 0x0b18 Ntfs - ok
22:40:05.0046 0x0b18 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:40:05.0109 0x0b18 NtLmSsp - ok
22:40:05.0140 0x0b18 [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:40:05.0218 0x0b18 NtmsSvc - ok
22:40:05.0265 0x0b18 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:40:05.0328 0x0b18 Null - ok
22:40:05.0328 0x0b18 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:40:05.0406 0x0b18 NwlnkFlt - ok
22:40:05.0406 0x0b18 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:40:05.0484 0x0b18 NwlnkFwd - ok
22:40:05.0531 0x0b18 [ 655D07684C14A3A1C7A0F3FCCB6A60E3, 36020CDD6F4707F51DCEDAE0DF1038ED7F16C03ED00D1D67CD74BA6B38BE3D86 ] OSFMount C:\Program Files\OSFMount\OSFMount.sys
22:40:05.0546 0x0b18 OSFMount - ok
22:40:06.0171 0x0b18 [ 7D544127B5DF13D72CF2F6C9F08304F2, 26FE1B694A9BE718BB9D8281B421B718DDFD146A8A4021F35F88BC926F092818 ] PaceLicenseDServices C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
22:40:07.0046 0x0b18 PaceLicenseDServices - ok
22:40:07.0109 0x0b18 [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:40:07.0203 0x0b18 Parport - ok
22:40:07.0218 0x0b18 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:40:07.0281 0x0b18 PartMgr - ok
22:40:07.0328 0x0b18 [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:40:07.0406 0x0b18 ParVdm - ok
22:40:07.0437 0x0b18 [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:40:07.0515 0x0b18 PCI - ok
22:40:07.0515 0x0b18 PCIDump - ok
22:40:07.0515 0x0b18 PCIIde - ok
22:40:07.0546 0x0b18 [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:40:07.0609 0x0b18 Pcmcia - ok
22:40:07.0625 0x0b18 PDCOMP - ok
22:40:07.0625 0x0b18 PDFRAME - ok
22:40:07.0625 0x0b18 PDRELI - ok
22:40:07.0625 0x0b18 PDRFRAME - ok
22:40:07.0625 0x0b18 perc2 - ok
22:40:07.0640 0x0b18 perc2hib - ok
22:40:07.0671 0x0b18 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
22:40:07.0687 0x0b18 PlugPlay - ok
22:40:07.0687 0x0b18 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:40:07.0750 0x0b18 PolicyAgent - ok
22:40:07.0796 0x0b18 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:40:07.0859 0x0b18 PptpMiniport - ok
22:40:07.0875 0x0b18 [ 7EB15DCE4EC3A0220BD796A15C18186E, E06C572F3FE4F3377D8AF74E8EF15478E71B4C61F944E48E8C35534BEF086110 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:40:07.0937 0x0b18 Processor - ok
22:40:07.0937 0x0b18 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:40:08.0015 0x0b18 ProtectedStorage - ok
22:40:08.0015 0x0b18 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:40:08.0093 0x0b18 PSched - ok
22:40:08.0125 0x0b18 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:40:08.0187 0x0b18 Ptilink - ok
22:40:08.0187 0x0b18 ql1080 - ok
22:40:08.0203 0x0b18 Ql10wnt - ok
22:40:08.0203 0x0b18 ql12160 - ok
22:40:08.0203 0x0b18 ql1240 - ok
22:40:08.0203 0x0b18 ql1280 - ok
22:40:08.0234 0x0b18 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:40:08.0296 0x0b18 RasAcd - ok
22:40:08.0328 0x0b18 [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:40:08.0390 0x0b18 RasAuto - ok
22:40:08.0421 0x0b18 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:40:08.0484 0x0b18 Rasl2tp - ok
22:40:08.0500 0x0b18 [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:40:08.0578 0x0b18 RasMan - ok
22:40:08.0578 0x0b18 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:40:08.0656 0x0b18 RasPppoe - ok
22:40:08.0656 0x0b18 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:40:08.0718 0x0b18 Raspti - ok
22:40:08.0734 0x0b18 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:40:08.0828 0x0b18 Rdbss - ok
22:40:08.0828 0x0b18 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:40:08.0890 0x0b18 RDPCDD - ok
22:40:08.0921 0x0b18 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:40:08.0937 0x0b18 RDPWD - ok
22:40:08.0984 0x0b18 [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:40:09.0062 0x0b18 RDSessMgr - ok
22:40:09.0078 0x0b18 [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:40:09.0140 0x0b18 redbook - ok
22:40:09.0171 0x0b18 [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:40:09.0234 0x0b18 RemoteAccess - ok
22:40:09.0265 0x0b18 [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:40:09.0328 0x0b18 RpcLocator - ok
22:40:09.0375 0x0b18 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:40:09.0406 0x0b18 RpcSs - ok
22:40:09.0421 0x0b18 [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:40:09.0500 0x0b18 RSVP - ok
22:40:09.0546 0x0b18 [ 71439E5BF872A91DB450641BE445F51C, 7157CBC9D45CAB0070CEA5F67489E4F9B7360761A8BBA15E5F1E4489E75AFEAE ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:40:09.0562 0x0b18 RTLE8023xp - ok
22:40:09.0578 0x0b18 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
22:40:09.0640 0x0b18 SamSs - ok
22:40:09.0671 0x0b18 [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:40:09.0734 0x0b18 SCardSvr - ok
22:40:09.0765 0x0b18 [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:40:09.0828 0x0b18 Schedule - ok
22:40:09.0875 0x0b18 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:40:09.0906 0x0b18 Secdrv - ok
22:40:09.0921 0x0b18 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:40:10.0015 0x0b18 seclogon - ok
22:40:10.0015 0x0b18 [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
22:40:10.0093 0x0b18 SENS - ok
22:40:10.0093 0x0b18 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:40:10.0156 0x0b18 serenum - ok
22:40:10.0171 0x0b18 [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:40:10.0234 0x0b18 Serial - ok
22:40:10.0281 0x0b18 [ 4C0D673281178CB496011A2E28571FC8, 14CFB50F3EA987C4485475B2E5EC85C137949911495245F29FE64723C909C9E8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
22:40:10.0296 0x0b18 sfdrv01 - detected UnsignedFile.Multi.Generic ( 1 )
22:40:12.0656 0x0b18 Detect skipped due to KSN trusted
22:40:12.0656 0x0b18 sfdrv01 - ok
22:40:12.0656 0x0b18 [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
22:40:12.0671 0x0b18 sfhlp02 - detected UnsignedFile.Multi.Generic ( 1 )
22:40:15.0062 0x0b18 Detect skipped due to KSN trusted
22:40:15.0062 0x0b18 sfhlp02 - ok
22:40:15.0093 0x0b18 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:40:15.0156 0x0b18 Sfloppy - ok
22:40:15.0156 0x0b18 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF, 32888536C6E632DF78EC09A4CFB990B08ED75DB049DDF2612F548CC8FEB8D503 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
22:40:15.0156 0x0b18 sfsync02 - detected UnsignedFile.Multi.Generic ( 1 )
22:40:17.0546 0x0b18 Detect skipped due to KSN trusted
22:40:17.0546 0x0b18 sfsync02 - ok
22:40:17.0562 0x0b18 [ 9EF50060CC7E6953BAB83F2A42CCC421, DBE1FE12A50E08399275595196D96BAD21E0202BB4C6B276A38A8DA49F2D21A8 ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
22:40:17.0578 0x0b18 sfvfs02 - detected UnsignedFile.Multi.Generic ( 1 )
22:40:19.0968 0x0b18 Detect skipped due to KSN trusted
22:40:19.0968 0x0b18 sfvfs02 - ok
22:40:20.0062 0x0b18 [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:40:20.0140 0x0b18 SharedAccess - ok
22:40:20.0171 0x0b18 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:40:20.0187 0x0b18 ShellHWDetection - ok
22:40:20.0203 0x0b18 Simbad - ok
22:40:20.0203 0x0b18 Sparrow - ok
22:40:20.0234 0x0b18 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:40:20.0312 0x0b18 splitter - ok
22:40:20.0343 0x0b18 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:40:20.0359 0x0b18 Spooler - ok
22:40:20.0421 0x0b18 [ 68103A2B441BBF3908EBB587F0704D6C, 0EE921D3D3D88AD0380923429E82B58078F53D7A9D53458AA33FEDF376EF1212 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
22:40:20.0453 0x0b18 sptd - ok
22:40:20.0453 0x0b18 [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:40:20.0500 0x0b18 sr - ok
22:40:20.0500 0x0b18 [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\system32\srsvc.dll
22:40:20.0546 0x0b18 srservice - ok
22:40:20.0562 0x0b18 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:40:20.0593 0x0b18 Srv - ok
22:40:20.0625 0x0b18 [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:40:20.0671 0x0b18 SSDPSRV - ok
22:40:20.0734 0x0b18 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
22:40:20.0765 0x0b18 Steam Client Service - ok
22:40:20.0828 0x0b18 [ 06CDA2A5A549BC455D004461E6BC5B33, 9731AEBB98B40F610113BE1989F85CE5805D9C3840A0E22B1F30883A6349CFED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:40:20.0890 0x0b18 StillCam - ok
22:40:20.0937 0x0b18 [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:40:21.0015 0x0b18 stisvc - ok
22:40:21.0031 0x0b18 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:40:21.0109 0x0b18 swenum - ok
22:40:21.0125 0x0b18 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:40:21.0187 0x0b18 swmidi - ok
22:40:21.0187 0x0b18 SwPrv - ok
22:40:21.0187 0x0b18 symc810 - ok
22:40:21.0203 0x0b18 symc8xx - ok
22:40:21.0203 0x0b18 sym_hi - ok
22:40:21.0203 0x0b18 sym_u3 - ok
22:40:21.0203 0x0b18 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:40:21.0281 0x0b18 sysaudio - ok
22:40:21.0312 0x0b18 [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:40:21.0375 0x0b18 SysmonLog - ok
22:40:21.0406 0x0b18 [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:40:21.0500 0x0b18 TapiSrv - ok
22:40:21.0546 0x0b18 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:40:21.0578 0x0b18 Tcpip - ok
22:40:21.0609 0x0b18 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:40:21.0687 0x0b18 TDPIPE - ok
22:40:21.0703 0x0b18 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:40:21.0765 0x0b18 TDTCP - ok
22:40:21.0781 0x0b18 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:40:21.0843 0x0b18 TermDD - ok
22:40:21.0875 0x0b18 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
22:40:21.0953 0x0b18 TermService - ok
22:40:22.0093 0x0b18 [ 407DB52B50C8C8154FF114DCEC1FB73C, 2C9C3B9E16ADDB0A03D0FDE96C680980F7D2BFFF9DFCAC36C5977087436DF5F7 ] Texis Monitor D:\SIMULIA\Documentation\monitor.exe
22:40:22.0250 0x0b18 Texis Monitor - detected UnsignedFile.Multi.Generic ( 1 )
22:40:24.0703 0x0b18 Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
22:40:24.0703 0x0b18 Force sending object to P2P due to detect: D:\SIMULIA\Documentation\monitor.exe
22:40:27.0218 0x0b18 Object send P2P result: true
22:40:29.0671 0x0b18 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] Themes C:\WINDOWS\System32\shsvcs.dll
22:40:29.0687 0x0b18 Themes - ok
22:40:29.0703 0x0b18 TosIde - ok
22:40:29.0734 0x0b18 [ 83796F9A08509482FB05A40D0816FFF8, C68A7512A4315238928248E3EBA2959B630EA57B6C7DC0DF107E9A1A5FF82D41 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
22:40:29.0750 0x0b18 TPkd - ok
22:40:29.0796 0x0b18 [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:40:29.0859 0x0b18 TrkWks - ok
22:40:29.0890 0x0b18 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:40:29.0968 0x0b18 Udfs - ok
22:40:29.0968 0x0b18 ultra - ok
22:40:30.0015 0x0b18 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:40:30.0109 0x0b18 Update - ok
22:40:30.0125 0x0b18 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:40:30.0187 0x0b18 upnphost - ok
22:40:30.0187 0x0b18 [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
22:40:30.0250 0x0b18 UPS - ok
22:40:30.0296 0x0b18 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:40:30.0312 0x0b18 usbaudio - ok
22:40:30.0343 0x0b18 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:40:30.0390 0x0b18 usbccgp - ok
22:40:30.0406 0x0b18 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:40:30.0421 0x0b18 usbehci - ok
22:40:30.0453 0x0b18 [ E7BC50AEB2BD199B509BF49510A55E30, 5B067194013DD556377152B8C1F68B4BA1A7C0E7CB8754213951D78F2DFF80BB ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys
22:40:30.0468 0x0b18 usbfilter - ok
22:40:30.0500 0x0b18 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:40:30.0562 0x0b18 usbhub - ok
22:40:30.0578 0x0b18 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:40:30.0640 0x0b18 usbohci - ok
22:40:30.0671 0x0b18 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:40:30.0687 0x0b18 usbscan - ok
22:40:30.0734 0x0b18 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:40:30.0796 0x0b18 USBSTOR - ok
22:40:30.0828 0x0b18 [ 6D35266B31F7944E82B8618842AC8858, 336606FFF93F98F4AA70F01D7FB0BC303CCBC1137C72472C38F29905D5797A1A ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
22:40:30.0859 0x0b18 VBoxDrv - ok
22:40:30.0859 0x0b18 [ 5C384F1D9655623CA3DC99ACCE5E6837, 0B5F8FEDEEF4A5ACC7025AE24B2C6EF1D4F0C40CBE4EA541A459D71C984D05D1 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
22:40:30.0890 0x0b18 VBoxNetAdp - ok
22:40:30.0890 0x0b18 [ A92297BC6D9DEFF7A56195D0AF0201C1, B4016AB368CE087AF85F468357F4D08BBA9EEC8C16FCEE5B6034AABCD45993E5 ] VBoxNetFlt C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
22:40:30.0906 0x0b18 VBoxNetFlt - ok
22:40:30.0921 0x0b18 [ FF34F23E5B551663337C111629157826, 72C00D61ED9FDE5868CE06185C15E9A66CBE851F76695F09C54B74FF9629DB54 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
22:40:30.0937 0x0b18 VBoxUSBMon - ok
22:40:30.0968 0x0b18 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:40:31.0031 0x0b18 VgaSave - ok
22:40:31.0031 0x0b18 ViaIde - ok
22:40:31.0031 0x0b18 [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:40:31.0109 0x0b18 VolSnap - ok
22:40:31.0156 0x0b18 [ EA39F36302DACBCDCDB113313718E768, BE26A4DA68D5A15047941215CFC6D687FEE3F56573DDABE21AD7176C1C79CC5F ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
22:40:31.0171 0x0b18 vpnva - ok
22:40:31.0187 0x0b18 [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
22:40:31.0250 0x0b18 VSS - ok
22:40:31.0281 0x0b18 [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\system32\w32time.dll
22:40:31.0343 0x0b18 W32Time - ok
22:40:31.0375 0x0b18 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:40:31.0453 0x0b18 Wanarp - ok
22:40:31.0453 0x0b18 WDICA - ok
22:40:31.0531 0x0b18 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:40:31.0593 0x0b18 wdmaud - ok
22:40:31.0609 0x0b18 [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:40:31.0687 0x0b18 WebClient - ok
22:40:31.0781 0x0b18 [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:40:31.0843 0x0b18 winmgmt - ok
22:40:31.0875 0x0b18 [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
22:40:31.0890 0x0b18 WmBEnum - ok
22:40:31.0906 0x0b18 [ 6199B2AE3F9DB9CB6DB230471A1DC601, E66C788C3E46AAC2ABB76F6E55E912EB28CF3D4C3D74FE6E85A6FABB7F22A5C9 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:40:31.0968 0x0b18 WmdmPmSN - ok
22:40:32.0000 0x0b18 [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
22:40:32.0015 0x0b18 WmFilter - ok
22:40:32.0031 0x0b18 [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo C:\WINDOWS\system32\drivers\WmHidLo.sys
22:40:32.0046 0x0b18 WmHidLo - ok
22:40:32.0062 0x0b18 [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:40:32.0140 0x0b18 WmiApSrv - ok
22:40:32.0156 0x0b18 [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
22:40:32.0171 0x0b18 WmVirHid - ok
22:40:32.0171 0x0b18 [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
22:40:32.0187 0x0b18 WmXlCore - ok
22:40:32.0281 0x0b18 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:40:32.0328 0x0b18 WPFFontCache_v0400 - ok
22:40:32.0359 0x0b18 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:40:32.0437 0x0b18 WS2IFSL - ok
22:40:32.0453 0x0b18 [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:40:32.0546 0x0b18 wscsvc - ok
22:40:32.0562 0x0b18 [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:40:32.0640 0x0b18 wuauserv - ok
22:40:32.0687 0x0b18 [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:40:32.0781 0x0b18 WZCSVC - ok
22:40:32.0796 0x0b18 [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:40:32.0875 0x0b18 xmlprov - ok
22:40:32.0890 0x0b18 ================ Scan global ===============================
22:40:32.0921 0x0b18 [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
22:40:32.0968 0x0b18 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
22:40:32.0984 0x0b18 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
22:40:33.0015 0x0b18 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
22:40:33.0015 0x0b18 [ Global ] - ok
22:40:33.0015 0x0b18 ================ Scan MBR ==================================
22:40:33.0031 0x0b18 [ 0A7E302D063EADC51398C9A03A9E08AA ] \Device\Harddisk0\DR0
22:40:33.0109 0x0b18 \Device\Harddisk0\DR0 - ok
22:40:33.0109 0x0b18 [ 9CD62DE933473FD4E87440529E7FFB14 ] \Device\Harddisk1\DR1
22:40:33.0156 0x0b18 \Device\Harddisk1\DR1 - ok
22:40:33.0156 0x0b18 ================ Scan VBR ==================================
22:40:33.0156 0x0b18 [ A564482ED41053FF5D7D94FF1EDB3F36 ] \Device\Harddisk0\DR0\Partition1
22:40:33.0156 0x0b18 \Device\Harddisk0\DR0\Partition1 - ok
22:40:33.0156 0x0b18 [ 91E581B3EF97D632D7D8A20E5670DFB5 ] \Device\Harddisk1\DR1\Partition1
22:40:33.0203 0x0b18 \Device\Harddisk1\DR1\Partition1 - ok
22:40:33.0203 0x0b18 Waiting for KSN requests completion. In queue: 40
22:40:34.0203 0x0b18 Waiting for KSN requests completion. In queue: 40
22:40:35.0203 0x0b18 Waiting for KSN requests completion. In queue: 40
22:40:36.0250 0x0b18 AV detected via SS1: avast! Antivirus, 5.0.150996962, disabled, updated
22:40:36.0250 0x0b18 FW detected via SS1: COMODO Firewall, 6.0, disabled
22:40:36.0250 0x0b18 Win FW state via NFM: disabled
22:40:38.0656 0x0b18 ============================================================
22:40:38.0656 0x0b18 Scan finished
22:40:38.0656 0x0b18 ============================================================
22:40:38.0671 0x0370 Detected object count: 1
22:40:38.0671 0x0370 Actual detected object count: 1
22:41:39.0843 0x0370 Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:39.0843 0x0370 Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

#13 Příspěvek od **Rudy** » 02 kvě 2014 08:17

Jeden dotaz. Co je to Texis Monitor, který máte nainstalován? Program se ve skenech tváří jako rootkit.

jlopaur · #14 Příspěvek od **jlopaur** » 02 kvě 2014 09:23

Měla by to být součást serveru dokumentace k programu Abaqus

#15 Příspěvek od **Rudy** » 02 kvě 2014 12:00

jlopaur píše:Měla by to být součást serveru dokumentace k programu Abaqus

Aha, díky za info, tohle jsme tu ještě neměli. CF i TDSS to označili jako rootkit. Pokud ale víte, že je to regulérní aplikace, je všechno v pořádku. PC by již měl být čistý.

VIRY.CZ

Prosím o kontrolu logu - RSIT, zavirovane PC?

Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?

Re: Prosím o kontrolu logu - RSIT, zavirovane PC?