Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

100% vytíženost, iexplorer.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#16 Příspěvek od altrok »

:arrow: Nic se nedeje, dekuju za info.

:arrow: Pokud jeste nemate, presunte ComboFix na plochu.
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

FCopy::
c:\windows\system32\dllcache\dsound.dll | c:\windows\system32\dsound.dll
C:\WINDOWS\system32\dllcache\ipsecsvc.dll | C:\WINDOWS\System32\ipsecsvc.dll

Driver::
IS360service

Folder::
c:\program files\IObit

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"IObit Security 360"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{A3AE7312-D4DF-4BF1-A493-7E2E1EFF1D7C}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=-

File::
c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
troubler
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 09 pro 2014 23:27

Re: 100% vytíženost, iexplorer.exe

#17 Příspěvek od troubler »

ComboFix 14-12-14.01 - Administrator 18.12.2014 8:17.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.285 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job"
"c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IObit
c:\program files\IObit\IObit Malware Fighter\license.dat
c:\program files\IObit\IObit Security 360\a_hijackscan.exe
c:\program files\IObit\IObit Security 360\addition.def
c:\program files\IObit\IObit Security 360\b_securityholes.exe
c:\program files\IObit\IObit Security 360\c_passivedefense.exe
c:\program files\IObit\IObit Security 360\core.def
c:\program files\IObit\IObit Security 360\d_powerfuldelete.exe
c:\program files\IObit\IObit Security 360\data.dat
c:\program files\IObit\IObit Security 360\e_privacysweeper.exe
c:\program files\IObit\IObit Security 360\EULA.rtf
c:\program files\IObit\IObit Security 360\f_pctuneup.exe
c:\program files\IObit\IObit Security 360\ffsweep.dll
c:\program files\IObit\IObit Security 360\filesweep.dll
c:\program files\IObit\IObit Security 360\g_portable.exe
c:\program files\IObit\IObit Security 360\help.html
c:\program files\IObit\IObit Security 360\holesscan.bpl
c:\program files\IObit\IObit Security 360\imf-setup-tran.exe
c:\program files\IObit\IObit Security 360\information.ini
c:\program files\IObit\IObit Security 360\is360.exe
c:\program files\IObit\IObit Security 360\IS360DataBase.db
c:\program files\IObit\IObit Security 360\is360ext.dll
c:\program files\IObit\IObit Security 360\IS360Init.exec:\windows\system32\jgaw400.dll
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\dsound.dll --> c:\windows\system32\dsound.dll
c:\windows\system32\dllcache\ipsecsvc.dll --> c:\windows\System32\ipsecsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IS360SERVICE
-------\Service_IS360service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-18 do 2014-12-18 )))))))))))))))))))))))))))))))
.
.
2014-12-16 06:45 . 2014-12-16 06:45 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-12 15:49 . 2014-12-15 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-12-12 15:49 . 2014-12-12 15:49 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 15:46 . 2014-12-12 15:46 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-11 05:57 . 2014-12-11 05:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVAST Software
2014-12-11 05:53 . 2014-12-11 05:53 -------- d-----w- c:\windows\jumpshot.com
2014-12-10 15:08 . 2014-12-10 15:07 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-10 15:08 . 2014-12-12 05:57 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-10 15:08 . 2014-12-10 15:07 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-10 15:08 . 2014-12-10 15:07 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-10 15:08 . 2014-12-10 15:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-10 15:08 . 2014-12-10 15:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-10 15:08 . 2014-12-10 15:07 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-10 15:08 . 2014-12-12 05:57 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-10 15:08 . 2014-12-10 15:07 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-10 15:07 . 2014-12-10 15:07 43152 ----a-w- c:\windows\avastSS.scr
2014-12-10 14:55 . 2014-12-10 14:55 -------- d-----w- c:\program files\AVAST Software
2014-12-10 14:54 . 2014-12-10 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-12-10 10:40 . 2014-12-10 10:40 -------- d-----w- C:\_OTM
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- c:\program files\trend micro
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- C:\rsit
2014-12-09 09:28 . 2014-12-09 10:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2014-12-09 08:08 . 2014-12-09 08:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2014-12-05 10:58 . 2014-12-05 10:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BitDefender
2014-12-05 10:20 . 2014-12-05 10:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LavasoftStatistics
2014-12-05 09:49 . 2014-12-05 09:49 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-15 12:18 . 2014-12-15 12:18 43217 ----a-w- c:\windows\system32\scardsvr.zip
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-10 15:06 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Software602\\602SQL11\\602gcli11.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.12.2014 16:08 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.12.2014 16:08 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [10.12.2014 16:08 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10.12.2014 16:08 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.12.2014 16:08 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.12.2014 16:08 70384]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [11.6.2012 12:01 99896]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [11.6.2012 11:59 17408]
S0 70161483;70161483;c:\windows\system32\drivers\35723118.sys --> c:\windows\system32\drivers\35723118.sys [?]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys --> c:\windows\system32\DRIVERS\avchv.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
2014-12-18 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.156.32.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-18 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-12-18 08:57:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-18 07:57
ComboFix2.txt 2014-12-16 13:14
.
Před spuštěním: Volných bajtů: 27 290 775 552
Po spuštění: Volných bajtů: 29 558 001 664
.
- - End Of File - - B28B3D235561C9462D5FB19C36CB8D37
413FC2A0C716421B3158746D63736515
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#18 Příspěvek od altrok »

:arrow: Po aplikovani tohoto CFScriptu znovu pouzijte TDSSKiller viz http://forum.viry.cz/viewtopic.php?p=1365382#p1365382

:arrow: Pokud jeste nemate, presunte ComboFix na plochu.
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

Driver::
70161483

Folder::
C:\Documents and Settings\Administrator\Data aplikací\IObit
C:\Documents and Settings\All Users\Data aplikací\IObit

File::
c:\windows\system32\drivers\35723118.sys

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
troubler
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 09 pro 2014 23:27

Re: 100% vytíženost, iexplorer.exe

#19 Příspěvek od troubler »

Akorát combofix mi při dokončování hodil tyto tři hlášky viz. foto
http://leteckaposta.cz/886457404

Posílloám oba logy.

ComboFix 14-12-14.01 - Administrator 18.12.2014 10:29:38.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.245 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\35723118.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_70161483
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-18 do 2014-12-18 )))))))))))))))))))))))))))))))
.
.
2014-12-16 06:45 . 2014-12-16 06:45 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-12 15:49 . 2014-12-15 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-12-12 15:49 . 2014-12-12 15:49 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 15:46 . 2014-12-12 15:46 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-11 05:57 . 2014-12-11 05:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVAST Software
2014-12-11 05:53 . 2014-12-11 05:53 -------- d-----w- c:\windows\jumpshot.com
2014-12-10 15:08 . 2014-12-10 15:07 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-10 15:08 . 2014-12-12 05:57 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-10 15:08 . 2014-12-10 15:07 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-10 15:08 . 2014-12-10 15:07 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-10 15:08 . 2014-12-10 15:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-10 15:08 . 2014-12-10 15:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-10 15:08 . 2014-12-10 15:07 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-10 15:08 . 2014-12-12 05:57 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-10 15:08 . 2014-12-10 15:07 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-10 15:07 . 2014-12-10 15:07 43152 ----a-w- c:\windows\avastSS.scr
2014-12-10 14:55 . 2014-12-10 14:55 -------- d-----w- c:\program files\AVAST Software
2014-12-10 14:54 . 2014-12-10 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-12-10 10:40 . 2014-12-10 10:40 -------- d-----w- C:\_OTM
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- c:\program files\trend micro
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- C:\rsit
2014-12-09 09:28 . 2014-12-09 10:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2014-12-09 08:08 . 2014-12-09 08:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2014-12-05 10:58 . 2014-12-05 10:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BitDefender
2014-12-05 10:20 . 2014-12-05 10:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LavasoftStatistics
2014-12-05 09:49 . 2014-12-05 09:49 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-15 12:18 . 2014-12-15 12:18 43217 ----a-w- c:\windows\system32\scardsvr.zip
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-10 15:06 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Software602\\602SQL11\\602gcli11.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.12.2014 16:08 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.12.2014 16:08 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [10.12.2014 16:08 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10.12.2014 16:08 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.12.2014 16:08 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.12.2014 16:08 70384]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [11.6.2012 12:01 99896]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [11.6.2012 11:59 17408]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys --> c:\windows\system32\DRIVERS\avchv.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
2014-12-18 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.156.32.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-18 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-12-18 11:09:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-18 10:09
ComboFix2.txt 2014-12-18 07:57
ComboFix3.txt 2014-12-16 13:14
.
Před spuštěním: Volných bajtů: 29 610 053 632
Po spuštění: Volných bajtů: 29 596 282 880
.
- - End Of File - - F99B8AF6A83BE297F51B5119A85AF909
413FC2A0C716421B3158746D63736515
----------------
11:14:01.0515 0x09e4 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
11:14:05.0187 0x09e4 ============================================================
11:14:05.0187 0x09e4 Current date / time: 2014/12/18 11:14:05.0187
11:14:05.0187 0x09e4 SystemInfo:
11:14:05.0187 0x09e4
11:14:05.0187 0x09e4 OS Version: 5.1.2600 ServicePack: 3.0
11:14:05.0187 0x09e4 Product type: Workstation
11:14:05.0187 0x09e4 ComputerName: HRBITOV-PC
11:14:05.0187 0x09e4 UserName: Administrator
11:14:05.0187 0x09e4 Windows directory: C:\WINDOWS
11:14:05.0187 0x09e4 System windows directory: C:\WINDOWS
11:14:05.0187 0x09e4 Processor architecture: Intel x86
11:14:05.0187 0x09e4 Number of processors: 1
11:14:05.0187 0x09e4 Page size: 0x1000
11:14:05.0187 0x09e4 Boot type: Normal boot
11:14:05.0187 0x09e4 ============================================================
11:14:10.0140 0x09e4 KLMD registered as C:\WINDOWS\system32\drivers\56188875.sys
11:14:11.0312 0x09e4 System UUID: {6D8327FE-731B-F83C-D82A-46C466EBF9EE}
11:14:14.0546 0x09e4 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 ( 37.27 Gb ), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:14:14.0562 0x09e4 ============================================================
11:14:14.0562 0x09e4 \Device\Harddisk0\DR0:
11:14:14.0562 0x09e4 MBR partitions:
11:14:14.0562 0x09e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:14:14.0562 0x09e4 ============================================================
11:14:14.0625 0x09e4 C: <-> \Device\Harddisk0\DR0\Partition1
11:14:14.0625 0x09e4 ============================================================
11:14:14.0625 0x09e4 Initialize success
11:14:14.0625 0x09e4 ============================================================
11:14:44.0250 0x0ba8 ============================================================
11:14:44.0250 0x0ba8 Scan started
11:14:44.0250 0x0ba8 Mode: Manual; SigCheck; TDLFS;
11:14:44.0250 0x0ba8 ============================================================
11:14:44.0250 0x0ba8 KSN ping started
11:14:46.0687 0x0ba8 KSN ping finished: true
11:14:49.0484 0x0ba8 ================ Scan system memory ========================
11:14:49.0500 0x0ba8 System memory - ok
11:14:49.0500 0x0ba8 ================ Scan services =============================
11:14:49.0968 0x0ba8 [ D76E9F5A991458A9F7E28395479B3150, 57289AB6B63595406B2EE9A053E6B7FB83FE340A573D81C7543565207175FB64 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
11:14:55.0875 0x0ba8 6to4 - ok
11:14:56.0250 0x0ba8 Abiosdsk - ok
11:14:56.0265 0x0ba8 abp480n5 - ok
11:14:56.0406 0x0ba8 [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:15:00.0000 0x0ba8 ACPI - ok
11:15:00.0046 0x0ba8 [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:15:00.0343 0x0ba8 ACPIEC - ok
11:15:00.0375 0x0ba8 adpu160m - ok
11:15:00.0484 0x0ba8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:15:00.0906 0x0ba8 aec - ok
11:15:01.0031 0x0ba8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:15:01.0156 0x0ba8 AFD - ok
11:15:01.0171 0x0ba8 Aha154x - ok
11:15:01.0187 0x0ba8 aic78u2 - ok
11:15:01.0218 0x0ba8 aic78xx - ok
11:15:03.0218 0x0ba8 [ 6D3077C3346DE5B13835FB859C69A2EA, 2C0FFB8B96CB8627D0F7B8CF49B488B76D5E2DD9E129BADFA8CFDA691579BAD1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:15:08.0046 0x0ba8 ALCXWDM - ok
11:15:08.0125 0x0ba8 [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:15:08.0437 0x0ba8 Alerter - ok
11:15:08.0484 0x0ba8 [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
11:15:08.0671 0x0ba8 ALG - ok
11:15:08.0687 0x0ba8 AliIde - ok
11:15:08.0703 0x0ba8 amsint - ok
11:15:08.0734 0x0ba8 andnetadb - ok
11:15:08.0859 0x0ba8 [ 6B8E7A90E576D4FE308F97C69060A171, 6CE49BC78715737D78E05DECAC23E26A5672ACD2CF3D10154FEA9D47B318D47C ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:15:09.0109 0x0ba8 AppMgmt - ok
11:15:09.0140 0x0ba8 asc - ok
11:15:09.0156 0x0ba8 asc3350p - ok
11:15:09.0187 0x0ba8 asc3550 - ok
11:15:09.0343 0x0ba8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:15:09.0406 0x0ba8 aspnet_state - ok
11:15:09.0453 0x0ba8 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
11:15:09.0609 0x0ba8 aswHwid - ok
11:15:09.0656 0x0ba8 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
11:15:09.0703 0x0ba8 aswMonFlt - ok
11:15:09.0765 0x0ba8 [ 0926775B8C3B32EE99921CCB0F85378E, 21A46B124B3E9F2569030E2DF591858B85AA640DDBB5C994B5C00A1E78C9EF67 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:15:09.0812 0x0ba8 aswRdr - ok
11:15:09.0859 0x0ba8 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
11:15:09.0906 0x0ba8 aswRvrt - ok
11:15:10.0296 0x0ba8 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:15:10.0937 0x0ba8 aswSnx - ok
11:15:11.0156 0x0ba8 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:15:11.0484 0x0ba8 aswSP - ok
11:15:11.0546 0x0ba8 [ 4C0ECF1AFA6992904814C74B99DD36F9, AA0D9BA7FE829888C636EC9D72E8E2D987A1C3FF092F95A38EC607CEE25A91F8 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:15:11.0593 0x0ba8 aswTdi - ok
11:15:11.0703 0x0ba8 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
11:15:11.0859 0x0ba8 aswVmm - ok
11:15:11.0906 0x0ba8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:15:12.0203 0x0ba8 AsyncMac - ok
11:15:12.0296 0x0ba8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:15:12.0625 0x0ba8 atapi - ok
11:15:12.0640 0x0ba8 Atdisk - ok
11:15:12.0703 0x0ba8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:15:13.0062 0x0ba8 Atmarpc - ok
11:15:13.0125 0x0ba8 [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:15:13.0468 0x0ba8 AudioSrv - ok
11:15:13.0515 0x0ba8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:15:13.0859 0x0ba8 audstub - ok
11:15:13.0984 0x0ba8 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:15:14.0046 0x0ba8 avast! Antivirus - ok
11:15:14.0062 0x0ba8 avchv - ok
11:15:14.0125 0x0ba8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:15:14.0453 0x0ba8 Beep - ok
11:15:14.0687 0x0ba8 [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\system32\qmgr.dll
11:15:15.0312 0x0ba8 BITS - ok
11:15:15.0390 0x0ba8 [ 89E739BBA5F636297EA5B5F811189E06, 151B32B12F5DD0D388134DA2471FE9741CF22B9C408DA58FEF8019D3C4EC836B ] Browser C:\WINDOWS\System32\browser.dll
11:15:15.0531 0x0ba8 Browser - ok
11:15:15.0546 0x0ba8 catchme - ok
11:15:15.0609 0x0ba8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:15:15.0937 0x0ba8 cbidf2k - ok
11:15:15.0953 0x0ba8 cd20xrnt - ok
11:15:16.0000 0x0ba8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:15:16.0359 0x0ba8 Cdaudio - ok
11:15:16.0437 0x0ba8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:15:16.0796 0x0ba8 Cdfs - ok
11:15:16.0875 0x0ba8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:15:17.0218 0x0ba8 Cdrom - ok
11:15:17.0234 0x0ba8 Changer - ok
11:15:17.0296 0x0ba8 [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:15:17.0609 0x0ba8 CiSvc - ok
11:15:17.0656 0x0ba8 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:15:18.0062 0x0ba8 ClipSrv - ok
11:15:18.0140 0x0ba8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:18.0218 0x0ba8 clr_optimization_v2.0.50727_32 - ok
11:15:18.0250 0x0ba8 CmdIde - ok
11:15:18.0265 0x0ba8 COMSysApp - ok
11:15:18.0296 0x0ba8 Cpqarray - ok
11:15:18.0390 0x0ba8 [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:15:18.0734 0x0ba8 CryptSvc - ok
11:15:18.0765 0x0ba8 dac2w2k - ok
11:15:18.0781 0x0ba8 dac960nt - ok
11:15:19.0000 0x0ba8 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:15:19.0390 0x0ba8 DcomLaunch - ok
11:15:19.0484 0x0ba8 [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:15:19.0890 0x0ba8 Dhcp - ok
11:15:19.0953 0x0ba8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:15:20.0296 0x0ba8 Disk - ok
11:15:20.0312 0x0ba8 dmadmin - ok
11:15:20.0718 0x0ba8 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:15:21.0593 0x0ba8 dmboot - ok
11:15:21.0718 0x0ba8 [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:15:22.0140 0x0ba8 dmio - ok
11:15:22.0187 0x0ba8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:15:22.0515 0x0ba8 dmload - ok
11:15:22.0562 0x0ba8 [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:15:23.0000 0x0ba8 dmserver - ok
11:15:23.0062 0x0ba8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:15:23.0421 0x0ba8 DMusic - ok
11:15:23.0484 0x0ba8 [ DFAA406BF19F4EE806A6F8D4342137F7, EE2C11B3E37565FC009E323607B2F5F148F9219012EDF848CEFC1B273DAA98A9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:15:23.0609 0x0ba8 Dnscache - ok
11:15:23.0718 0x0ba8 [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:15:24.0140 0x0ba8 Dot3svc - ok
11:15:24.0156 0x0ba8 dpti2o - ok
11:15:24.0187 0x0ba8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:15:24.0515 0x0ba8 drmkaud - ok
11:15:24.0562 0x0ba8 [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:15:24.0921 0x0ba8 EapHost - ok
11:15:24.0984 0x0ba8 [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:15:25.0328 0x0ba8 ERSvc - ok
11:15:25.0421 0x0ba8 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
11:15:25.0546 0x0ba8 Eventlog - ok
11:15:25.0687 0x0ba8 [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\system32\es.dll
11:15:25.0937 0x0ba8 EventSystem - ok
11:15:26.0046 0x0ba8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:15:26.0437 0x0ba8 Fastfat - ok
11:15:26.0546 0x0ba8 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:15:26.0750 0x0ba8 FastUserSwitchingCompatibility - ok
11:15:26.0812 0x0ba8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:15:27.0156 0x0ba8 Fdc - ok
11:15:27.0218 0x0ba8 [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:15:27.0515 0x0ba8 Fips - ok
11:15:27.0546 0x0ba8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:15:27.0890 0x0ba8 Flpydisk - ok
11:15:27.0984 0x0ba8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:15:28.0343 0x0ba8 FltMgr - ok
11:15:28.0437 0x0ba8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:15:28.0500 0x0ba8 FontCache3.0.0.0 - ok
11:15:28.0531 0x0ba8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:15:28.0859 0x0ba8 Fs_Rec - ok
11:15:28.0937 0x0ba8 [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:15:29.0250 0x0ba8 Ftdisk - ok
11:15:29.0312 0x0ba8 [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:15:29.0609 0x0ba8 gameenum - ok
11:15:29.0671 0x0ba8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:15:30.0000 0x0ba8 Gpc - ok
11:15:30.0093 0x0ba8 [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:15:30.0406 0x0ba8 helpsvc - ok
11:15:30.0421 0x0ba8 HidServ - ok
11:15:30.0484 0x0ba8 [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:15:30.0812 0x0ba8 hkmsvc - ok
11:15:30.0828 0x0ba8 hpn - ok
11:15:30.0906 0x0ba8 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
11:15:31.0000 0x0ba8 HPSIService - ok
11:15:31.0156 0x0ba8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:15:31.0343 0x0ba8 HTTP - ok
11:15:31.0406 0x0ba8 [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:15:31.0734 0x0ba8 HTTPFilter - ok
11:15:31.0750 0x0ba8 i2omgmt - ok
11:15:31.0765 0x0ba8 i2omp - ok
11:15:31.0843 0x0ba8 [ C528E27945367191E7BAE364930B6932, 1B95C7B49B4CAE734DC6C9EC22555C5356EEC856B8491C761C777479264CF854 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:15:32.0171 0x0ba8 i8042prt - ok
11:15:32.0515 0x0ba8 [ DA58A8BE6A445835F603720C4BC8837E, 3B73ECB8A4E3BCD15822F8FB794F0F2D3D6F118C7C59B68C82E1CCDC5D242F2E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:15:33.0109 0x0ba8 ialm - ok
11:15:33.0562 0x0ba8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:15:34.0328 0x0ba8 idsvc - ok
11:15:34.0375 0x0ba8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:15:34.0671 0x0ba8 Imapi - ok
11:15:34.0781 0x0ba8 [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:15:35.0156 0x0ba8 ImapiService - ok
11:15:35.0187 0x0ba8 ini910u - ok
11:15:35.0250 0x0ba8 [ 57D928E548B38502ABBA7A77A6EB7312, AD26B8096D918269BD7D9D454BB93850BCE595CE9E2A396F45777E7312396B33 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:15:35.0546 0x0ba8 IntelIde - ok
11:15:35.0593 0x0ba8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:15:35.0921 0x0ba8 Ip6Fw - ok
11:15:35.0984 0x0ba8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:15:36.0265 0x0ba8 IpFilterDriver - ok
11:15:36.0328 0x0ba8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:15:36.0625 0x0ba8 IpInIp - ok
11:15:36.0750 0x0ba8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:15:37.0093 0x0ba8 IpNat - ok
11:15:37.0187 0x0ba8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:15:37.0515 0x0ba8 IPSec - ok
11:15:37.0562 0x0ba8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:15:37.0734 0x0ba8 IRENUM - ok
11:15:37.0781 0x0ba8 [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:15:38.0093 0x0ba8 isapnp - ok
11:15:38.0171 0x0ba8 [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:15:38.0453 0x0ba8 Kbdclass - ok
11:15:38.0562 0x0ba8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:15:38.0937 0x0ba8 kmixer - ok
11:15:39.0031 0x0ba8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:15:39.0140 0x0ba8 KSecDD - ok
11:15:39.0234 0x0ba8 [ 3428E8F86F8ADD36B42FB23542C7B3E4, 9CF643D1A70AF08407ACD5FD6FE4B8777521DDF41B5E63C2E6E1E4CAAC69A403 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:15:39.0375 0x0ba8 LanmanServer - ok
11:15:39.0468 0x0ba8 [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:15:39.0593 0x0ba8 lanmanworkstation - ok
11:15:39.0625 0x0ba8 lbrtfdc - ok
11:15:39.0703 0x0ba8 [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:15:40.0000 0x0ba8 LmHosts - ok
11:15:40.0234 0x0ba8 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:15:40.0515 0x0ba8 MDM - detected UnsignedFile.Multi.Generic ( 1 )
11:15:42.0906 0x0ba8 Detect skipped due to KSN trusted
11:15:42.0906 0x0ba8 MDM - ok
11:15:42.0968 0x0ba8 [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:15:43.0265 0x0ba8 Messenger - ok
11:15:43.0328 0x0ba8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:15:43.0578 0x0ba8 mnmdd - ok
11:15:43.0656 0x0ba8 [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:15:43.0984 0x0ba8 mnmsrvc - ok
11:15:44.0031 0x0ba8 [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:15:44.0312 0x0ba8 Modem - ok
11:15:44.0343 0x0ba8 [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:15:44.0625 0x0ba8 Mouclass - ok
11:15:44.0687 0x0ba8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:15:44.0984 0x0ba8 MountMgr - ok
11:15:45.0000 0x0ba8 mraid35x - ok
11:15:45.0140 0x0ba8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:15:45.0500 0x0ba8 MRxDAV - ok
11:15:45.0750 0x0ba8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:15:46.0125 0x0ba8 MRxSmb - ok
11:15:46.0171 0x0ba8 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:15:46.0484 0x0ba8 MSDTC - ok
11:15:46.0531 0x0ba8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:15:46.0890 0x0ba8 Msfs - ok
11:15:46.0906 0x0ba8 MSIServer - ok
11:15:46.0937 0x0ba8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:15:47.0250 0x0ba8 MSKSSRV - ok
11:15:47.0281 0x0ba8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:15:47.0609 0x0ba8 MSPCLOCK - ok
11:15:47.0640 0x0ba8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:15:47.0953 0x0ba8 MSPQM - ok
11:15:48.0000 0x0ba8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:15:48.0296 0x0ba8 mssmbios - ok
11:15:48.0343 0x0ba8 [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
11:15:48.0640 0x0ba8 ms_mpu401 - ok
11:15:48.0734 0x0ba8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:15:48.0843 0x0ba8 Mup - ok
11:15:48.0906 0x0ba8 [ F0CF56D0DD02D33A34998F87541B2A50, 75011605504A8A02763C64638FD9E516AAFBFD22BD1D89EEF3AE3EF9D21B5694 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
11:15:49.0125 0x0ba8 mvusbews - ok
11:15:49.0312 0x0ba8 [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
11:15:49.0750 0x0ba8 napagent - ok
11:15:49.0875 0x0ba8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:15:50.0250 0x0ba8 NDIS - ok
11:15:50.0296 0x0ba8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:15:50.0375 0x0ba8 NdisTapi - ok
11:15:50.0437 0x0ba8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:15:50.0734 0x0ba8 Ndisuio - ok
11:15:50.0828 0x0ba8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:15:51.0156 0x0ba8 NdisWan - ok
11:15:51.0218 0x0ba8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:15:51.0312 0x0ba8 NDProxy - ok
11:15:51.0406 0x0ba8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:15:51.0687 0x0ba8 NetBIOS - ok
11:15:51.0781 0x0ba8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:15:52.0171 0x0ba8 NetBT - ok
11:15:52.0281 0x0ba8 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
11:15:52.0656 0x0ba8 NetDDE - ok
11:15:52.0718 0x0ba8 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:15:53.0031 0x0ba8 NetDDEdsdm - ok
11:15:53.0093 0x0ba8 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:15:53.0390 0x0ba8 Netlogon - ok
11:15:53.0500 0x0ba8 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
11:15:53.0906 0x0ba8 Netman - ok
11:15:54.0015 0x0ba8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:54.0109 0x0ba8 NetTcpPortSharing - ok
11:15:54.0250 0x0ba8 [ 39EE7C3BFBC64BA87CC8CF67386E814C, B93CCB625CE370D9A49C9374D24C939D7C9FEF81401F4F822C51E12677D77E01 ] Nla C:\WINDOWS\System32\mswsock.dll
11:15:54.0421 0x0ba8 Nla - ok
11:15:54.0484 0x0ba8 [ 1E421A6BCF2203CC61B821ADA9DE878B, C658F1D5DCE7525CF929C65C46AB2881C99D89BF8F0F61C1D440C9D9BFB2F89F ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
11:15:54.0765 0x0ba8 nm - ok
11:15:54.0812 0x0ba8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:15:55.0125 0x0ba8 Npfs - ok
11:15:55.0421 0x0ba8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:15:56.0093 0x0ba8 Ntfs - ok
11:15:56.0140 0x0ba8 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:15:56.0406 0x0ba8 NtLmSsp - ok
11:15:56.0640 0x0ba8 [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:15:57.0234 0x0ba8 NtmsSvc - ok
11:15:57.0265 0x0ba8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:15:57.0546 0x0ba8 Null - ok
11:15:57.0593 0x0ba8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:15:57.0921 0x0ba8 NwlnkFlt - ok
11:15:57.0968 0x0ba8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:15:58.0234 0x0ba8 NwlnkFwd - ok
11:15:58.0328 0x0ba8 [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:15:58.0625 0x0ba8 NwlnkIpx - ok
11:15:58.0671 0x0ba8 [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:15:58.0984 0x0ba8 NwlnkNb - ok
11:15:59.0062 0x0ba8 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:15:59.0343 0x0ba8 NwlnkSpx - ok
11:15:59.0593 0x0ba8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:15:59.0968 0x0ba8 odserv - ok
11:16:00.0078 0x0ba8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:00.0187 0x0ba8 ose - ok
11:16:00.0250 0x0ba8 [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:16:00.0546 0x0ba8 Parport - ok
11:16:00.0593 0x0ba8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:16:00.0875 0x0ba8 PartMgr - ok
11:16:00.0921 0x0ba8 [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:16:01.0203 0x0ba8 ParVdm - ok
11:16:01.0265 0x0ba8 [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:16:01.0578 0x0ba8 PCI - ok
11:16:01.0593 0x0ba8 PCIDump - ok
11:16:01.0625 0x0ba8 [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
11:16:01.0921 0x0ba8 PCIIde - ok
11:16:02.0015 0x0ba8 [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:16:02.0328 0x0ba8 Pcmcia - ok
11:16:02.0343 0x0ba8 PDCOMP - ok
11:16:02.0375 0x0ba8 PDFRAME - ok
11:16:02.0390 0x0ba8 PDRELI - ok
11:16:02.0421 0x0ba8 PDRFRAME - ok
11:16:02.0437 0x0ba8 perc2 - ok
11:16:02.0468 0x0ba8 perc2hib - ok
11:16:02.0593 0x0ba8 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
11:16:02.0671 0x0ba8 PlugPlay - ok
11:16:02.0703 0x0ba8 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:16:03.0015 0x0ba8 PolicyAgent - ok
11:16:03.0078 0x0ba8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:16:03.0359 0x0ba8 PptpMiniport - ok
11:16:03.0437 0x0ba8 [ 7EB15DCE4EC3A0220BD796A15C18186E, E06C572F3FE4F3377D8AF74E8EF15478E71B4C61F944E48E8C35534BEF086110 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:16:03.0703 0x0ba8 Processor - ok
11:16:03.0750 0x0ba8 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:16:04.0031 0x0ba8 ProtectedStorage - ok
11:16:04.0093 0x0ba8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:16:04.0375 0x0ba8 PSched - ok
11:16:04.0390 0x0ba8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:16:04.0671 0x0ba8 Ptilink - ok
11:16:04.0703 0x0ba8 ql1080 - ok
11:16:04.0718 0x0ba8 Ql10wnt - ok
11:16:04.0750 0x0ba8 ql12160 - ok
11:16:04.0765 0x0ba8 ql1240 - ok
11:16:04.0796 0x0ba8 ql1280 - ok
11:16:04.0828 0x0ba8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:16:05.0125 0x0ba8 RasAcd - ok
11:16:05.0203 0x0ba8 [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:16:05.0562 0x0ba8 RasAuto - ok
11:16:05.0609 0x0ba8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:16:05.0890 0x0ba8 Rasl2tp - ok
11:16:06.0000 0x0ba8 [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:16:06.0390 0x0ba8 RasMan - ok
11:16:06.0437 0x0ba8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:16:06.0703 0x0ba8 RasPppoe - ok
11:16:06.0734 0x0ba8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:16:07.0046 0x0ba8 Raspti - ok
11:16:07.0140 0x0ba8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:16:07.0484 0x0ba8 Rdbss - ok
11:16:07.0515 0x0ba8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:16:07.0781 0x0ba8 RDPCDD - ok
11:16:07.0937 0x0ba8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:16:08.0281 0x0ba8 rdpdr - ok
11:16:08.0390 0x0ba8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:16:08.0515 0x0ba8 RDPWD - ok
11:16:08.0625 0x0ba8 [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:16:09.0000 0x0ba8 RDSessMgr - ok
11:16:09.0062 0x0ba8 [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:16:09.0343 0x0ba8 redbook - ok
11:16:09.0406 0x0ba8 [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:16:09.0703 0x0ba8 RemoteAccess - ok
11:16:09.0781 0x0ba8 [ 8F31505484A190D5B22274708799F4EC, 170FF8193C95CEE73B9342B6FB7D83DF4E80B2CCBB27DF41F4AB5F2FB9AF60E1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:16:10.0093 0x0ba8 RemoteRegistry - ok
11:16:10.0203 0x0ba8 [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:16:10.0500 0x0ba8 RpcLocator - ok
11:16:10.0703 0x0ba8 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:16:10.0937 0x0ba8 RpcSs - ok
11:16:11.0062 0x0ba8 [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:16:11.0390 0x0ba8 RSVP - ok
11:16:11.0437 0x0ba8 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:16:11.0687 0x0ba8 rtl8139 - ok
11:16:11.0718 0x0ba8 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
11:16:12.0000 0x0ba8 SamSs - ok
11:16:12.0093 0x0ba8 [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:16:12.0406 0x0ba8 SCardSvr - ok
11:16:12.0531 0x0ba8 [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:16:12.0921 0x0ba8 Schedule - ok
11:16:12.0984 0x0ba8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:16:13.0140 0x0ba8 Secdrv - ok
11:16:13.0187 0x0ba8 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:16:13.0515 0x0ba8 seclogon - ok
11:16:13.0562 0x0ba8 [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
11:16:13.0859 0x0ba8 SENS - ok
11:16:13.0906 0x0ba8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:16:14.0156 0x0ba8 serenum - ok
11:16:14.0203 0x0ba8 [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:16:14.0500 0x0ba8 Serial - ok
11:16:14.0562 0x0ba8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:16:14.0843 0x0ba8 Sfloppy - ok
11:16:15.0031 0x0ba8 [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:16:15.0578 0x0ba8 SharedAccess - ok
11:16:15.0671 0x0ba8 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:16:15.0750 0x0ba8 ShellHWDetection - ok
11:16:15.0765 0x0ba8 Simbad - ok
11:16:15.0796 0x0ba8 Sparrow - ok
11:16:15.0843 0x0ba8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:16:16.0140 0x0ba8 splitter - ok
11:16:16.0203 0x0ba8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:16:16.0328 0x0ba8 Spooler - ok
11:16:16.0421 0x0ba8 [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:16:16.0593 0x0ba8 sr - ok
11:16:16.0703 0x0ba8 [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\system32\srsvc.dll
11:16:16.0890 0x0ba8 srservice - ok
11:16:17.0078 0x0ba8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:16:17.0406 0x0ba8 Srv - ok
11:16:17.0500 0x0ba8 [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:16:17.0703 0x0ba8 SSDPSRV - ok
11:16:17.0875 0x0ba8 [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:16:18.0312 0x0ba8 stisvc - ok
11:16:18.0359 0x0ba8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:16:18.0625 0x0ba8 swenum - ok
11:16:18.0687 0x0ba8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:16:19.0015 0x0ba8 swmidi - ok
11:16:19.0031 0x0ba8 SwPrv - ok
11:16:19.0046 0x0ba8 symc810 - ok
11:16:19.0078 0x0ba8 symc8xx - ok
11:16:19.0093 0x0ba8 sym_hi - ok
11:16:19.0125 0x0ba8 sym_u3 - ok
11:16:19.0187 0x0ba8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:16:19.0468 0x0ba8 sysaudio - ok
11:16:19.0531 0x0ba8 [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:16:19.0859 0x0ba8 SysmonLog - ok
11:16:20.0000 0x0ba8 [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:16:20.0375 0x0ba8 TapiSrv - ok
11:16:20.0578 0x0ba8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:16:20.0921 0x0ba8 Tcpip - ok
11:16:21.0046 0x0ba8 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
11:16:21.0187 0x0ba8 Tcpip6 - ok
11:16:21.0218 0x0ba8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:16:21.0515 0x0ba8 TDPIPE - ok
11:16:21.0562 0x0ba8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:16:21.0843 0x0ba8 TDTCP - ok
11:16:21.0890 0x0ba8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:16:22.0203 0x0ba8 TermDD - ok
11:16:22.0375 0x0ba8 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
11:16:22.0812 0x0ba8 TermService - ok
11:16:22.0906 0x0ba8 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] Themes C:\WINDOWS\System32\shsvcs.dll
11:16:23.0000 0x0ba8 Themes - ok
11:16:23.0093 0x0ba8 [ CD0CC7B167D78043A41C98D4921EFB54, 31AAB5D6D6BA52EBDDE1B5DEB8F9B4D9597FFBA4485F959C846F635060CCB5C0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:16:23.0296 0x0ba8 TlntSvr - ok
11:16:23.0312 0x0ba8 TosIde - ok
11:16:23.0390 0x0ba8 [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:16:23.0734 0x0ba8 TrkWks - ok
11:16:23.0765 0x0ba8 [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:16:24.0062 0x0ba8 tunmp - ok
11:16:24.0125 0x0ba8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:16:24.0390 0x0ba8 Udfs - ok
11:16:24.0421 0x0ba8 ultra - ok
11:16:24.0640 0x0ba8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:16:25.0171 0x0ba8 Update - ok
11:16:25.0296 0x0ba8 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:16:25.0562 0x0ba8 upnphost - ok
11:16:25.0609 0x0ba8 [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
11:16:25.0890 0x0ba8 UPS - ok
11:16:25.0953 0x0ba8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:16:26.0046 0x0ba8 usbccgp - ok
11:16:26.0078 0x0ba8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:16:26.0156 0x0ba8 usbehci - ok
11:16:26.0218 0x0ba8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:16:26.0500 0x0ba8 usbhub - ok
11:16:26.0546 0x0ba8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:16:26.0828 0x0ba8 usbprint - ok
11:16:26.0890 0x0ba8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:16:26.0984 0x0ba8 usbscan - ok
11:16:27.0031 0x0ba8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:16:27.0296 0x0ba8 usbstor - ok
11:16:27.0343 0x0ba8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:16:27.0625 0x0ba8 usbuhci - ok
11:16:27.0671 0x0ba8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:16:27.0968 0x0ba8 VgaSave - ok
11:16:27.0984 0x0ba8 ViaIde - ok
11:16:28.0046 0x0ba8 [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:16:28.0328 0x0ba8 VolSnap - ok
11:16:28.0500 0x0ba8 [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
11:16:28.0843 0x0ba8 VSS - ok
11:16:28.0968 0x0ba8 [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\system32\w32time.dll
11:16:29.0250 0x0ba8 W32Time - ok
11:16:29.0281 0x0ba8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:16:29.0562 0x0ba8 Wanarp - ok
11:16:29.0796 0x0ba8 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:16:30.0156 0x0ba8 Wdf01000 - ok
11:16:30.0171 0x0ba8 WDICA - ok
11:16:30.0250 0x0ba8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:16:30.0531 0x0ba8 wdmaud - ok
11:16:30.0593 0x0ba8 [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:16:30.0906 0x0ba8 WebClient - ok
11:16:31.0078 0x0ba8 [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:16:31.0453 0x0ba8 winmgmt - ok
11:16:31.0546 0x0ba8 [ FD600B032E741EB6AAB509FC630F7C42, 2AF671D0648A5C2D2C4A7D0FDE803F07CC079CF1FA4E237DB912A8C77D9EC1F6 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:16:31.0609 0x0ba8 WinUSB - ok
11:16:31.0656 0x0ba8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:16:31.0796 0x0ba8 WmdmPmSN - ok
11:16:32.0109 0x0ba8 [ 0171CFF34BBA8C5977F18C48D8AEF8C6, 0E3E04220157CCFB92F8D029805EB56D101C2A3AB3375354537FA9B5B3CAA0AD ] Wmi C:\WINDOWS\System32\advapi32.dll
11:16:32.0687 0x0ba8 Wmi - ok
11:16:32.0812 0x0ba8 [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:16:33.0187 0x0ba8 WmiApSrv - ok
11:16:33.0265 0x0ba8 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:16:33.0328 0x0ba8 WpdUsb - ok
11:16:33.0390 0x0ba8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:16:33.0703 0x0ba8 WS2IFSL - ok
11:16:33.0781 0x0ba8 [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:16:34.0125 0x0ba8 wscsvc - ok
11:16:34.0187 0x0ba8 [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:16:34.0468 0x0ba8 wuauserv - ok
11:16:34.0546 0x0ba8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:16:34.0640 0x0ba8 WudfPf - ok
11:16:34.0703 0x0ba8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:16:34.0796 0x0ba8 WudfRd - ok
11:16:34.0843 0x0ba8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:16:34.0937 0x0ba8 WudfSvc - ok
11:16:35.0187 0x0ba8 [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:16:35.0796 0x0ba8 WZCSVC - ok
11:16:35.0890 0x0ba8 [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:16:36.0265 0x0ba8 xmlprov - ok
11:16:36.0296 0x0ba8 ================ Scan global ===============================
11:16:36.0359 0x0ba8 [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
11:16:36.0562 0x0ba8 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
11:16:36.0875 0x0ba8 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
11:16:36.0984 0x0ba8 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
11:16:37.0000 0x0ba8 [ Global ] - ok
11:16:37.0015 0x0ba8 ================ Scan MBR ==================================
11:16:37.0046 0x0ba8 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
11:16:37.0515 0x0ba8 \Device\Harddisk0\DR0 - ok
11:16:37.0531 0x0ba8 ================ Scan VBR ==================================
11:16:37.0546 0x0ba8 [ 00A8314BFA5DB950DE79AE90BCFC255C ] \Device\Harddisk0\DR0\Partition1
11:16:37.0546 0x0ba8 \Device\Harddisk0\DR0\Partition1 - ok
11:16:37.0546 0x0ba8 ================ Scan generic autorun ======================
11:16:37.0656 0x0ba8 [ D24B9B36C06CA0ACF7CA2C69D9BB25B5, 1806B073EEB5E6B0D2B966AE60B1018B00E88B2DEDF520BDF14743B16E92D3A0 ] C:\WINDOWS\system32\igfxtray.exe
11:16:37.0796 0x0ba8 IgfxTray - ok
11:16:37.0890 0x0ba8 [ 66A5047DF0C0CEC911B95B5B1E24CEBC, 58B7691FB8FD9816950409CA17BD71E97E4707630C98A6516D815041B2CA1E56 ] C:\WINDOWS\system32\hkcmd.exe
11:16:38.0046 0x0ba8 HotKeysCmds - ok
11:16:38.0359 0x0ba8 [ 92819CB628F57930CA6341DC8B0D9CB4, E9B7FD467448EB21340F628E3D0107BF9D0FF0D4CEA9E3F6BD779FCBAE07FD81 ] C:\WINDOWS\SOUNDMAN.EXE
11:16:38.0921 0x0ba8 SoundMan - ok
11:16:41.0203 0x0ba8 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
11:16:45.0484 0x0ba8 AvastUI.exe - ok
11:16:45.0562 0x0ba8 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
11:16:45.0843 0x0ba8 CTFMON.EXE - ok
11:16:45.0875 0x0ba8 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
11:16:46.0156 0x0ba8 ctfmon.exe - ok
11:16:46.0156 0x0ba8 Waiting for KSN requests completion. In queue: 3
11:16:47.0156 0x0ba8 Waiting for KSN requests completion. In queue: 3
11:16:48.0156 0x0ba8 Waiting for KSN requests completion. In queue: 3
11:16:49.0296 0x0ba8 AV detected via SS1: avast! Antivirus, 5.0.167774368, disabled, updated
11:16:49.0312 0x0ba8 Win FW state via NFM: enabled
11:16:51.0656 0x0ba8 ============================================================
11:16:51.0656 0x0ba8 Scan finished
11:16:51.0656 0x0ba8 ============================================================
11:16:51.0703 0x0b58 Detected object count: 0
11:16:51.0703 0x0b58 Actual detected object count: 0
11:23:36.0656 0x09fc Deinitialize success
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#20 Příspěvek od altrok »

:arrow: Vyborne, vyzkousejte se prihlasit do internetoveho bankovnictvi (neprovadejte jeste zadnou platbu). Stale je pozadovane stahnuti aplikace do mobilu?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
troubler
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 09 pro 2014 23:27

Re: 100% vytíženost, iexplorer.exe

#21 Příspěvek od troubler »

Vypadá to že je vše nyní v pořádku. PC běží rychle a spolehlivě.
U stránky na internet.bankovnictví také v pořádku.

Ještě jsem se chtěl zeptat čím mohu zkontrolovat externí disk do kterého jsem prováděl zálohu z tohoto počítače.

Moc děkuji
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#22 Příspěvek od altrok »

  • Prejmenujte ComboFix na Uninstall a spustte jako spravce
  • ComboFix se odinstaluje.
:arrow: Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

:arrow: Externi disk je mozne zkontrolovat pomoci MBAMu verze 1.75 (aktualni verze 2.0 nepodporuje Win XP).
:arrow: Drzte se presne navodu! Win XP neni podporovan novou verzi 2.0 :!:
  • Stahnete a nainstalujte MBAM 1.75 http://www.bleepingcomputer.com/downloa ... i-malware/
  • na konci instalace zruste zatrzitko u polozky Povolit bezplatnou zkusebni verzi Malwarebytes Anti-Malware PRO
  • ted je dulezity krok - stahuje se aktualizace celeho programu a na konci vyskoci hlaska - zvolte Cancel, pripadne Zrusit
  • jako dalsi se sama stahla aktualizace virove databaze a dava Vam jedinou moznost -> OK
  • opet je Vam nabizena aktualizace celeho programu -> zvolte opet Cancel
  • v zalozce Kontrolor vyberte moznost Kompletni kontrola a kliknete na Prohledat
  • po dokonceni skenovani, ktere se muze protahnout az na nekolik hodin, na Vas vyskoci log, ktery mi zkopirujte do pristi odpovedi... pripadne jej najdete v karte Slozka protokolu
:arrow: Prvne docistime rucne (dejte log z FRST a napisu Vam fix), az pak tam pustte MBAM.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
troubler
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 09 pro 2014 23:27

Re: 100% vytíženost, iexplorer.exe

#23 Příspěvek od troubler »

posílám dva logy. Jeden frst apřiložený addition
Děkuji



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Administrator (administrator) on HRBITOV-PC on 19-12-2014 14:23:12
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1614895754-583907252-527237240-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1614895754-583907252-527237240-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> DefaultScope {3c8bc9f3-0553-43b9-9587-c0f80452694c} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> {0ae3ebb5-799c-4d60-8b1c-ae2fb9aba5a4} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> {217b6669-c337-43b6-a0a6-f3f9bf163eeb} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> {3c8bc9f3-0553-43b9-9587-c0f80452694c} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> {b81b2ed1-179d-475e-8cd3-45189a430921} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
Tcpip\Parameters: [DhcpNameServer] 78.156.32.2

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-583907252-527237240-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1614895754-583907252-527237240-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-10]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-10] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 14:23 - 2014-12-19 14:24 - 00010425 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-12-19 14:22 - 2014-12-19 14:23 - 00000000 ____D () C:\FRST
2014-12-19 14:21 - 2014-12-19 14:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-12-19 14:13 - 2014-12-19 14:13 - 01113600 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-12-18 11:13 - 2014-12-18 11:13 - 04187592 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe
2014-12-18 11:09 - 2014-12-19 14:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-12-18 11:09 - 2014-12-18 11:09 - 00008280 _____ () C:\ComboFix.txt
2014-12-18 11:09 - 2014-12-18 11:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-18 11:09 - 2014-12-18 11:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-12-16 14:25 - 2014-12-16 14:25 - 00114688 _____ () C:\WINDOWS\Minidump\Mini121614-01.dmp
2014-12-16 13:37 - 2014-12-16 13:37 - 00000000 _RSHD () C:\cmdcons
2014-12-16 13:37 - 2012-06-11 07:38 - 00000211 _____ () C:\Boot.bak
2014-12-16 13:37 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-12-16 13:33 - 2014-12-19 08:26 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-16 13:33 - 2014-12-16 13:33 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty\Filmy
2014-12-16 07:51 - 2014-12-16 07:56 - 00003036 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2014-12-16 07:50 - 2014-12-16 07:50 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2014-12-16 07:45 - 2014-12-16 07:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-15 13:19 - 2014-12-15 13:18 - 00043217 _____ () C:\Documents and Settings\Administrator\Plocha\scardsvr.zip
2014-12-15 13:18 - 2014-12-15 13:18 - 00043217 _____ () C:\WINDOWS\system32\scardsvr.zip
2014-12-15 13:17 - 2014-12-15 13:17 - 00037596 _____ () C:\WINDOWS\system32\scardsvr.rar
2014-12-12 16:49 - 2014-12-15 12:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-12-12 16:49 - 2014-12-12 16:49 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 16:46 - 2014-12-12 16:46 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-12 16:45 - 2014-12-13 14:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\mbar
2014-12-12 16:44 - 2014-12-12 16:44 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Plocha\mbar-1.08.2.1001.exe
2014-12-11 06:57 - 2014-12-11 06:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\AVAST Software
2014-12-11 06:53 - 2014-12-11 06:53 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-12-10 16:08 - 2014-12-12 06:57 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-10 16:08 - 2014-12-12 06:57 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-10 16:08 - 2014-12-10 16:07 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-10 16:08 - 2014-12-10 16:07 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-10 16:07 - 2014-12-10 16:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-10 15:55 - 2014-12-10 15:55 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-10 15:54 - 2014-12-10 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-12-10 11:40 - 2014-12-10 11:40 - 00000000 ____D () C:\_OTM
2014-12-10 11:37 - 2014-12-10 11:37 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Plocha\OTM.exe
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\rsit
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\Program Files\trend micro
2014-12-10 07:41 - 2014-12-10 07:41 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2014-12-09 10:28 - 2014-12-09 11:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IObit
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Security 360
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IObit
2014-12-09 07:04 - 2014-12-09 07:04 - 00106496 _____ () C:\WINDOWS\Minidump\Mini120914-01.dmp
2014-12-08 08:58 - 2014-12-08 08:58 - 00000165 ____H () C:\Documents and Settings\Administrator\Plocha\~$Tažená čísla.xlsx
2014-12-05 11:58 - 2014-12-05 11:58 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\BitDefender
2014-12-05 11:20 - 2014-12-05 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\LavasoftStatistics
2014-12-05 11:03 - 2014-12-05 11:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-12-05 11:03 - 2014-12-05 11:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-12-05 11:02 - 2014-12-05 11:03 - 00004230 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-12-05 11:02 - 2014-12-05 11:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-12-05 10:49 - 2014-12-05 10:49 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-05 10:07 - 2014-12-05 10:07 - 00027970 _____ () C:\Documents and Settings\Administrator\Plocha\prepracovane Corel Draw.ai
2014-12-05 10:07 - 2014-12-05 10:07 - 00020984 _____ () C:\Documents and Settings\Administrator\Plocha\prepracovane Corel Draw 2.ai
2014-12-05 10:06 - 2014-12-05 10:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Plocha\mbam-setup-2.0.4.1028.exe
2014-12-04 09:02 - 2014-12-04 09:02 - 00015032 _____ () C:\Documents and Settings\Administrator\Plocha\prepracovane Corel Draw.cdr
2014-12-04 08:57 - 2014-12-04 08:57 - 00009863 _____ () C:\Documents and Settings\Administrator\Plocha\vdvdvddv.eps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 14:23 - 2012-06-11 07:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-12-19 14:21 - 2012-06-11 07:51 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-12-19 13:37 - 2012-06-11 08:11 - 00013030 _____ () C:\PDOXUSRS.NET
2014-12-19 13:37 - 2012-06-11 08:11 - 00000257 _____ () C:\WINDOWS\Hrbitov.INI
2014-12-19 11:35 - 2014-01-30 07:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Docházky 2014
2014-12-19 09:45 - 2014-06-25 08:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Smlouvy 2014
2014-12-19 08:26 - 2012-06-11 07:42 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-19 07:35 - 2012-06-11 07:43 - 02079716 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-19 07:34 - 2014-03-20 06:49 - 00000238 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-12-19 07:34 - 2012-06-11 09:37 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-19 07:34 - 2012-06-11 09:37 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-19 07:34 - 2012-06-11 07:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-19 07:34 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-19 07:32 - 2012-06-11 07:51 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-12-19 07:32 - 2012-06-11 07:50 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-18 12:54 - 2012-06-11 07:50 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-18 11:04 - 2008-04-14 13:00 - 00000246 _____ () C:\WINDOWS\system.ini
2014-12-18 10:28 - 2012-06-11 07:51 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-12-18 08:41 - 2012-06-11 07:51 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-16 14:25 - 2012-07-18 13:34 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-16 13:37 - 2012-06-11 09:32 - 00000327 __RSH () C:\boot.ini
2014-12-16 13:33 - 2012-06-11 07:51 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty
2014-12-16 10:02 - 2012-06-14 14:04 - 00154624 _____ () C:\Documents and Settings\Administrator\Plocha\Evidence zemřelých.xls
2014-12-12 16:49 - 2012-06-11 09:33 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-12 16:25 - 2012-06-14 06:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Temp
2014-12-12 12:14 - 2012-06-12 06:53 - 00002317 _____ () C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
2014-12-10 15:44 - 2012-06-11 09:34 - 01051799 _____ () C:\WINDOWS\iis6.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00945736 _____ () C:\WINDOWS\FaxSetup.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00463988 _____ () C:\WINDOWS\ocgen.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00438557 _____ () C:\WINDOWS\tsoc.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00325918 _____ () C:\WINDOWS\comsetup.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00196259 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00166832 _____ () C:\WINDOWS\netfxocm.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00065956 _____ () C:\WINDOWS\MedCtrOC.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00059254 _____ () C:\WINDOWS\ocmsn.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00048213 _____ () C:\WINDOWS\tabletoc.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00047700 _____ () C:\WINDOWS\msgsocm.log
2014-12-10 15:44 - 2012-06-11 09:34 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-12-10 15:36 - 2014-07-01 12:31 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-10 15:36 - 2012-06-11 09:33 - 00490829 _____ () C:\WINDOWS\setupapi.log
2014-12-10 11:41 - 2012-07-18 14:41 - 00000000 __SHD () C:\WINDOWS\CSC
2014-12-09 11:16 - 2012-06-11 09:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-09 11:16 - 2012-06-11 09:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-12-09 11:16 - 2012-06-11 09:33 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-12-09 11:16 - 2012-06-11 07:51 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start
2014-12-09 10:28 - 2012-06-11 07:51 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2014-12-09 10:11 - 2012-06-14 14:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\MOje
2014-12-08 15:00 - 2014-03-20 06:49 - 00000232 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-12-08 08:38 - 2012-07-18 12:32 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2014-12-05 11:29 - 2014-01-30 08:59 - 00028996 _____ () C:\Documents and Settings\Administrator\Plocha\Stav Plateb BU.xlsx
2014-12-05 11:25 - 2014-08-22 06:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Lavasoft
2014-12-05 11:03 - 2012-06-11 09:34 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-12-05 11:03 - 2012-06-11 09:33 - 00198629 _____ () C:\WINDOWS\setupact.log
2014-12-05 10:20 - 2013-09-26 06:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-03 13:59 - 2013-07-16 08:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Dlužníci vyškrtané prazdné 2013
2014-12-03 13:52 - 2013-02-05 10:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Dlužníci 2013
2014-11-24 11:42 - 2012-06-11 07:51 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty\Obrázky

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 178 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Software602\\602SQL11\\602gcli11.exe"="C:\\Program Files\\Software602\\602SQL11\\602gcli11.exe:*:Enabled:602SQL Management and Development Client"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikac\\Google\\Chrome\\Application\\chrome.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikac\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Administrator at 2014-12-19 14:25:58
Running from C:\Documents and Settings\Administrator\Plocha
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

602SQL Open Server 11.0 (HKLM\...\{C344C5EE-5DE5-4229-9620-BB6BC1E331A1}) (Version: 11.0 - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Aktualizace systému Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení pro Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Aktualizace zabezpečení produktu Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Altap Salamander 2.54 (HKLM\...\Altap Salamander 2.54) (Version: 2.54 - ALTAP)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Borland Database Engine Setup (HKLM\...\Borland Database Engine Setup) (Version: - )
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
Google Chrome (HKU\S-1-5-21-1614895754-583907252-527237240-500\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
Intel(R) Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
J2SE Runtime Environment 5.0 Update 17 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150170}) (Version: 1.5.0.170 - Sun Microsystems, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
JNLP (HKU\S-1-5-21-1614895754-583907252-527237240-500\...\JNLP) (Version: - JNLP) <==== ATTENTION!
K-Lite Codec Pack 9.1.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.1.0 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
Správa hřbitova verze 1.56 DEMO (HKLM\...\{1FF00812-C9E0-471D-A9C9-F3765108EE31}_is1) (Version: 1.56 DEMO - EXCO-HN s.r.o.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VBA (2627.01) (Version: 6.03.00.9188 - Microsoft Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1614895754-583907252-527237240-500\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM\...\Winamp Essentials Pack) (Version: v5.63a - Christoph Grether)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.135\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.5\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.23.9\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.145\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.123\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.153\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.24.15\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.22.3\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.165\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.115\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.22.5\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.111\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-583907252-527237240-500_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.24.7\psuser.d (the data entry has 10 more characters).

==================== Restore Points =========================

19-12-2014 08:27:14 Kontrolní bod systému

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 13:00 - 2014-12-18 11:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-12-19 07:38 - 2014-12-19 07:38 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121801\algo.dll
2014-12-19 11:44 - 2014-12-19 11:44 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121900\algo.dll
2012-06-11 08:02 - 2010-02-10 17:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-11 08:02 - 2010-02-17 23:49 - 00323584 _____ () C:\Program Files\WinRAR\rarlng.dll
2012-06-11 12:00 - 2009-11-20 12:42 - 00163840 _____ () C:\WINDOWS\system32\HPM1210LM.DLL
2012-06-11 12:00 - 2009-11-20 12:42 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2014-12-10 16:06 - 2014-12-10 16:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-11 12:00 - 2009-12-04 00:00 - 00167936 _____ () C:\WINDOWS\system32\m1130wia.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1614895754-583907252-527237240-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1614895754-583907252-527237240-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1614895754-583907252-527237240-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1614895754-583907252-527237240-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 02:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul mshtml.dll, verze 8.0.6001.23588, adresa chyby 0x00088c83.
Zpracování události, specifické pro médium ([iexplore.exe!ws!])

Error: (12/18/2014 10:41:21 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: The server name or address could not be resolved

Error: (12/18/2014 08:29:50 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: The server name or address could not be resolved

Error: (12/18/2014 07:51:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace Hrbitov.exe, verze 0.0.0.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/16/2014 02:49:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/16/2014 07:47:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x000673be.
Zpracování události, specifické pro médium ([explorer.exe!ws!])

Error: (12/09/2014 09:16:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace is360setup[1].tmp, verze 51.1051.0.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/08/2014 10:17:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace WINWORD.EXE, verze 12.0.6707.5000, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/08/2014 08:41:34 AM) (Source: Winlogon) (EventID: 1015) (User: )
Description: Důležitý systémový proces C:\WINDOWS\system32\lsass.exe nebyl úspěšný, stavový kód: c0000006. Počítač je nyní nutné restartovat.

Error: (12/08/2014 08:39:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace lsass.exe, verze 5.1.2600.5512, chybující modul ipsecsvc.dll, verze 5.1.2600.5512, adresa chyby 0x00015e0e.
Zpracování události, specifické pro médium ([lsass.exe!ws!])


System errors:
=============
Error: (12/18/2014 10:29:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/18/2014 10:29:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/18/2014 10:29:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP SI Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (12/18/2014 10:29:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/18/2014 08:32:35 AM) (Source: W32Time) (EventID: 29) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (12/18/2014 08:32:35 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (12/18/2014 08:17:00 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000006dsound.dllHarddiskVolume1

Error: (12/18/2014 08:17:00 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/18/2014 08:16:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/18/2014 08:16:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena. Tento stav nastal již 1krát.


Microsoft Office Sessions:
=========================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#24 Příspěvek od altrok »

:arrow: Aktualizujte Adobe Flash Player.

  • Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
  • ukoncete vsechny programy
  • kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
  • po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> DefaultScope {3c8bc9f3-0553-43b9-9587-c0f80452694c} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5

CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2014-12-19 14:21 - 2014-12-19 14:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-12-19 14:23 - 2014-12-19 14:24 - 00010425 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-12-18 11:13 - 2014-12-18 11:13 - 04187592 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe
2014-12-18 11:09 - 2014-12-18 11:09 - 00008280 _____ () C:\ComboFix.txt
2014-12-16 07:51 - 2014-12-16 07:56 - 00003036 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2014-12-16 07:50 - 2014-12-16 07:50 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2014-12-16 07:45 - 2014-12-16 07:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-15 13:19 - 2014-12-15 13:18 - 00043217 _____ () C:\Documents and Settings\Administrator\Plocha\scardsvr.zip
2014-12-15 13:18 - 2014-12-15 13:18 - 00043217 _____ () C:\WINDOWS\system32\scardsvr.zip
2014-12-15 13:17 - 2014-12-15 13:17 - 00037596 _____ () C:\WINDOWS\system32\scardsvr.rar
2014-12-12 16:45 - 2014-12-13 14:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\mbar
2014-12-12 16:44 - 2014-12-12 16:44 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Plocha\mbar-1.08.2.1001.exe
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\rsit
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\Program Files\trend micro
2014-12-10 07:41 - 2014-12-10 07:41 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2014-12-09 10:28 - 2014-12-09 11:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IObit
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Security 360
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IObit

Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
troubler
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 09 pro 2014 23:27

Re: 100% vytíženost, iexplorer.exe

#25 Příspěvek od troubler »

Dobrý den posílám dva logy:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2014 01
Ran by Administrator at 2014-12-22 15:14:11 Run:1
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1614895754-583907252-527237240-500 -> DefaultScope {3c8bc9f3-0553-43b9-9587-c0f80452694c} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5

CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2014-12-19 14:21 - 2014-12-19 14:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-12-19 14:23 - 2014-12-19 14:24 - 00010425 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-12-18 11:13 - 2014-12-18 11:13 - 04187592 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe
2014-12-18 11:09 - 2014-12-18 11:09 - 00008280 _____ () C:\ComboFix.txt
2014-12-16 07:51 - 2014-12-16 07:56 - 00003036 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2014-12-16 07:50 - 2014-12-16 07:50 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2014-12-16 07:45 - 2014-12-16 07:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-15 13:19 - 2014-12-15 13:18 - 00043217 _____ () C:\Documents and Settings\Administrator\Plocha\scardsvr.zip
2014-12-15 13:18 - 2014-12-15 13:18 - 00043217 _____ () C:\WINDOWS\system32\scardsvr.zip
2014-12-15 13:17 - 2014-12-15 13:17 - 00037596 _____ () C:\WINDOWS\system32\scardsvr.rar
2014-12-12 16:45 - 2014-12-13 14:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\mbar
2014-12-12 16:44 - 2014-12-12 16:44 - 16448208 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Plocha\mbar-1.08.2.1001.exe
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\rsit
2014-12-10 07:42 - 2014-12-10 07:42 - 00000000 ____D () C:\Program Files\trend micro
2014-12-10 07:41 - 2014-12-10 07:41 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2014-12-09 10:28 - 2014-12-09 11:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IObit
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Security 360
2014-12-09 09:08 - 2014-12-09 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IObit

Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Hosts:
EmptyTemp:
End


*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\39.0.2171.95\gcswf32.dll not found.
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
andnetadb => Service deleted successfully.
avchv => Service deleted successfully.
catchme => Service deleted successfully.
"C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe" => File/Directory not found.
C:\Documents and Settings\Administrator\Plocha\FRST.txt => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\Rkill.txt => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\rkill.exe => Moved successfully.
C:\TDSSKiller_Quarantine => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\scardsvr.zip => Moved successfully.
C:\WINDOWS\system32\scardsvr.zip => Moved successfully.
C:\WINDOWS\system32\scardsvr.rar => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\mbar => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\mbar-1.08.2.1001.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\RSIT.exe => Moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\IObit => Moved successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Security 360 => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 14.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:15:05 ====
-----------------------------------------------------------------
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 242312 bytes
->Temporary Internet Files folder emptied: 1606950 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1491 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 206848 bytes

Total Files Cleaned = 2,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 12222014_145956
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: 100% vytíženost, iexplorer.exe

#26 Příspěvek od altrok »

:arrow: Ted muzete otestovat i externi disk pomoci MBAMu viz navod vyse. Log vlozte sem. Sken zabere hodne casu (v radu hodin), takze je lepsi toto udelat napr. pres noc.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“