Prosím o kontrolu logu-pomalé stolní PC

[rr46]

Dobrý den, prosím o kontrolu logu... v poslední době pomalý start stolní PC i z pohotovostního režimu...posílám logy z FRST ( provedeno nyní) a MBAR ( provedeno dopoledne )...
Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by RR (administrator) on DOMA-RR on 29-11-2014 16:01:04
Running from C:\Documents and Settings\RR\Plocha
Loaded Profile: RR (Available profiles: RR & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Igor Gottwald - OKsoftware) C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\RR\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Run: [Svátky a výro**í<*>] => C:\Program Files\OKsoftware\Svátky a výro
í\Vyroci.exe <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Command Processor: "C:\Documents and Settings\RR\Data aplikací\Microsoft\Windows\IEUpdate\cidaemon.exe" <===== ATTENTION!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5052603434
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-18]

Chrome:
=======
CHR Profile: C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Disk Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (YouTube) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-30]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-20] (AVAST Software)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2009-03-12] (Teruten) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-04-04] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-07-08] (NVIDIA Corporation) [File not signed]
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2010-07-11] (Oak Technology Inc.) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-06-18] (Advanced Micro Devices)
S3 arusb(TP-LINK); C:\WINDOWS\System32\DRIVERS\arusb.sys [451584 2008-10-22] (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-20] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-20] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-20] ()
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-05] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-04-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-04-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-04-07] (HP)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70272 2009-10-28] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-10-28] (NVIDIA Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39016 2012-08-20] (RapidSolution Software AG)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 16:01 - 2014-11-29 16:01 - 00014117 _____ () C:\Documents and Settings\RR\Plocha\FRST.txt
2014-11-29 16:00 - 2014-11-29 16:01 - 00000000 ____D () C:\FRST
2014-11-29 15:59 - 2014-11-29 15:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\RR\Plocha\FRSTLauncher.exe
2014-11-29 15:58 - 2014-11-29 15:58 - 01109504 _____ (Farbar) C:\Documents and Settings\RR\Plocha\FRST.exe
2014-11-29 08:20 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-11-29 08:20 - 2014-11-29 09:14 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 08:20 - 2014-11-29 08:21 - 02148864 _____ () C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe
2014-11-29 08:19 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\mbar
2014-11-29 08:19 - 2014-11-29 09:13 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 08:18 - 2014-11-29 08:18 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\RR\Plocha\mbar-1.08.2.1001.exe
2014-11-26 17:16 - 2014-11-26 17:16 - 00010064 _____ () C:\Documents and Settings\RR\Dokumenty\Šablona Wordu.dotx
2014-11-21 08:54 - 2014-11-21 08:55 - 00000001 ____R () C:\Documents and Settings\RR\serverport
2014-11-15 16:55 - 2014-11-21 19:36 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka (3)
2014-11-10 17:18 - 2014-11-10 17:19 - 00002347 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-11-10 17:18 - 2014-11-10 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-10 17:18 - 2014-11-10 17:18 - 00000000 ____D () C:\Program Files\Adobe
2014-11-09 19:37 - 2014-11-10 08:50 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka (2)
2014-11-09 16:46 - 2014-11-29 16:01 - 00000000 ____D () C:\Documents and Settings\RR\Local Settings\Temp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 16:01 - 2010-05-28 13:21 - 00000000 ____D () C:\Documents and Settings\RR\Plocha
2014-11-29 16:00 - 2010-05-28 13:21 - 00000000 ___HD () C:\Documents and Settings\RR\Local Settings\Data aplikací
2014-11-29 15:58 - 2012-04-18 17:08 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-29 15:14 - 2014-09-30 08:39 - 00999012 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-29 14:28 - 2014-02-11 08:05 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 09:46 - 2014-06-15 08:57 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-29 09:45 - 2014-10-03 18:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-29 09:45 - 2014-10-03 18:45 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-29 09:45 - 2014-09-30 08:40 - 00032480 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-29 09:45 - 2014-09-29 08:05 - 00001350 _____ () C:\WINDOWS\Tasks\AVQP.job
2014-11-29 09:45 - 2014-09-29 08:04 - 00001350 _____ () C:\WINDOWS\Tasks\VUPY.job
2014-11-29 09:45 - 2014-02-11 08:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 09:45 - 2010-05-28 15:09 - 00000251 __RSH () C:\boot.ini
2014-11-29 09:45 - 2010-05-28 13:21 - 00000178 ___SH () C:\Documents and Settings\RR\ntuser.ini
2014-11-29 09:45 - 2010-05-28 13:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-29 09:45 - 2001-10-25 14:00 - 00000638 _____ () C:\WINDOWS\win.ini
2014-11-29 09:45 - 2001-10-25 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-29 09:43 - 2014-08-02 08:33 - 00000000 ____D () C:\AdwCleaner
2014-11-29 09:10 - 2010-05-29 07:40 - 00385565 _____ () C:\hpfr3425.log
2014-11-29 09:10 - 2010-05-29 07:40 - 00000522 _____ () C:\hpfr3420.xml
2014-11-29 08:57 - 2014-01-23 18:24 - 00000000 ____D () C:\Program Files\IObit
2014-11-29 08:57 - 2010-05-28 15:10 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-29 08:57 - 2010-05-28 15:10 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-29 08:56 - 2010-11-14 20:16 - 00000000 ____D () C:\Documents and Settings\RR\Data aplikací\Media Player Classic
2014-11-29 08:56 - 2010-05-28 13:21 - 00000000 ____D () C:\Documents and Settings\RR
2014-11-29 08:20 - 2014-04-06 18:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-29 08:20 - 2010-05-28 15:10 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-11-29 08:12 - 2014-01-23 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ProductData
2014-11-29 08:11 - 2001-10-25 14:00 - 00002262 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-28 17:29 - 2010-05-28 18:39 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty\Tenis
2014-11-27 11:00 - 2011-10-10 12:42 - 00000666 _____ () C:\Documents and Settings\RR\Dokumenty\Svátky a výročí.sav
2014-11-27 11:00 - 2011-10-10 12:42 - 00000013 _____ () C:\Documents and Settings\All Users\Dokumenty\Svátky a výročí.sav
2014-11-27 11:00 - 2010-05-28 15:10 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-11-27 11:00 - 2010-05-28 13:21 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty
2014-11-26 18:58 - 2012-04-18 17:08 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 18:58 - 2011-05-19 09:03 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-26 17:49 - 2010-05-28 17:43 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty\Doma
2014-11-25 13:21 - 2013-07-03 08:45 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Fotky různé
2014-11-22 08:17 - 2014-06-15 08:57 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 19:43 - 2014-03-08 16:04 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka
2014-11-18 19:20 - 2010-05-28 13:21 - 00000000 ___RD () C:\Documents and Settings\RR\Oblíbené položky
2014-11-14 13:41 - 2010-05-28 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-11-14 13:38 - 2013-08-17 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-14 13:31 - 2010-05-28 15:07 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-13 08:43 - 2010-06-01 17:27 - 00000000 ____D () C:\Documents and Settings\RR\Dokumenty\RR-sdílené
2014-11-11 08:53 - 2012-12-18 08:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
2014-11-10 17:18 - 2010-06-01 16:18 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adobe
2014-11-09 19:34 - 2010-12-05 09:40 - 00050688 _____ () C:\Documents and Settings\RR\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 17:42 - 2014-09-30 08:50 - 01706808 _____ (Thisisu) C:\Documents and Settings\RR\Plocha\JRT.exe
2014-11-09 17:32 - 2014-04-08 17:17 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-11-09 17:31 - 2014-04-08 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-11-09 16:46 - 2014-07-13 15:04 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-11-09 16:39 - 2011-01-10 09:00 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2014-11-09 16:39 - 2010-11-07 09:28 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-09 16:39 - 2010-06-01 13:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 16:39 - 2010-06-01 13:42 - 00000000 ____D () C:\Documents and Settings\RR\Nabídka Start\Programy\CCleaner
2014-11-08 10:06 - 2010-05-28 17:43 - 00000000 ____D () C:\Documents and Settings\RR\Dokumenty\Fotky
2014-11-07 08:33 - 2010-05-28 17:42 - 00000000 ____D () C:\Documents and Settings\RR\Local Settings\Data aplikací\GHISLER

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVQP.job => C:\Documents and Settings\RR\Data aplikac\AVQP.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\VUPY.job => C:\Documents and Settings\RR\Data aplikac\VUPY.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\RR\Plocha" je 955 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
"C:\WINDOWS\system32\browserchoice.exe" /run [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
"C:\Documents and Settings\RR\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files\Messenger\msmsgs.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
"C:\program files\real\realplayer\update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper
"C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^hp psc 1000 series.lnk
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^hpoddt01.exe.lnk
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Windows Search.lnk
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^cidaemon.lnk
C:\Documents and Settings\RR\Data aplikac\Microsoft\Windows\IEUpdate\cidaemon.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^Vezy obrazovky a sputn aplikace OneNote 2007.lnk
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\HP\\HP Photosmart 5510 series\\Bin\\HPNetworkCommunicator.exe"="C:\\Program Files\\HP\\HP Photosmart 5510 series\\Bin\\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Sov komuniktor HP (HP Photosmart 5510 series)"
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre7\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzdlen sprva systmu Windows - reim kompatibility (HTTP-In) "


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================




MBAR:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_32

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.109000 GHz
Memory total: 2079830016, free: 1066586112

Downloaded database version: v2014.11.28.10
Downloaded database version: v2014.11.22.01
=======================================
Initializing...
------------ Kernel report ------------
11/29/2014 08:20:20
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a454030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\
Lower Device Object: 0xffffffff8a450030
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a454030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a42fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a454030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a454b78, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a450030, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A442A43

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 488375937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Infected: C:\WINDOWS\Installer\{2DFB362D-FCA2-4341-A74C-CBAAC6979771}\msiexec.exe --> [Trojan.Ransom.ED]
Infected: HKU\S-1-5-21-823518204-1715567821-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_32

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.109000 GHz
Memory total: 2079830016, free: 1551077376

Initializing...
=======================================
------------ Kernel report ------------
11/29/2014 09:14:09
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\System32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4508d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\
Lower Device Object: 0xffffffff8a451a38
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4508d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a568650, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4508d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a480720, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a451a38, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A442A43

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 488375937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

[altrok]

Zdravim

Nektere porty mate otevrene schvalne?

Kód: Vybrat vše

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzdlen sprva systmu Windows - reim kompatibility (HTTP-In) "

Odinstalujte

• vsechno od IObit
• SpyHunter
• Spybot - Search & Destroy

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[rr46]

..v portech se nevyznám...co s tím ?

SpyHunter nemám v programech pro odinstalování....


# AdwCleaner v4.102 - Report created 29/11/2014 at 16:41:12
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RR - DOMA-RR
# Running from : C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [6567 octets] - [02/08/2014 08:34:04]
AdwCleaner[R1].txt - [1368 octets] - [03/08/2014 07:40:54]
AdwCleaner[R2].txt - [1575 octets] - [08/08/2014 13:22:17]
AdwCleaner[R3].txt - [11555 octets] - [30/09/2014 09:10:12]
AdwCleaner[R4].txt - [1462 octets] - [09/10/2014 18:47:55]
AdwCleaner[R5].txt - [2117 octets] - [29/11/2014 08:59:08]
AdwCleaner[R6].txt - [1420 octets] - [29/11/2014 09:41:04]
AdwCleaner[R7].txt - [1481 octets] - [29/11/2014 16:37:28]
AdwCleaner[S0].txt - [6352 octets] - [02/08/2014 08:36:18]
AdwCleaner[S1].txt - [1446 octets] - [08/08/2014 13:23:36]
AdwCleaner[S2].txt - [10102 octets] - [30/09/2014 09:13:23]
AdwCleaner[S3].txt - [1525 octets] - [09/10/2014 18:50:19]
AdwCleaner[S4].txt - [2325 octets] - [29/11/2014 09:04:38]
AdwCleaner[S5].txt - [1402 octets] - [29/11/2014 16:41:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1462 octets] ##########

[altrok]

Otestujte na virustotal.com C:\Documents and Settings\RR\Data aplikac\Microsoft\Windows\IEUpdate\cidaemon.exe

• Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
• ukoncete vsechny programy
• kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
• po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyFlash]
[EmptyJava]
[EmptyTemp]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^cidaemon.lnk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-

[rr46]

Soubor cidaemon.exe už byl smazán, takže ho nemůžu otestovat.....

Zde je log:

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 470 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: RR
->Flash cache emptied: 909 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: RR
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131072 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3080365 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: RR
->Temp folder emptied: 7337373 bytes
->Temporary Internet Files folder emptied: 218568269 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 16759908 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1571591 bytes
%systemroot%\System32 .tmp files removed: 1854920 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57496 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7165015114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7 071,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP141.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP166.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP167.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP315.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP329.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3DD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP58.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5D3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP82.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP84.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC9A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD7C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEC0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFA7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFB4.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI1C3.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F.tmp moved successfully.
C:\WINDOWS\Installer\MSIDC.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^cidaemon.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11292014_193310

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[altrok]

Dejte novy log z FRSTLauncheru jako jste udelal v prvnim prispevku. Do prilohy zazipujte Addition.txt.

[rr46]

Addition.rar

(9.47 KiB) Staženo 63 x

Addition.rar

(9.47 KiB) Staženo 63 x

Zdá se, že PC je rychlejší.......díky za trpělivost a zde je log a sbalený Addition.txt.....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by RR (administrator) on DOMA-RR on 30-11-2014 07:34:32
Running from C:\Documents and Settings\RR\Plocha
Loaded Profile: RR (Available profiles: RR & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\RR\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Run: [Svátky a výro**í<*>] => C:\Program Files\OKsoftware\Svátky a výro
í\Vyroci.exe <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Command Processor: "C:\Documents and Settings\RR\Data aplikací\Microsoft\Windows\IEUpdate\cidaemon.exe" <===== ATTENTION!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-823518204-1715567821-839522115-1003] => localhost:8080
HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5052603434
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-18]

Chrome:
=======
CHR Profile: C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Disk Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (YouTube) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-30]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Documents and Settings\RR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-20] (AVAST Software)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2009-03-12] (Teruten) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-04-04] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-07-08] (NVIDIA Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2010-07-11] (Oak Technology Inc.) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-06-18] (Advanced Micro Devices)
S3 arusb(TP-LINK); C:\WINDOWS\System32\DRIVERS\arusb.sys [451584 2008-10-22] (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-20] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-20] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-20] ()
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-05] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-04-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-04-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-04-07] (HP)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70272 2009-10-28] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-10-28] (NVIDIA Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39016 2012-08-20] (RapidSolution Software AG)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 07:34 - 2014-11-30 07:34 - 00013808 _____ () C:\Documents and Settings\RR\Plocha\FRST.txt
2014-11-30 07:33 - 2014-11-30 07:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\RR\Plocha\FRSTLauncher.exe
2014-11-29 19:33 - 2014-11-29 19:33 - 00000000 ____D () C:\_OTM
2014-11-29 19:31 - 2014-11-29 19:31 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\RR\Plocha\OTM.exe
2014-11-29 16:30 - 2014-11-29 16:30 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-11-29 16:00 - 2014-11-30 07:34 - 00000000 ____D () C:\FRST
2014-11-29 15:58 - 2014-11-29 15:58 - 01109504 _____ (Farbar) C:\Documents and Settings\RR\Plocha\FRST.exe
2014-11-29 08:20 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-11-29 08:20 - 2014-11-29 09:14 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 08:20 - 2014-11-29 08:21 - 02148864 _____ () C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe
2014-11-29 08:19 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\mbar
2014-11-29 08:19 - 2014-11-29 09:13 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 08:18 - 2014-11-29 08:18 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\RR\Plocha\mbar-1.08.2.1001.exe
2014-11-26 17:16 - 2014-11-26 17:16 - 00010064 _____ () C:\Documents and Settings\RR\Dokumenty\Šablona Wordu.dotx
2014-11-21 08:54 - 2014-11-21 08:55 - 00000001 ____R () C:\Documents and Settings\RR\serverport
2014-11-15 16:55 - 2014-11-21 19:36 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka (3)
2014-11-10 17:18 - 2014-11-10 17:19 - 00002347 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-11-10 17:18 - 2014-11-10 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-10 17:18 - 2014-11-10 17:18 - 00000000 ____D () C:\Program Files\Adobe
2014-11-09 19:37 - 2014-11-10 08:50 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka (2)
2014-11-09 16:46 - 2014-11-30 07:35 - 00000000 ____D () C:\Documents and Settings\RR\Local Settings\Temp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 07:34 - 2010-05-28 13:21 - 00000000 ___HD () C:\Documents and Settings\RR\Local Settings\Data aplikací
2014-11-30 07:34 - 2010-05-28 13:21 - 00000000 ____D () C:\Documents and Settings\RR\Plocha
2014-11-30 07:31 - 2014-09-30 08:39 - 01017179 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-29 19:35 - 2014-10-03 18:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-29 19:35 - 2014-10-03 18:45 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-29 19:35 - 2014-09-29 08:05 - 00001350 _____ () C:\WINDOWS\Tasks\AVQP.job
2014-11-29 19:35 - 2014-09-29 08:04 - 00001350 _____ () C:\WINDOWS\Tasks\VUPY.job
2014-11-29 19:35 - 2014-06-15 08:57 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-29 19:35 - 2014-02-11 08:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 19:35 - 2010-05-28 13:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-29 19:34 - 2014-09-30 08:40 - 00032480 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-29 19:34 - 2010-05-28 15:06 - 00000000 ____D () C:\WINDOWS\twain_32
2014-11-29 19:34 - 2010-05-28 13:21 - 00000178 ___SH () C:\Documents and Settings\RR\ntuser.ini
2014-11-29 19:33 - 2010-05-28 15:10 - 01233276 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-29 19:28 - 2014-02-11 08:05 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 18:58 - 2012-04-18 17:08 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-29 16:41 - 2014-08-02 08:33 - 00000000 ____D () C:\AdwCleaner
2014-11-29 16:35 - 2010-05-28 13:21 - 00000000 ____D () C:\Documents and Settings\RR
2014-11-29 16:31 - 2014-04-08 17:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-29 16:30 - 2014-04-08 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-11-29 16:30 - 2010-05-28 15:10 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-29 16:30 - 2010-05-28 15:10 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-29 16:16 - 2010-05-28 17:43 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty\Doma
2014-11-29 09:45 - 2010-05-28 15:09 - 00000251 __RSH () C:\boot.ini
2014-11-29 09:45 - 2001-10-25 14:00 - 00000638 _____ () C:\WINDOWS\win.ini
2014-11-29 09:45 - 2001-10-25 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-29 09:10 - 2010-05-29 07:40 - 00385565 _____ () C:\hpfr3425.log
2014-11-29 09:10 - 2010-05-29 07:40 - 00000522 _____ () C:\hpfr3420.xml
2014-11-29 08:57 - 2014-01-23 18:24 - 00000000 ____D () C:\Program Files\IObit
2014-11-29 08:56 - 2010-11-14 20:16 - 00000000 ____D () C:\Documents and Settings\RR\Data aplikací\Media Player Classic
2014-11-29 08:20 - 2014-04-06 18:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-29 08:20 - 2010-05-28 15:10 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-11-29 08:12 - 2014-01-23 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ProductData
2014-11-29 08:11 - 2001-10-25 14:00 - 00002262 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-28 17:29 - 2010-05-28 18:39 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty\Tenis
2014-11-27 11:00 - 2011-10-10 12:42 - 00000666 _____ () C:\Documents and Settings\RR\Dokumenty\Svátky a výročí.sav
2014-11-27 11:00 - 2011-10-10 12:42 - 00000013 _____ () C:\Documents and Settings\All Users\Dokumenty\Svátky a výročí.sav
2014-11-27 11:00 - 2010-05-28 15:10 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-11-27 11:00 - 2010-05-28 13:21 - 00000000 ___RD () C:\Documents and Settings\RR\Dokumenty
2014-11-26 18:58 - 2012-04-18 17:08 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 18:58 - 2011-05-19 09:03 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 13:21 - 2013-07-03 08:45 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Fotky různé
2014-11-22 08:17 - 2014-06-15 08:57 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 19:43 - 2014-03-08 16:04 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\Nová složka
2014-11-18 19:20 - 2010-05-28 13:21 - 00000000 ___RD () C:\Documents and Settings\RR\Oblíbené položky
2014-11-14 13:41 - 2010-05-28 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-11-14 13:38 - 2013-08-17 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-14 13:31 - 2010-05-28 15:07 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-13 08:43 - 2010-06-01 17:27 - 00000000 ____D () C:\Documents and Settings\RR\Dokumenty\RR-sdílené
2014-11-11 08:53 - 2012-12-18 08:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
2014-11-10 17:18 - 2010-06-01 16:18 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adobe
2014-11-09 19:34 - 2010-12-05 09:40 - 00050688 _____ () C:\Documents and Settings\RR\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 17:42 - 2014-09-30 08:50 - 01706808 _____ (Thisisu) C:\Documents and Settings\RR\Plocha\JRT.exe
2014-11-09 17:32 - 2014-04-08 17:17 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-11-09 16:46 - 2014-07-13 15:04 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-11-09 16:39 - 2011-01-10 09:00 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2014-11-09 16:39 - 2010-11-07 09:28 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-09 16:39 - 2010-06-01 13:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 16:39 - 2010-06-01 13:42 - 00000000 ____D () C:\Documents and Settings\RR\Nabídka Start\Programy\CCleaner
2014-11-08 10:06 - 2010-05-28 17:43 - 00000000 ____D () C:\Documents and Settings\RR\Dokumenty\Fotky
2014-11-07 08:33 - 2010-05-28 17:42 - 00000000 ____D () C:\Documents and Settings\RR\Local Settings\Data aplikací\GHISLER

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVQP.job => C:\Documents and Settings\RR\Data aplikac\AVQP.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\VUPY.job => C:\Documents and Settings\RR\Data aplikac\VUPY.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\RR\Plocha" je 956 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
"C:\WINDOWS\system32\browserchoice.exe" /run [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
"C:\Documents and Settings\RR\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files\Messenger\msmsgs.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
"C:\program files\real\realplayer\update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
"C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^hp psc 1000 series.lnk
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^hpoddt01.exe.lnk
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Windows Search.lnk
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^cidaemon.lnk
C:\Documents and Settings\RR\Data aplikac\Microsoft\Windows\IEUpdate\cidaemon.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabdka Start^Programy^Po sputn^Vezy obrazovky a sputn aplikace OneNote 2007.lnk
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\HP\\HP Photosmart 5510 series\\Bin\\HPNetworkCommunicator.exe"="C:\\Program Files\\HP\\HP Photosmart 5510 series\\Bin\\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Sov komuniktor HP (HP Photosmart 5510 series)"
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre7\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzdlen sprva systmu Windows - reim kompatibility (HTTP-In) "


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Mate nainstalovanou pres rok starou verzi Javy, ktera je strasne derava (da se rict, ze bez Vaseho vedomi je mozne do PC dostat skodlivy kod), takze odinstalujte Java(TM) 6 Update 32 a Java(TM) 7 Update 4 a nainstalujte aktualni z http://java.com/verify . Kor pri pouzivani Win XP tomu davam daleko vetsi dulezitost.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
  HKLM\...\Policies\Explorer: [NoResolveSearch] 1
  HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
  HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Command Processor: "C:\Documents and Settings\RR\Data aplikací\Microsoft\Windows\IEUpdate\cidaemon.exe" <===== ATTENTION!
  ProxyServer: [S-1-5-21-823518204-1715567821-839522115-1003] => localhost:8080
  BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
  BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
  Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
  S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
  S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
  S4 IntelIde; No ImagePath
  
  C:\Program Files\IObit
  C:\Program Files\Skype\Toolbars
  C:\Program Files\Enigma Software Group
  2014-11-29 08:20 - 2014-11-29 08:21 - 02148864 _____ () C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe
  2014-11-29 08:19 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\mbar
  2014-11-29 08:19 - 2014-11-29 09:13 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
  2014-11-29 08:18 - 2014-11-29 08:18 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\RR\Plocha\mbar-1.08.2.1001.exe
  2014-11-29 16:31 - 2014-04-08 17:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
  2014-11-29 16:30 - 2014-04-08 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabidka Start^Programy^Po sputeni^cidaemon.lnk" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabídka Start^Programy^Po spuštění^cidaemon.lnk" /f
  Task: C:\WINDOWS\Tasks\AVQP.job => C:\Documents and Settings\RR\Data aplikac\AVQP.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\VUPY.job => C:\Documents and Settings\RR\Data aplikac\VUPY.exe
  C:\Documents and Settings\RR\Data aplikac\AVQP.exe
  C:\Documents and Settings\RR\Data aplikac\VUPY.exe
  
  cmd: del %appdata%\AVQP.exe
  cmd: del %appdata%\VUPY.exe
  
  Hosts:
  EmptyTemp:
  End
  

[rr46]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by RR at 2014-11-30 15:43:17 Run:1
Running from C:\Documents and Settings\RR\Plocha
Loaded Profile: RR (Available profiles: RR & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-823518204-1715567821-839522115-1003\...\Command Processor: "C:\Documents and Settings\RR\Data aplikací\Microsoft\Windows\IEUpdate\cidaemon.exe" <===== ATTENTION!
ProxyServer: [S-1-5-21-823518204-1715567821-839522115-1003] => localhost:8080
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-823518204-1715567821-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath

C:\Program Files\IObit
C:\Program Files\Skype\Toolbars
C:\Program Files\Enigma Software Group
2014-11-29 08:20 - 2014-11-29 08:21 - 02148864 _____ () C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe
2014-11-29 08:19 - 2014-11-29 09:40 - 00000000 ____D () C:\Documents and Settings\RR\Plocha\mbar
2014-11-29 08:19 - 2014-11-29 09:13 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 08:18 - 2014-11-29 08:18 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\RR\Plocha\mbar-1.08.2.1001.exe
2014-11-29 16:31 - 2014-04-08 17:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-29 16:30 - 2014-04-08 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabidka Start^Programy^Po sputeni^cidaemon.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabídka Start^Programy^Po spuštění^cidaemon.lnk" /f
Task: C:\WINDOWS\Tasks\AVQP.job => C:\Documents and Settings\RR\Data aplikac\AVQP.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\VUPY.job => C:\Documents and Settings\RR\Data aplikac\VUPY.exe
C:\Documents and Settings\RR\Data aplikac\AVQP.exe
C:\Documents and Settings\RR\Data aplikac\VUPY.exe

cmd: del %appdata%\AVQP.exe
cmd: del %appdata%\VUPY.exe

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value deleted successfully.
HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} => value deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.
HKU\S-1-5-21-823518204-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
LiveUpdateSvc => Service deleted successfully.
esgiguard => Service deleted successfully.
gdrv => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Program Files\IObit => Moved successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Documents and Settings\RR\Plocha\adwcleaner_4.102.exe => Moved successfully.
C:\Documents and Settings\RR\Plocha\mbar => Moved successfully.
C:\WINDOWS\system32\Drivers\mbamchameleon.sys => Moved successfully.
C:\Documents and Settings\RR\Plocha\mbar-1.08.2.1001.exe => Moved successfully.
C:\Program Files\Spybot - Search & Destroy 2 => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabidka Start^Programy^Po sputeni^cidaemon.lnk" /f =========


Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RR^Nabídka Start^Programy^Po spuštění^cidaemon.lnk" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========

C:\WINDOWS\Tasks\AVQP.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\VUPY.job => Moved successfully.
"C:\Documents and Settings\RR\Data aplikac\AVQP.exe" => File/Directory not found.
"C:\Documents and Settings\RR\Data aplikac\VUPY.exe" => File/Directory not found.

========= del %appdata%\AVQP.exe =========

Systm neme nalzt uvedenou cestu.

========= End of CMD: =========


========= del %appdata%\VUPY.exe =========

Systm neme nalzt uvedenou cestu.

========= End of CMD: =========

Hosts was reset successfully.
EmptyTemp: => Removed 14.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[altrok]

Udelal jste krok s Javou?

Jak se chova pocitac? Muzeme zacit uklizet?

[rr46]

Ano, Javu jsem aktualizoval....počítač se zdá v pohodě...uvidíme...jenom se zeptám, bylo v počítači něco hodně škodlivého ?

[altrok]

Pustte tam jeste prosim pro klid v dusi TDSSKiller dle nasledujiciho navodu.

Stahnete si TDSSKiller http://media.kaspersky.com/utilities/Vi ... killer.exe

• Po spusteni odsouhlaste licencni podminky (klik na Accept)
• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[rr46]

16:02:57.0093 0x0d14 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
16:03:01.0578 0x0d14 ============================================================
16:03:01.0578 0x0d14 Current date / time: 2014/11/30 16:03:01.0578
16:03:01.0578 0x0d14 SystemInfo:
16:03:01.0578 0x0d14
16:03:01.0578 0x0d14 OS Version: 5.1.2600 ServicePack: 3.0
16:03:01.0578 0x0d14 Product type: Workstation
16:03:01.0578 0x0d14 ComputerName: DOMA-RR
16:03:01.0578 0x0d14 UserName: RR
16:03:01.0578 0x0d14 Windows directory: C:\WINDOWS
16:03:01.0578 0x0d14 System windows directory: C:\WINDOWS
16:03:01.0578 0x0d14 Processor architecture: Intel x86
16:03:01.0578 0x0d14 Number of processors: 2
16:03:01.0578 0x0d14 Page size: 0x1000
16:03:01.0578 0x0d14 Boot type: Normal boot
16:03:01.0578 0x0d14 ============================================================
16:03:03.0406 0x0d14 KLMD registered as C:\WINDOWS\system32\drivers\04140288.sys
16:03:03.0468 0x0d14 System UUID: {D730C82F-7C80-51CF-8DC3-3E33FA749604}
16:03:04.0140 0x0d14 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
16:03:04.0140 0x0d14 ============================================================
16:03:04.0140 0x0d14 \Device\Harddisk0\DR0:
16:03:04.0140 0x0d14 MBR partitions:
16:03:04.0140 0x0d14 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:03:04.0140 0x0d14 ============================================================
16:03:04.0156 0x0d14 C: <-> \Device\Harddisk0\DR0\Partition1
16:03:04.0156 0x0d14 ============================================================
16:03:04.0156 0x0d14 Initialize success
16:03:04.0156 0x0d14 ============================================================
16:04:13.0750 0x0acc ============================================================
16:04:13.0750 0x0acc Scan started
16:04:13.0750 0x0acc Mode: Manual; SigCheck; TDLFS;
16:04:13.0750 0x0acc ============================================================
16:04:13.0750 0x0acc KSN ping started
16:04:16.0312 0x0acc KSN ping finished: true
16:04:16.0828 0x0acc ================ Scan system memory ========================
16:04:16.0828 0x0acc System memory - ok
16:04:16.0828 0x0acc ================ Scan services =============================
16:04:16.0921 0x0acc Abiosdsk - ok
16:04:16.0921 0x0acc abp480n5 - ok
16:04:16.0968 0x0acc [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:20.0859 0x0acc ACPI - ok
16:04:20.0953 0x0acc [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:04:21.0156 0x0acc ACPIEC - ok
16:04:21.0234 0x0acc [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:21.0281 0x0acc AdobeFlashPlayerUpdateSvc - ok
16:04:21.0281 0x0acc adpu160m - ok
16:04:21.0328 0x0acc [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:04:21.0484 0x0acc aec - ok
16:04:21.0531 0x0acc [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:04:21.0593 0x0acc AFD - ok
16:04:21.0625 0x0acc [ B34B1AB0A7690A0E2301FEC6D17B2FC1, E37953E874709E8329C72F8923F34B72654B35A756D838828A005A31E196F206 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
16:04:21.0656 0x0acc AFS2K - detected UnsignedFile.Multi.Generic ( 1 )
16:04:24.0265 0x0acc Detect skipped due to KSN trusted
16:04:24.0265 0x0acc AFS2K - ok
16:04:24.0265 0x0acc Aha154x - ok
16:04:24.0281 0x0acc aic78u2 - ok
16:04:24.0281 0x0acc aic78xx - ok
16:04:24.0312 0x0acc [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:04:24.0453 0x0acc Alerter - ok
16:04:24.0468 0x0acc [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
16:04:24.0625 0x0acc ALG - ok
16:04:24.0640 0x0acc AliIde - ok
16:04:24.0734 0x0acc [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
16:04:24.0875 0x0acc Ambfilt - ok
16:04:24.0906 0x0acc [ F6F5E047369784E607F3A636AC576148, AED29CA3344A034B7C167ACA1461F81D96C926F6502350AED961398BCA3EED3F ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:04:24.0984 0x0acc AmdK8 - ok
16:04:24.0984 0x0acc amsint - ok
16:04:25.0046 0x0acc [ 6B8E7A90E576D4FE308F97C69060A171, 6CE49BC78715737D78E05DECAC23E26A5672ACD2CF3D10154FEA9D47B318D47C ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:04:25.0203 0x0acc AppMgmt - ok
16:04:25.0250 0x0acc [ 1A493A3227C1EC25C395B38B51DB3E35, 3F16901A7FF6887024F46036FF550CC99F48C90B3778CE524626D67029EAA70E ] arusb(TP-LINK) C:\WINDOWS\system32\DRIVERS\arusb.sys
16:04:25.0328 0x0acc arusb(TP-LINK) - detected UnsignedFile.Multi.Generic ( 1 )
16:04:27.0921 0x0acc Detect skipped due to KSN trusted
16:04:27.0921 0x0acc arusb(TP-LINK) - ok
16:04:27.0921 0x0acc asc - ok
16:04:27.0937 0x0acc asc3350p - ok
16:04:27.0937 0x0acc asc3550 - ok
16:04:28.0062 0x0acc [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:04:28.0125 0x0acc aspnet_state - ok
16:04:28.0171 0x0acc [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
16:04:28.0203 0x0acc aswHwid - ok
16:04:28.0203 0x0acc [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:04:28.0218 0x0acc aswMonFlt - ok
16:04:28.0265 0x0acc [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
16:04:28.0281 0x0acc aswRdr - ok
16:04:28.0312 0x0acc [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:04:28.0328 0x0acc aswRvrt - ok
16:04:28.0406 0x0acc [ 893D49B6342808E5A27491FD8F6DF0ED, 8A07648FC8D628D95CF475C16223A5ECBAA1FE77B01EF3B17FA9A9F815D7A866 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:04:28.0453 0x0acc aswSnx - ok
16:04:28.0468 0x0acc [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:04:28.0515 0x0acc aswSP - ok
16:04:28.0562 0x0acc [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:04:28.0578 0x0acc aswTdi - ok
16:04:28.0593 0x0acc [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:04:28.0625 0x0acc aswVmm - ok
16:04:28.0656 0x0acc [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:28.0812 0x0acc AsyncMac - ok
16:04:28.0828 0x0acc [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:28.0984 0x0acc atapi - ok
16:04:29.0000 0x0acc Atdisk - ok
16:04:29.0031 0x0acc [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:29.0187 0x0acc Atmarpc - ok
16:04:29.0234 0x0acc [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:04:29.0375 0x0acc AudioSrv - ok
16:04:29.0421 0x0acc [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:29.0578 0x0acc audstub - ok
16:04:29.0671 0x0acc [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:04:29.0703 0x0acc avast! Antivirus - ok
16:04:29.0734 0x0acc [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:04:29.0906 0x0acc Beep - ok
16:04:29.0968 0x0acc [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\System32\qmgr.dll
16:04:30.0156 0x0acc BITS - ok
16:04:30.0203 0x0acc [ 89E739BBA5F636297EA5B5F811189E06, 151B32B12F5DD0D388134DA2471FE9741CF22B9C408DA58FEF8019D3C4EC836B ] Browser C:\WINDOWS\System32\browser.dll
16:04:30.0265 0x0acc Browser - ok
16:04:30.0296 0x0acc [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:04:30.0468 0x0acc cbidf2k - ok
16:04:30.0468 0x0acc cd20xrnt - ok
16:04:30.0515 0x0acc [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:04:30.0671 0x0acc Cdaudio - ok
16:04:30.0718 0x0acc [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:04:30.0843 0x0acc Cdfs - ok
16:04:30.0859 0x0acc [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:04:31.0000 0x0acc Cdrom - ok
16:04:31.0015 0x0acc Changer - ok
16:04:31.0062 0x0acc [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:04:31.0218 0x0acc CiSvc - ok
16:04:31.0250 0x0acc [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:04:31.0390 0x0acc ClipSrv - ok
16:04:31.0453 0x0acc [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:04:31.0484 0x0acc clr_optimization_v2.0.50727_32 - ok
16:04:31.0515 0x0acc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:04:31.0562 0x0acc clr_optimization_v4.0.30319_32 - ok
16:04:31.0578 0x0acc CmdIde - ok
16:04:31.0578 0x0acc COMSysApp - ok
16:04:31.0593 0x0acc Cpqarray - ok
16:04:31.0625 0x0acc [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:04:31.0781 0x0acc CryptSvc - ok
16:04:31.0828 0x0acc [ 8DB84DE3AAB34A8B4C2F644EFF41CD76, 02154E064651269EEF51BA6D68285A05E1552D3FFDCA97ED810EAEB26EAF4573 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
16:04:31.0859 0x0acc ctsfm2k - ok
16:04:31.0875 0x0acc dac2w2k - ok
16:04:31.0875 0x0acc dac960nt - ok
16:04:31.0937 0x0acc [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:04:32.0046 0x0acc DcomLaunch - ok
16:04:32.0078 0x0acc [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:04:32.0265 0x0acc Dhcp - ok
16:04:32.0296 0x0acc [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:04:32.0421 0x0acc Disk - ok
16:04:32.0437 0x0acc dmadmin - ok
16:04:32.0484 0x0acc [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:04:32.0687 0x0acc dmboot - ok
16:04:32.0734 0x0acc [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:04:32.0875 0x0acc dmio - ok
16:04:32.0906 0x0acc [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:04:33.0078 0x0acc dmload - ok
16:04:33.0109 0x0acc [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:04:33.0250 0x0acc dmserver - ok
16:04:33.0296 0x0acc [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:04:33.0437 0x0acc DMusic - ok
16:04:33.0484 0x0acc [ DFAA406BF19F4EE806A6F8D4342137F7, EE2C11B3E37565FC009E323607B2F5F148F9219012EDF848CEFC1B273DAA98A9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:04:33.0593 0x0acc Dnscache - ok
16:04:33.0625 0x0acc [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:04:33.0781 0x0acc Dot3svc - ok
16:04:33.0781 0x0acc dpti2o - ok
16:04:33.0828 0x0acc [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:04:33.0968 0x0acc drmkaud - ok
16:04:34.0000 0x0acc [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:04:34.0140 0x0acc EapHost - ok
16:04:34.0187 0x0acc [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:04:34.0328 0x0acc ERSvc - ok
16:04:34.0375 0x0acc [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
16:04:34.0453 0x0acc Eventlog - ok
16:04:34.0515 0x0acc [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\System32\es.dll
16:04:34.0562 0x0acc EventSystem - ok
16:04:34.0578 0x0acc [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:04:34.0718 0x0acc Fastfat - ok
16:04:34.0765 0x0acc [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:04:34.0812 0x0acc FastUserSwitchingCompatibility - ok
16:04:34.0828 0x0acc [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:04:34.0984 0x0acc Fdc - ok
16:04:35.0015 0x0acc [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:04:35.0156 0x0acc Fips - ok
16:04:35.0171 0x0acc [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:04:35.0312 0x0acc Flpydisk - ok
16:04:35.0359 0x0acc [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:04:35.0500 0x0acc FltMgr - ok
16:04:35.0562 0x0acc [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:04:35.0578 0x0acc FontCache3.0.0.0 - ok
16:04:35.0625 0x0acc [ 790A4CA68F44BE35967B3DF61F3E4675, 7CBC77C620ABA75FEF4BA8AD9C38766D50CD18106EBA4693F162F2C5A7D46AA8 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
16:04:35.0640 0x0acc FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
16:04:38.0234 0x0acc Detect skipped due to KSN trusted
16:04:38.0234 0x0acc FsUsbExDisk - ok
16:04:38.0265 0x0acc [ D3F9205CC4CB07553F2F9472C767EA87, B1DF2B8D718CF7958E5E0B367859EEFB45CC9042B1B88E0C4DA884DF2608B59A ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
16:04:38.0281 0x0acc FsUsbExService - detected UnsignedFile.Multi.Generic ( 1 )
16:04:40.0875 0x0acc Detect skipped due to KSN trusted
16:04:40.0875 0x0acc FsUsbExService - ok
16:04:40.0890 0x0acc [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:04:41.0046 0x0acc Fs_Rec - ok
16:04:41.0093 0x0acc [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:04:41.0250 0x0acc Ftdisk - ok
16:04:41.0296 0x0acc [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:04:41.0437 0x0acc Gpc - ok
16:04:41.0546 0x0acc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:04:41.0562 0x0acc gupdate - ok
16:04:41.0562 0x0acc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:04:41.0578 0x0acc gupdatem - ok
16:04:41.0593 0x0acc [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:04:41.0750 0x0acc HDAudBus - ok
16:04:41.0828 0x0acc [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:04:41.0984 0x0acc helpsvc - ok
16:04:42.0015 0x0acc [ 00E25EE90166B3E1BE6E74AEBF858306, 92C2F020EF14DE3B4F09E2C5DFF3D2F35D8C50F6D0188F9CEEFE3B6075602EFE ] HidServ C:\WINDOWS\System32\hidserv.dll
16:04:42.0156 0x0acc HidServ - ok
16:04:42.0187 0x0acc [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:04:42.0328 0x0acc HidUsb - ok
16:04:42.0375 0x0acc [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:04:42.0515 0x0acc hkmsvc - ok
16:04:42.0531 0x0acc hpn - ok
16:04:42.0578 0x0acc [ 863CC3A82C63C9F60ACF2E85D5310620, 51CBC73D696BB87FBF3F4CD31ADE38DF9B8476DFAC38356A5C0ABD8CA63A5494 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:04:42.0609 0x0acc HPZid412 - ok
16:04:42.0625 0x0acc [ 08CB72E95DD75B61F2966B311D0E4366, 3C4CBCA84B67DBFD00C3A2470EE0CBE1F66AF549E9579B016C659BEE40219D24 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:04:42.0656 0x0acc HPZipr12 - ok
16:04:42.0671 0x0acc [ CA990306ED4EF732AF9695BFF24FC96F, 083532116547447D4A82CA02181AB4099944082405036EE38D7A3FB09CFDDC95 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:04:42.0750 0x0acc HPZius12 - ok
16:04:42.0812 0x0acc [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:04:42.0875 0x0acc HTTP - ok
16:04:42.0921 0x0acc [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:04:43.0078 0x0acc HTTPFilter - ok
16:04:43.0078 0x0acc i2omgmt - ok
16:04:43.0093 0x0acc i2omp - ok
16:04:43.0125 0x0acc [ C528E27945367191E7BAE364930B6932, 1B95C7B49B4CAE734DC6C9EC22555C5356EEC856B8491C761C777479264CF854 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:04:43.0265 0x0acc i8042prt - ok
16:04:43.0359 0x0acc [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:04:43.0421 0x0acc idsvc - ok
16:04:43.0453 0x0acc [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:04:43.0593 0x0acc Imapi - ok
16:04:43.0640 0x0acc [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:04:43.0781 0x0acc ImapiService - ok
16:04:43.0796 0x0acc ini910u - ok
16:04:44.0093 0x0acc [ 1511286A30AC4F74F5E9AAC182BBEFBC, 2DEC3C39D6CC2DD667FCD9609C40BA4AAA6EF03F1A3C02AF50CEA02BC6220F17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:04:44.0375 0x0acc IntcAzAudAddService - ok
16:04:44.0421 0x0acc [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:04:44.0578 0x0acc ip6fw - ok
16:04:44.0625 0x0acc [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:04:44.0765 0x0acc IpFilterDriver - ok
16:04:44.0796 0x0acc [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:04:44.0937 0x0acc IpInIp - ok
16:04:44.0953 0x0acc [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:04:45.0093 0x0acc IpNat - ok
16:04:45.0125 0x0acc [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:04:45.0265 0x0acc IPSec - ok
16:04:45.0281 0x0acc [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:04:45.0421 0x0acc IRENUM - ok
16:04:45.0437 0x0acc [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:04:45.0578 0x0acc isapnp - ok
16:04:45.0578 0x0acc [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:04:45.0718 0x0acc Kbdclass - ok
16:04:45.0734 0x0acc [ 86C8F23616C6C6E5B2776901C17B945B, 211B63FC405A2DDB126D204D61E779D66C7211882CC0374521926C633E180B91 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:04:45.0890 0x0acc kbdhid - ok
16:04:45.0906 0x0acc [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:04:46.0062 0x0acc kmixer - ok
16:04:46.0093 0x0acc [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:04:46.0140 0x0acc KSecDD - ok
16:04:46.0187 0x0acc [ 3428E8F86F8ADD36B42FB23542C7B3E4, 9CF643D1A70AF08407ACD5FD6FE4B8777521DDF41B5E63C2E6E1E4CAAC69A403 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:04:46.0234 0x0acc lanmanserver - ok
16:04:46.0281 0x0acc [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:04:46.0328 0x0acc lanmanworkstation - ok
16:04:46.0343 0x0acc lbrtfdc - ok
16:04:46.0421 0x0acc [ 83D8BE94E1CBCBE2EA8372DB1A95A159, 28D18C7B93EFB6C83023D39A54489DDE98DE578AFCC06DD0712D00DE7CD48968 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:04:46.0437 0x0acc LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
16:04:49.0031 0x0acc Detect skipped due to KSN trusted
16:04:49.0031 0x0acc LightScribeService - ok
16:04:49.0078 0x0acc [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:04:49.0218 0x0acc LmHosts - ok
16:04:49.0250 0x0acc [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:04:49.0390 0x0acc Messenger - ok
16:04:49.0468 0x0acc [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:04:49.0484 0x0acc Microsoft Office Groove Audit Service - ok
16:04:49.0515 0x0acc [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:04:49.0671 0x0acc mnmdd - ok
16:04:49.0703 0x0acc [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:04:49.0859 0x0acc mnmsrvc - ok
16:04:49.0890 0x0acc [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:04:50.0031 0x0acc Modem - ok
16:04:50.0109 0x0acc [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
16:04:50.0234 0x0acc Monfilt - ok
16:04:50.0281 0x0acc [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:04:50.0421 0x0acc Mouclass - ok
16:04:50.0468 0x0acc [ BB269EBA740737AB749B214D568B6812, ABF41D9B521EBBE674E76981CAD31F8FD05976DE7070266C3956FDB67C83C4C2 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:04:50.0625 0x0acc mouhid - ok
16:04:50.0656 0x0acc [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:04:50.0781 0x0acc MountMgr - ok
16:04:50.0781 0x0acc mraid35x - ok
16:04:50.0812 0x0acc [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:04:50.0968 0x0acc MRxDAV - ok
16:04:51.0015 0x0acc [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:04:51.0125 0x0acc MRxSmb - ok
16:04:51.0187 0x0acc [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:04:51.0328 0x0acc MSDTC - ok
16:04:51.0359 0x0acc [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:04:51.0484 0x0acc Msfs - ok
16:04:51.0500 0x0acc MSIServer - ok
16:04:51.0531 0x0acc [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:04:51.0671 0x0acc MSKSSRV - ok
16:04:51.0687 0x0acc [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:04:51.0828 0x0acc MSPCLOCK - ok
16:04:51.0843 0x0acc [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:04:51.0984 0x0acc MSPQM - ok
16:04:52.0031 0x0acc [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:04:52.0156 0x0acc mssmbios - ok
16:04:52.0187 0x0acc [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:04:52.0250 0x0acc MTsensor - ok
16:04:52.0281 0x0acc [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:04:52.0359 0x0acc Mup - ok
16:04:52.0406 0x0acc [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
16:04:52.0578 0x0acc napagent - ok
16:04:52.0625 0x0acc [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:04:52.0796 0x0acc NDIS - ok
16:04:52.0828 0x0acc [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:04:52.0843 0x0acc NdisTapi - ok
16:04:52.0890 0x0acc [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:04:53.0031 0x0acc Ndisuio - ok
16:04:53.0078 0x0acc [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:04:53.0250 0x0acc NdisWan - ok
16:04:53.0281 0x0acc [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:04:53.0343 0x0acc NDProxy - ok
16:04:53.0390 0x0acc [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:04:53.0531 0x0acc NetBIOS - ok
16:04:53.0546 0x0acc [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:04:53.0687 0x0acc NetBT - ok
16:04:53.0734 0x0acc [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
16:04:53.0875 0x0acc NetDDE - ok
16:04:53.0906 0x0acc [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:04:54.0046 0x0acc NetDDEdsdm - ok
16:04:54.0078 0x0acc [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:04:54.0218 0x0acc Netlogon - ok
16:04:54.0265 0x0acc [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
16:04:54.0406 0x0acc Netman - ok
16:04:54.0453 0x0acc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:04:54.0484 0x0acc NetTcpPortSharing - ok
16:04:54.0531 0x0acc [ 39EE7C3BFBC64BA87CC8CF67386E814C, B93CCB625CE370D9A49C9374D24C939D7C9FEF81401F4F822C51E12677D77E01 ] Nla C:\WINDOWS\System32\mswsock.dll
16:04:54.0609 0x0acc Nla - ok
16:04:54.0656 0x0acc [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:04:54.0781 0x0acc Npfs - ok
16:04:54.0828 0x0acc [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:04:55.0000 0x0acc Ntfs - ok
16:04:55.0015 0x0acc [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:04:55.0140 0x0acc NtLmSsp - ok
16:04:55.0187 0x0acc [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:04:55.0359 0x0acc NtmsSvc - ok
16:04:55.0390 0x0acc [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
16:04:55.0531 0x0acc Null - ok
16:04:56.0109 0x0acc [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:04:56.0687 0x0acc nv - ok
16:04:56.0750 0x0acc [ 95486516F56C81A9C873DB41B1FB5AE2, 574D0191541206E081EE6EE8FFFB572EAF29D5DB833B3AD5A460B0DD02F8D626 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:04:56.0781 0x0acc NVENETFD - ok
16:04:56.0828 0x0acc [ 619D8943725402D1179941FD58574CC8, C2B9CE0EF51B972F47EF776950A3CD78AD6C9AC9242A01EEC443EF1AFA48CDDF ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
16:04:56.0843 0x0acc nvgts - ok
16:04:56.0875 0x0acc [ 11168759542065FA0A53713AB0618B5C, B02483DB1CFAAB14C4453BB1B5991EF452FD2CB05235D125A966C60D6968A6C1 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:04:56.0921 0x0acc nvnetbus - ok
16:04:56.0953 0x0acc [ ED0A578227B9FB97AD3BABC7FA6CD756, 7A950F5051DD3C14FC9E5D21AF3A67620B06FB9A6E27AF8970C04561E6E7D1E4 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
16:04:56.0984 0x0acc nvsvc - detected UnsignedFile.Multi.Generic ( 1 )
16:04:59.0578 0x0acc Detect skipped due to KSN trusted
16:04:59.0578 0x0acc nvsvc - ok
16:04:59.0609 0x0acc [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:04:59.0750 0x0acc NwlnkFlt - ok
16:04:59.0796 0x0acc [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:04:59.0937 0x0acc NwlnkFwd - ok
16:05:00.0015 0x0acc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:00.0062 0x0acc odserv - ok
16:05:00.0109 0x0acc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:00.0125 0x0acc ose - ok
16:05:00.0156 0x0acc [ 103A9B117A7D9903111955CDAFE65AC6, 06060CA6036F757ABB6C9CFD8376D70996E80ACC7896896DD426AEA0786E2B15 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
16:05:00.0187 0x0acc ossrv - ok
16:05:00.0265 0x0acc [ DF886FFED69AEAD0CF608B89B18C3F6F, 1FF0557AB2105584A78F600F5CFEB39F91BC8BB74D69608EE42472D2DD907D4B ] P17 C:\WINDOWS\system32\drivers\P17.sys
16:05:00.0359 0x0acc P17 - ok
16:05:00.0421 0x0acc [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:00.0562 0x0acc Parport - ok
16:05:00.0578 0x0acc [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:00.0718 0x0acc PartMgr - ok
16:05:00.0765 0x0acc [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:00.0906 0x0acc ParVdm - ok
16:05:00.0953 0x0acc [ 175CC28DCF819F78CAA3FBD44AD9E52A, C00F17040440E5C10439FF8110368A7813BD197E96338FD3703C86E399E27128 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:05:00.0984 0x0acc pccsmcfd - ok
16:05:01.0000 0x0acc [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:01.0140 0x0acc PCI - ok
16:05:01.0140 0x0acc PCIDump - ok
16:05:01.0156 0x0acc [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:05:01.0296 0x0acc PCIIde - ok
16:05:01.0343 0x0acc [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:01.0484 0x0acc Pcmcia - ok
16:05:01.0500 0x0acc PDCOMP - ok
16:05:01.0500 0x0acc PDFRAME - ok
16:05:01.0515 0x0acc PDRELI - ok
16:05:01.0515 0x0acc PDRFRAME - ok
16:05:01.0515 0x0acc perc2 - ok
16:05:01.0531 0x0acc perc2hib - ok
16:05:01.0562 0x0acc [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
16:05:01.0640 0x0acc PlugPlay - ok
16:05:01.0687 0x0acc [ FB03F341FF5380394BF2EE52F1979925, 50795312FB3C90FFE3BF6F6C3FCDC489A3C8DA9801F13689C8A7B78C56D571A2 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
16:05:01.0718 0x0acc Pml Driver HPZ12 - ok
16:05:01.0734 0x0acc [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:05:01.0859 0x0acc PolicyAgent - ok
16:05:01.0906 0x0acc [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:02.0046 0x0acc PptpMiniport - ok
16:05:02.0078 0x0acc [ 7EB15DCE4EC3A0220BD796A15C18186E, E06C572F3FE4F3377D8AF74E8EF15478E71B4C61F944E48E8C35534BEF086110 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:05:02.0218 0x0acc Processor - ok
16:05:02.0234 0x0acc [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:05:02.0359 0x0acc ProtectedStorage - ok
16:05:02.0375 0x0acc [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:02.0515 0x0acc PSched - ok
16:05:02.0562 0x0acc [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:02.0703 0x0acc Ptilink - ok
16:05:02.0703 0x0acc ql1080 - ok
16:05:02.0703 0x0acc Ql10wnt - ok
16:05:02.0718 0x0acc ql12160 - ok
16:05:02.0718 0x0acc ql1240 - ok
16:05:02.0734 0x0acc ql1280 - ok
16:05:02.0765 0x0acc [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:02.0906 0x0acc RasAcd - ok
16:05:02.0953 0x0acc [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:05:03.0109 0x0acc RasAuto - ok
16:05:03.0125 0x0acc [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:03.0265 0x0acc Rasl2tp - ok
16:05:03.0328 0x0acc [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:03.0468 0x0acc RasMan - ok
16:05:03.0484 0x0acc [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:03.0625 0x0acc RasPppoe - ok
16:05:03.0625 0x0acc [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:03.0781 0x0acc Raspti - ok
16:05:03.0796 0x0acc [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:03.0937 0x0acc Rdbss - ok
16:05:03.0953 0x0acc [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:04.0093 0x0acc RDPCDD - ok
16:05:04.0125 0x0acc [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:04.0265 0x0acc rdpdr - ok
16:05:04.0312 0x0acc [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:04.0390 0x0acc RDPWD - ok
16:05:04.0453 0x0acc [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:04.0609 0x0acc RDSessMgr - ok
16:05:04.0640 0x0acc [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:04.0781 0x0acc redbook - ok
16:05:04.0812 0x0acc [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:04.0968 0x0acc RemoteAccess - ok
16:05:05.0015 0x0acc [ 8F31505484A190D5B22274708799F4EC, 170FF8193C95CEE73B9342B6FB7D83DF4E80B2CCBB27DF41F4AB5F2FB9AF60E1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:05:05.0156 0x0acc RemoteRegistry - ok
16:05:05.0187 0x0acc [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:05:05.0328 0x0acc RpcLocator - ok
16:05:05.0359 0x0acc [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:05:05.0453 0x0acc RpcSs - ok
16:05:05.0500 0x0acc [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:05:05.0656 0x0acc RSVP - ok
16:05:05.0671 0x0acc [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:05.0796 0x0acc SamSs - ok
16:05:05.0828 0x0acc [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:05.0968 0x0acc SCardSvr - ok
16:05:06.0015 0x0acc [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:06.0171 0x0acc Schedule - ok
16:05:06.0218 0x0acc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:06.0359 0x0acc Secdrv - ok
16:05:06.0406 0x0acc [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:06.0562 0x0acc seclogon - ok
16:05:06.0593 0x0acc [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
16:05:06.0734 0x0acc SENS - ok
16:05:06.0765 0x0acc [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:06.0890 0x0acc serenum - ok
16:05:06.0906 0x0acc [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:07.0046 0x0acc Serial - ok
16:05:07.0140 0x0acc [ 9D38320BB32230349379DF5DDBBF7FCE, 8AAA8B0B60E65F596C3276DCCD0D8146B40172B6D509B597EDFDA46AC8A72A4C ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:05:07.0156 0x0acc ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
16:05:09.0765 0x0acc Detect skipped due to KSN trusted
16:05:09.0765 0x0acc ServiceLayer - ok
16:05:09.0828 0x0acc [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:09.0953 0x0acc Sfloppy - ok
16:05:10.0000 0x0acc [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:05:10.0156 0x0acc SharedAccess - ok
16:05:10.0171 0x0acc [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:10.0218 0x0acc ShellHWDetection - ok
16:05:10.0218 0x0acc Simbad - ok
16:05:10.0296 0x0acc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:05:10.0328 0x0acc SkypeUpdate - ok
16:05:10.0343 0x0acc Sparrow - ok
16:05:10.0375 0x0acc [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:10.0515 0x0acc splitter - ok
16:05:10.0546 0x0acc [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:05:10.0609 0x0acc Spooler - ok
16:05:10.0625 0x0acc [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:10.0765 0x0acc sr - ok
16:05:10.0828 0x0acc [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\System32\srsvc.dll
16:05:10.0984 0x0acc srservice - ok
16:05:11.0031 0x0acc [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:11.0093 0x0acc Srv - ok
16:05:11.0140 0x0acc [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:11.0281 0x0acc SSDPSRV - ok
16:05:11.0531 0x0acc [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E, 8DD6C559F447B6228F5A9FBE3EA0D1CA1569DDF9539CA9B1DFA51B570700E6A9 ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
16:05:11.0546 0x0acc ss_bus - ok
16:05:11.0546 0x0acc [ F0A85580E36A3A85059037D39A9CF079, EFA871BB28B34D61F50E72EFAED90BA23BC92BDDD0DE7920955D8AAD3492F39D ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
16:05:11.0562 0x0acc ss_mdfl - ok
16:05:11.0593 0x0acc [ 84C3DBFD1BFA4ADC0A950B3D5506CB00, E6122282959FE7F27314AF811552ABC4C768B98FA78B69D419A65E6E89A914C7 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
16:05:11.0609 0x0acc ss_mdm - ok
16:05:11.0625 0x0acc [ 06CDA2A5A549BC455D004461E6BC5B33, 9731AEBB98B40F610113BE1989F85CE5805D9C3840A0E22B1F30883A6349CFED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:05:11.0765 0x0acc StillCam - ok
16:05:11.0828 0x0acc [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:11.0984 0x0acc stisvc - ok
16:05:12.0015 0x0acc [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:12.0156 0x0acc swenum - ok
16:05:12.0171 0x0acc [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:12.0312 0x0acc swmidi - ok
16:05:12.0312 0x0acc SwPrv - ok
16:05:12.0328 0x0acc symc810 - ok
16:05:12.0328 0x0acc symc8xx - ok
16:05:12.0343 0x0acc sym_hi - ok
16:05:12.0343 0x0acc sym_u3 - ok
16:05:12.0375 0x0acc [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:12.0500 0x0acc sysaudio - ok
16:05:12.0546 0x0acc [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:12.0687 0x0acc SysmonLog - ok
16:05:12.0734 0x0acc [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:12.0875 0x0acc TapiSrv - ok
16:05:12.0921 0x0acc [ 74D4299CDC4CF748EFEF725C2206E135, 63E3C4E39BE2B2917FF990B1677DEB7F5DA24BD45636D8F600DFBA7E320AFBFF ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
16:05:12.0937 0x0acc tbhsd - ok
16:05:12.0984 0x0acc [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:13.0093 0x0acc Tcpip - ok
16:05:13.0140 0x0acc [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:13.0265 0x0acc TDPIPE - ok
16:05:13.0281 0x0acc [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:13.0421 0x0acc TDTCP - ok
16:05:13.0437 0x0acc [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:13.0562 0x0acc TermDD - ok
16:05:13.0625 0x0acc [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:13.0765 0x0acc TermService - ok
16:05:13.0796 0x0acc [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:13.0828 0x0acc Themes - ok
16:05:13.0859 0x0acc [ CD0CC7B167D78043A41C98D4921EFB54, 31AAB5D6D6BA52EBDDE1B5DEB8F9B4D9597FFBA4485F959C846F635060CCB5C0 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
16:05:14.0015 0x0acc TlntSvr - ok
16:05:14.0015 0x0acc TosIde - ok
16:05:14.0062 0x0acc [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:14.0203 0x0acc TrkWks - ok
16:05:14.0234 0x0acc [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:14.0375 0x0acc Udfs - ok
16:05:14.0390 0x0acc ultra - ok
16:05:14.0437 0x0acc [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:14.0625 0x0acc Update - ok
16:05:14.0656 0x0acc [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:14.0828 0x0acc upnphost - ok
16:05:14.0843 0x0acc [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
16:05:14.0984 0x0acc UPS - ok
16:05:15.0015 0x0acc [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:15.0078 0x0acc usbccgp - ok
16:05:15.0109 0x0acc [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:15.0140 0x0acc usbehci - ok
16:05:15.0171 0x0acc [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:15.0328 0x0acc usbhub - ok
16:05:15.0343 0x0acc [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:05:15.0484 0x0acc usbohci - ok
16:05:15.0515 0x0acc [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:15.0656 0x0acc usbprint - ok
16:05:15.0687 0x0acc [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:15.0718 0x0acc usbscan - ok
16:05:15.0765 0x0acc [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:15.0906 0x0acc USBSTOR - ok
16:05:15.0953 0x0acc [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:16.0078 0x0acc usbuhci - ok
16:05:16.0109 0x0acc [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:16.0250 0x0acc VgaSave - ok
16:05:16.0250 0x0acc ViaIde - ok
16:05:16.0296 0x0acc [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:16.0421 0x0acc VolSnap - ok
16:05:16.0484 0x0acc [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:16.0640 0x0acc VSS - ok
16:05:16.0687 0x0acc [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\System32\w32time.dll
16:05:16.0828 0x0acc W32Time - ok
16:05:16.0875 0x0acc [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:17.0015 0x0acc Wanarp - ok
16:05:17.0031 0x0acc [ A2A8CACB5B80AC45CC69692E60621864, 23988F484A30B5F6D18140D386E69C921A76F45DFCDA6908F3E53481490129B4 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
16:05:17.0171 0x0acc wceusbsh - ok
16:05:17.0171 0x0acc WDICA - ok
16:05:17.0187 0x0acc [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:17.0343 0x0acc wdmaud - ok
16:05:17.0375 0x0acc [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:17.0531 0x0acc WebClient - ok
16:05:17.0625 0x0acc [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:17.0765 0x0acc winmgmt - ok
16:05:17.0843 0x0acc [ 4D34CEDD74BDBF2B6A935EAE3BF80543, 217D4B405C2F7F429D2633ABC75B35BC4B1271EF4B7D779048CF82C2575A54FC ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:05:18.0031 0x0acc WinRM - ok
16:05:18.0078 0x0acc [ 482069CDA24AA0E94B1351E30EB3D01F, C5238E6DA85D6854A119A9687BE8448B8483EBD483F7823150CC0B24D321D26F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:18.0125 0x0acc WmdmPmSN - ok
16:05:18.0203 0x0acc [ 0171CFF34BBA8C5977F18C48D8AEF8C6, 0E3E04220157CCFB92F8D029805EB56D101C2A3AB3375354537FA9B5B3CAA0AD ] Wmi C:\WINDOWS\System32\advapi32.dll
16:05:18.0312 0x0acc Wmi - ok
16:05:18.0359 0x0acc [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:05:18.0500 0x0acc WmiApSrv - ok
16:05:18.0578 0x0acc [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:05:18.0640 0x0acc WPFFontCache_v0400 - ok
16:05:18.0687 0x0acc [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:05:18.0843 0x0acc wscsvc - ok
16:05:18.0843 0x0acc WSearch - ok
16:05:18.0890 0x0acc [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:05:19.0031 0x0acc wuauserv - ok
16:05:19.0093 0x0acc [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:19.0281 0x0acc WZCSVC - ok
16:05:19.0296 0x0acc [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:19.0468 0x0acc xmlprov - ok
16:05:19.0484 0x0acc ================ Scan global ===============================
16:05:19.0531 0x0acc [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
16:05:19.0578 0x0acc [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
16:05:19.0609 0x0acc [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
16:05:19.0640 0x0acc [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
16:05:19.0640 0x0acc [ Global ] - ok
16:05:19.0640 0x0acc ================ Scan MBR ==================================
16:05:19.0671 0x0acc [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
16:05:19.0843 0x0acc \Device\Harddisk0\DR0 - ok
16:05:19.0843 0x0acc ================ Scan VBR ==================================
16:05:19.0843 0x0acc [ AA3D36577B71382B87222DF9E6BDF4C9 ] \Device\Harddisk0\DR0\Partition1
16:05:19.0843 0x0acc \Device\Harddisk0\DR0\Partition1 - ok
16:05:19.0843 0x0acc ================ Scan generic autorun ======================
16:05:20.0062 0x0acc [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:05:20.0343 0x0acc AvastUI.exe - ok
16:05:20.0406 0x0acc [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:05:20.0453 0x0acc SunJavaUpdateSched - ok
16:05:20.0500 0x0acc [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\System32\CTFMON.EXE
16:05:20.0625 0x0acc CTFMON.EXE - ok
16:05:20.0640 0x0acc [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\System32\CTFMON.EXE
16:05:20.0765 0x0acc CTFMON.EXE - ok
16:05:20.0781 0x0acc [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
16:05:20.0906 0x0acc CTFMON.EXE - ok
16:05:20.0984 0x0acc [ 89927B4DE92FDDE68D1C65553053F170, 0D6310D6F9C423C25D1DE3A61569217F15446CC84620B1F2B204A4F19599484C ] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
16:05:21.0093 0x0acc Svátky a výročí - detected UnsignedFile.Multi.Generic ( 1 )
16:05:23.0781 0x0acc Svátky a výročí ( UnsignedFile.Multi.Generic ) - warning
16:05:23.0781 0x0acc Force sending object to P2P due to detect: C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
16:05:26.0406 0x0acc Object send P2P result: true
16:05:28.0937 0x0acc [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
16:05:29.0062 0x0acc CTFMON.EXE - ok
16:05:29.0187 0x0acc [ CCF2234A35077CA217A61C9CACC48198, C1FB60E22DB42073A7803B2715A779D42D86F762D226312E8D3BC78FBB5D1E1D ] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
16:05:29.0359 0x0acc LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
16:05:32.0031 0x0acc Detect skipped due to KSN trusted
16:05:32.0031 0x0acc LightScribe Control Panel - ok
16:05:32.0078 0x0acc AV detected via SS1: avast! Antivirus, 5.0.150996965, disabled, updated
16:05:32.0078 0x0acc Win FW state via NFM: enabled
16:05:34.0609 0x0acc ============================================================
16:05:34.0609 0x0acc Scan finished
16:05:34.0609 0x0acc ============================================================
16:05:34.0609 0x0b04 Detected object count: 1
16:05:34.0609 0x0b04 Actual detected object count: 1
16:10:30.0171 0x0b04 Svátky a výročí ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:30.0171 0x0b04 Svátky a výročí ( UnsignedFile.Multi.Generic ) - User select action: Skip

[altrok]

TDSSKilller je dle ocekavani cisty. To se zpetne casto rict neda, co ktera havet presne dela... Ano, par trojanu jste tam mel.

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[rr46]

Myslím, že je to vše. Velice Vám děkuji za pomoc.....