VIRY.CZ

Zdravím,

níže přikládám log. Rozsah scanu jsem nastavil na 2 měsíce, poslední spuštění viru (způsobující zašifrování dat) proběhlo 2. 11.

Na serveru běží Windows Server 2008 R2 Enterprise 64b, antivir AVG Internet Security Business Edition.

Děkuji.
J. Král

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2015-12-08 08:50:29
Microsoft Windows Server 2008 R2 Enterprise Service Pack 1
System drive C: has 551 GB (58%) free of 953 GB
Total RAM: 6134 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:50:42, on 8.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16717)
Boot mode: Normal

Running processes:
c:\program files (x86)\teamviewer\TeamViewer.exe
C:\Windows\SysWOW64\javaw.exe
C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
C:\Java\bin\java.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NGTray] "C:\Program Files (x86)\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - Global Startup: UniFi.lnk = C:\Windows\SysWOW64\javaw.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oaspgsberoun.cze
O17 - HKLM\System\CCS\Services\Tcpip\..\{B75E1EE1-6A75-49FA-8588-07804E5BC733}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oaspgsberoun.cze
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oaspgsberoun.cze
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files (x86)\Symantec\Ghost\ngserver.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\Windows\system32\vmms.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6735 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe -sMICROSOFT##SSEE
"C:\Program Files (x86)\Symantec\Ghost\ngserver.exe"
C:\Windows\system32\svchost.exe -k regsvc
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Program Files\Update Services\Service\bin\WsusService.exe"
C:\Windows\system32\svchost -k nvspwmi
C:\Windows\system32\svchost -k virtsvcs
C:\Windows\system32\vmms.exe
"C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe" -x none -ti 0 -q -sc -ga -y "C:\Program Files (x86)\Symantec\Ghost\db\SYMANTECGHOST.DB"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"c:\program files (x86)\teamviewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Windows\System32\MtxHotPlugService.exe" v
"C:\Windows\SysWOW64\javaw.exe" -jar "C:\Users\Administrator\Ubiquiti UniFi\lib\ace.jar" ui
"C:\Program Files (x86)\Symantec\Ghost\ngtray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Java\bin\java -Xmx1024M -jar "C:\Users\Administrator\Ubiquiti UniFi\lib\ace.jar" start
\??\C:\Windows\system32\conhost.exe "2073884631-979127901-697391623-1139173936-291156580-890819774-1573163054-1611949421
bin\mongod --dbpath "C:\Users\Administrator\Ubiquiti UniFi\data\db" --port 27117 --logappend --logpath logs/mongod.log --nohttpinterface --bind_ip 127.0.0.1
\??\C:\Windows\system32\conhost.exe "-1211174109-151878989811006619585874736751451932367374495620-1970355064-528299826
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\msdtc.exe
c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v2.0" -l "webengine4.dll" -a \\.\pipe\iisipmd023c326-339e-4c1a-82f9-864e0fb8f580 -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20
c:\windows\system32\inetsrv\w3wp.exe -ap "WsusPool" -v "v2.0" -l "webengine4.dll" -a \\.\pipe\iisipmbc28c371-98f8-45a6-90a7-f8b2516395d6 -h "C:\inetpub\temp\apppools\WsusPool\WsusPool.config" -w "" -m 0 -t 20
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-c2cc-1c5fa5404d05 /binaryPath="C:\Program Files (x86)\AVG\Av\\"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
C:\Program Files (x86)\AVG\Av\avgrsa.exe
"C:\Program Files (x86)\AVG\Av\avgui.exe"
ctfmon.exe
"C:\Software\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Java\bin\ssv.dll [2013-09-20 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Java\bin\jp2ssv.dll [2013-09-20 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MtxHotPlugService"=C:\Windows\system32\MtxHotPlugService.exe [2010-10-12 38656]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NGTray"=C:\Program Files (x86)\Symantec\Ghost\ngtray.exe [2009-12-24 206216]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
UniFi.lnk - C:\Windows\SysWOW64\javaw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
rassfm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"LogonType"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"ShowSuperHidden"=1
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2015-12-08 08:50:31 ----D---- C:\Program Files\trend micro
2015-12-08 08:50:29 ----D---- C:\rsit
2015-12-07 23:28:03 ----D---- C:\Users\Administrator\AppData\Roaming\AVG
2015-12-07 23:26:01 ----D---- C:\ProgramData\Avg
2015-12-03 03:00:13 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-03 03:00:13 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-03 03:00:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-03 03:00:13 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-03 03:00:13 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wups2.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wups.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wudriver.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wucltux.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wuapp.exe
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wuapi.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-03 03:00:13 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-25 20:54:14 ----D---- C:\Users\Administrator\AppData\Roaming\Mrp
2015-11-25 11:46:55 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2015-11-25 11:46:54 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2015-11-23 15:31:37 ----D---- C:\Users\Administrator\AppData\Roaming\AVG2012
2015-11-23 15:30:36 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2015-11-19 03:02:33 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2015-11-19 03:02:33 ----A---- C:\Windows\system32\nlsbres.dll
2015-11-19 03:02:24 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-11-19 03:02:24 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-11-19 03:02:24 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-11-19 03:02:24 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-11-19 03:02:24 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-11-19 03:02:24 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-11-14 03:00:18 ----A---- C:\Windows\system32\win32k.sys
2015-11-12 03:12:35 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-11-12 03:12:35 ----A---- C:\Windows\system32\mshtmled.dll
2015-11-12 03:12:34 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-11-12 03:12:34 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-11-12 03:12:34 ----A---- C:\Windows\SYSWOW64\url.dll
2015-11-12 03:12:34 ----A---- C:\Windows\system32\vbscript.dll
2015-11-12 03:12:34 ----A---- C:\Windows\system32\urlmon.dll
2015-11-12 03:12:34 ----A---- C:\Windows\system32\url.dll
2015-11-12 03:12:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-11-12 03:12:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-11-12 03:12:33 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-11-12 03:12:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-11-12 03:12:33 ----A---- C:\Windows\system32\wininet.dll
2015-11-12 03:12:33 ----A---- C:\Windows\system32\msfeedssync.exe
2015-11-12 03:12:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-11-12 03:12:33 ----A---- C:\Windows\system32\iertutil.dll
2015-11-12 03:12:33 ----A---- C:\Windows\system32\dxtrans.dll
2015-11-12 03:12:33 ----A---- C:\Windows\system32\dxtmsft.dll
2015-11-12 03:12:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-11-12 03:12:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-11-12 03:12:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-11-12 03:12:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-11-12 03:12:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-11-12 03:12:32 ----A---- C:\Windows\system32\msfeeds.dll
2015-11-12 03:12:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-11-12 03:12:32 ----A---- C:\Windows\system32\jscript.dll
2015-11-12 03:12:32 ----A---- C:\Windows\system32\ieui.dll
2015-11-12 03:12:31 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-11-12 03:12:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-11-12 03:12:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-11-12 03:12:31 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-11-12 03:12:31 ----A---- C:\Windows\system32\mshta.exe
2015-11-12 03:12:31 ----A---- C:\Windows\system32\jscript9.dll
2015-11-12 03:12:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-11-12 03:12:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-11-12 03:12:29 ----A---- C:\Windows\system32\mshtml.dll
2015-11-12 03:12:29 ----A---- C:\Windows\system32\ieframe.dll
2015-11-12 03:12:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-11-12 03:12:15 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-12 03:12:15 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-12 03:12:15 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-12 03:12:15 ----A---- C:\Windows\system32\shimeng.dll
2015-11-12 03:12:15 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-12 03:12:15 ----A---- C:\Windows\system32\apphelp.dll
2015-11-12 03:12:15 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-12 03:08:51 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-12 03:08:51 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-12 03:08:51 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 03:08:50 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 03:08:50 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-12 03:08:50 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-12 03:08:50 ----A---- C:\Windows\system32\msaudite.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 03:08:49 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 03:08:49 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-12 03:08:49 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 03:08:48 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 03:08:48 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-12 03:08:48 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-12 03:08:48 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-12 03:08:48 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-12 03:08:48 ----A---- C:\Windows\system32\msobjs.dll
2015-11-12 03:08:48 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-12 03:08:48 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-12 03:08:48 ----A---- C:\Windows\system32\adtschema.dll
2015-11-12 03:08:46 ----A---- C:\Windows\system32\winsrv.dll
2015-11-12 03:08:46 ----A---- C:\Windows\system32\wdigest.dll
2015-11-12 03:08:46 ----A---- C:\Windows\system32\schannel.dll
2015-11-12 03:08:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-12 03:08:46 ----A---- C:\Windows\system32\lsass.exe
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-12 03:08:45 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-12 03:08:45 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-12 03:08:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-12 03:08:45 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-12 03:08:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-12 03:08:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-12 03:08:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-12 03:08:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-12 03:08:45 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-12 03:08:45 ----A---- C:\Windows\system32\conhost.exe
2015-11-12 03:08:45 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-12 03:08:45 ----A---- C:\Windows\system32\auditpol.exe
2015-11-12 03:08:44 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-12 03:08:44 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-12 03:08:44 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-12 03:08:44 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-12 03:08:44 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-12 03:08:44 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-12 03:08:44 ----A---- C:\Windows\system32\sspicli.dll
2015-11-12 03:08:44 ----A---- C:\Windows\system32\secur32.dll
2015-11-12 03:08:44 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-12 03:08:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-12 03:08:44 ----A---- C:\Windows\system32\credssp.dll
2015-11-12 03:08:43 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-12 03:08:43 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\wow64win.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\wow64.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\smss.exe
2015-11-12 03:08:43 ----A---- C:\Windows\system32\ntdll.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\kernel32.dll
2015-11-12 03:08:43 ----A---- C:\Windows\system32\kerberos.dll
2015-11-12 03:08:42 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-12 03:08:42 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-12 03:08:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-12 03:08:34 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-12 03:08:34 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-12 03:08:31 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-12 03:08:28 ----A---- C:\Windows\system32\hvix64.exe
2015-11-12 03:08:28 ----A---- C:\Windows\system32\hvax64.exe
2015-11-12 03:08:28 ----A---- C:\Windows\system32\drivers\hvboot.sys
2015-11-06 15:50:34 ----A---- C:\Windows\system32\drivers\avgdiska.sys
2015-11-06 15:49:38 ----A---- C:\Windows\system32\drivers\avgmfx64.sys
2015-11-06 15:49:38 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2015-11-06 07:40:28 ----D---- C:\Program Files (x86)\ESET
2015-11-05 11:47:43 ----A---- C:\autoexec.bat
2015-11-05 11:46:02 ----D---- C:\sh4ldr
2015-11-05 11:42:28 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2015-11-05 11:41:53 ----D---- C:\Program Files\Enigma Software Group
2015-11-05 11:39:44 ----A---- C:\RakhniDecryptor.1.14.0.0_05.11.2015_11.39.44_log.txt
2015-11-04 12:27:28 ----A---- C:\RakhniDecryptor.1.14.0.0_04.11.2015_12.27.28_log.txt
2015-10-21 16:16:48 ----A---- C:\Windows\system32\drivers\avgldx64.sys
2015-10-17 02:31:11 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-17 02:31:10 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-17 02:31:10 ----A---- C:\Windows\system32\shell32.dll
2015-10-17 02:31:10 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-17 02:09:08 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-17 02:09:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-17 02:09:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-17 02:09:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-17 02:09:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-17 02:09:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-17 02:09:06 ----A---- C:\Windows\system32\appidapi.dll

======List of files/folders modified in the last 2 months======

2015-12-08 08:50:31 ----RD---- C:\Program Files
2015-12-08 08:48:31 ----D---- C:\Software
2015-12-08 08:47:42 ----D---- C:\Windows\Temp
2015-12-08 07:28:33 ----D---- C:\ProgramData\MFAData
2015-12-08 07:15:20 ----D---- C:\Windows\system32\config
2015-12-08 06:37:48 ----D---- C:\Windows\System32
2015-12-08 06:37:48 ----D---- C:\Windows\inf
2015-12-08 06:37:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-08 02:37:21 ----RHD---- C:\Users
2015-12-08 02:32:41 ----SHD---- C:\System Volume Information
2015-12-08 02:32:41 ----D---- C:\Windows\system32\inetsrv
2015-12-07 23:27:58 ----SHD---- C:\Windows\Installer
2015-12-07 23:27:35 ----D---- C:\Windows\system32\drivers
2015-12-07 23:26:30 ----HD---- C:\$AVG
2015-12-07 23:26:18 ----D---- C:\Program Files (x86)\AVG
2015-12-07 23:26:07 ----D---- C:\Windows\SysWOW64
2015-12-07 23:26:01 ----HD---- C:\ProgramData
2015-12-07 23:25:16 ----D---- C:\Windows\system32\Tasks
2015-12-07 23:20:52 ----D---- C:\ProgramData\AVG2012
2015-12-03 03:56:01 ----D---- C:\Windows\rescache
2015-12-03 03:19:44 ----D---- C:\Windows\winsxs
2015-12-03 03:15:49 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-03 03:15:49 ----D---- C:\Windows\system32\cs-CZ
2015-11-23 15:25:38 ----RSD---- C:\Windows\Fonts
2015-11-14 03:00:25 ----D---- C:\Windows\system32\catroot2
2015-11-12 03:35:17 ----D---- C:\Windows\SYSWOW64\migration
2015-11-12 03:35:17 ----D---- C:\Program Files (x86)\Internet Explorer
2015-11-12 03:35:16 ----D---- C:\Windows\system32\migration
2015-11-12 03:35:16 ----D---- C:\Windows\PolicyDefinitions
2015-11-12 03:35:16 ----D---- C:\Program Files\Internet Explorer
2015-11-12 03:35:15 ----D---- C:\Windows\AppPatch
2015-11-12 03:19:51 ----D---- C:\Windows\system32\MRT
2015-11-12 03:14:38 ----A---- C:\Windows\system32\MRT.exe
2015-11-12 03:13:13 ----RSD---- C:\Windows\assembly
2015-11-12 03:13:13 ----D---- C:\Windows\Microsoft.NET
2015-11-12 03:07:46 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:32:33 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-06 07:40:28 ----RD---- C:\Program Files (x86)
2015-11-05 07:28:20 ----D---- C:\Program Files (x86)\TeamViewer
2015-10-17 03:28:35 ----D---- C:\Windows\system32\en-US
2015-10-17 03:28:33 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-17 03:28:33 ----D---- C:\Windows\system32\Boot
2015-10-09 11:18:16 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Ovladač standardu ACPI společnosti Microsoft; C:\Windows\system32\drivers\ACPI.sys [2010-11-20 334208]
R0 amdxata;amdxata; C:\Windows\system32\drivers\amdxata.sys [2011-03-11 27008]
R0 atapi;Kanál IDE; C:\Windows\system32\drivers\atapi.sys [2009-07-14 24128]
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys [2010-10-12 494632]
R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys [2015-03-04 367552]
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [2015-09-23 460776]
R0 Compbatt;Ovladač kompozitní baterie Microsoft; C:\Windows\system32\DRIVERS\compbatt.sys [2009-07-14 21584]
R0 Disk;Ovladač disku; C:\Windows\system32\DRIVERS\disk.sys [2009-07-14 73280]
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys [2010-11-20 289664]
R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [2015-10-20 95680]
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [2015-10-20 154560]
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys [2015-07-15 94656]
R0 msisadrv;msisadrv; C:\Windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys [2015-01-07 104896]
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys [2015-10-13 950720]
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys [2012-03-17 75120]
R0 pci;Řadič sběrnice PCI; C:\Windows\system32\drivers\pci.sys [2010-11-20 184704]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [2009-07-14 50768]
R0 percsas2;percsas2; C:\Windows\system32\DRIVERS\percsas2.sys [2010-08-09 51280]
R0 spldr;Security Processor Loader Driver; C:\Windows\system32\drivers\spldr.sys [2009-07-14 19008]
R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\drivers\vmstorfl.sys [2010-11-20 46464]
R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys [2014-04-05 1903552]
R0 vdrvroot;Ovladač rozpoznávacího modulu virtuální jednotky společnosti Microsoft; C:\Windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
R0 volmgr;Ovladač správce svazků; C:\Windows\system32\drivers\volmgr.sys [2010-11-20 71552]
R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
R0 volsnap;Svazky úložiště; C:\Windows\system32\drivers\volsnap.sys [2010-11-20 295808]
R0 Wdf01000;@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000; C:\Windows\system32\drivers\Wdf01000.sys [2013-06-25 785624]
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys [2015-10-13 497664]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 45056]
R1 cdrom;Ovladač jednotky CD-ROM; C:\Windows\system32\drivers\cdrom.sys [2010-11-20 147456]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2015-01-07 105984]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 40448]
R1 hvboot;@%SystemRoot%\system32\drivers\HvBoot.sys,-16; C:\Windows\system32\drivers\hvboot.sys [2015-11-05 118208]
R1 Msfs;Msfs; C:\Windows\system32\drivers\Msfs.sys [2009-07-14 26112]
R1 mssmbios;Ovladač Microsoft System Management BIOS; C:\Windows\system32\drivers\mssmbios.sys [2009-07-14 32320]
R1 NetBIOS;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys [2009-07-14 44544]
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys [2010-11-20 261632]
R1 Npfs;Npfs; C:\Windows\system32\drivers\Npfs.sys [2009-07-14 44032]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 24576]
R1 Null;Null; C:\Windows\system32\drivers\Null.sys [2009-07-14 6144]
R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys [2010-11-20 131584]
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys [2015-01-07 310272]
R1 RDPCDD;@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100; C:\Windows\System32\DRIVERS\RDPCDD.sys [2009-07-14 7680]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
R1 Serial;Ovladač sériového portu; C:\Windows\system32\DRIVERS\serial.sys [2009-07-14 94208]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2015-10-13 118272]
R1 TermDD;Ovladač terminálového zařízení; C:\Windows\system32\drivers\termdd.sys [2010-11-20 63360]
R1 VgaSave;VgaSave; C:\Windows\System32\drivers\vga.sys [2009-07-14 29184]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 113152]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2015-02-03 663552]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 76800]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2012-10-03 45568]
R3 AcpiPmi;Ovladač měřiče napájení standardu ACPI; C:\Windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\system32\DRIVERS\asyncmac.sys [2009-07-14 23040]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2011-02-23 90624]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
R3 ErrDev;Ovladače chybového zařízení hardwaru Microsoft; C:\Windows\system32\drivers\errdev.sys [2009-07-14 9728]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2015-11-05 15920]
R3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 55376]
R3 G200ew;G200ew; C:\Windows\system32\DRIVERS\g200ewm.sys [2010-10-12 242176]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 26624]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\drivers\hidusb.sys [2010-11-20 30208]
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys [2015-02-25 754688]
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 62464]
R3 IPMIDRV;IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 kbdclass;Keyboard Class Driver; C:\Windows\system32\drivers\kbdclass.sys [2009-07-14 50768]
R3 kbdhid;Ovladač klávesnice standardu HID; C:\Windows\system32\drivers\kbdhid.sys [2010-11-20 33280]
R3 l2nd;Broadcom NetXtreme II BXND; C:\Windows\system32\DRIVERS\bxnd60a.sys [2010-10-12 83496]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 30208]
R3 mouclass;Mouse Class Driver; C:\Windows\system32\drivers\mouclass.sys [2009-07-14 49216]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 31232]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 77312]
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys [2015-10-20 159232]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2015-10-20 290816]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2015-10-20 129024]
R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys [2009-07-14 24064]
R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\system32\DRIVERS\ndiswan.sys [2010-11-20 164352]
R3 NDProxy;NDIS Proxy; C:\Windows\system32\drivers\NDProxy.sys [2010-11-20 57856]
R3 Ntfs;Ntfs; C:\Windows\system32\drivers\Ntfs.sys [2014-01-24 1684928]
R3 passthruparser;@%systemroot%\system32\drivers\passthruparser.sys,-10010; C:\Windows\system32\drivers\passthruparser.sys [2010-11-20 20992]
R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\system32\DRIVERS\raspptp.sys [2010-11-20 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\system32\DRIVERS\rasl2tp.sys [2010-11-20 129536]
R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\system32\DRIVERS\raspppoe.sys [2009-07-14 92672]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 83968]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
R3 Serenum;Ovladač filtru Serenum; C:\Windows\system32\DRIVERS\serenum.sys [2009-07-14 23552]
R3 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys [2011-04-29 467456]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2011-04-29 410112]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2011-04-29 168448]
R3 storvsp;storvsp; C:\Windows\system32\DRIVERS\storvsp.sys [2011-12-02 120320]
R3 swenum;Softwarový ovladač sběrnice; C:\Windows\system32\drivers\swenum.sys [2009-07-14 12496]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2012-08-07 35112]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\drivers\umbus.sys [2010-11-20 48640]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2013-11-27 99840]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\drivers\usbehci.sys [2013-11-27 53248]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2013-11-27 343040]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\drivers\USBSTOR.SYS [2011-03-11 91648]
R3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\drivers\usbuhci.sys [2013-11-27 30720]
R3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2010-11-20 215936]
R3 vhdparser;@%systemroot%\system32\drivers\vhdparser.sys,-10010; C:\Windows\system32\drivers\vhdparser.sys [2010-11-20 17408]
R3 Vid;Vid; C:\Windows\system32\DRIVERS\Vid.sys [2010-11-20 181760]
R3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2011-05-14 200576]
R3 VMSMP;VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [2011-05-14 407552]
S0 sacdrv;sacdrv; C:\Windows\system32\DRIVERS\sacdrv.sys [2009-07-14 96320]
S3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394; C:\Windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 182864]
S3 agp440;Filtr Intel sběrnice AGP; C:\Windows\system32\drivers\agp440.sys [2009-07-14 61008]
S3 aliide;aliide; C:\Windows\system32\drivers\aliide.sys [2009-07-14 15440]
S3 amdide;amdide; C:\Windows\system32\drivers\amdide.sys [2009-07-14 15440]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 64512]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 60928]
S3 amdsata;amdsata; C:\Windows\system32\drivers\amdsata.sys [2011-03-11 107904]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2015-10-01 61440]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 87632]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
S3 b06diag;Broadcom NetXtreme II Diag Driver; C:\Windows\system32\DRIVERS\bxdiaga.sys [2010-10-12 89128]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
S3 Beep;Beep; C:\Windows\system32\drivers\Beep.sys [2009-07-14 6656]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-06-10 14720]
S3 BXOIS;BXOIS; C:\Windows\system32\DRIVERS\bxois.sys [2010-10-12 524840]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 17664]
S3 cmdide;cmdide; C:\Windows\system32\drivers\cmdide.sys [2009-07-14 17488]
S3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2014-06-16 985536]
S3 ebdrv;ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [2010-10-12 1532496]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2015-11-05 22704]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 195072]
S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\system32\drivers\fastfat.sys [2009-07-14 204800]
S3 fdc;Floppy Disk Controller Driver; C:\Windows\system32\DRIVERS\fdc.sys [2009-07-14 29696]
S3 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 34304]
S3 flpydisk;Floppy Disk Driver; C:\Windows\system32\DRIVERS\flpydisk.sys [2009-07-14 24576]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 65088]
S3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\drivers\HDAudBus.sys [2010-11-20 122368]
S3 HpSAMD;HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
S3 i8042prt;Ovladač portu klávesnice i8042 a myši PS/2; C:\Windows\system32\drivers\i8042prt.sys [2009-07-14 105472]
S3 iaStorV;Řadič Intel diskového pole RAID – Windows 7; C:\Windows\system32\drivers\iaStorV.sys [2011-03-11 410496]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 44112]
S3 intelide;intelide; C:\Windows\system32\drivers\intelide.sys [2009-07-14 16960]
S3 ioatdma;Intel(R) QuickData Technology Device; C:\Windows\System32\Drivers\qd260x64.sys [2009-06-10 35328]
S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys [2010-11-20 82944]
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys [2009-07-14 116224]
S3 isapnp;isapnp; C:\Windows\system32\drivers\isapnp.sys [2009-07-14 20544]
S3 iScsiPrt;Ovladač iScsiPort; C:\Windows\system32\drivers\msiscsi.sys [2014-02-04 274880]
S3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [2009-07-14 20992]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2010-10-12 133128]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2010-10-12 75784]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2010-10-12 33288]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 284736]
S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys [2009-07-14 40448]
S3 mpio;Ovladač sběrnice Microsoft Multi-Path; C:\Windows\system32\drivers\mpio.sys [2010-11-20 155008]
S3 msahci;msahci; C:\Windows\system32\drivers\msahci.sys [2010-11-20 31104]
S3 msdsm;Specifický modul zařízení Microsoft Multi-Path; C:\Windows\system32\drivers\msdsm.sys [2010-11-20 140672]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2010-11-20 366976]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
S3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys [2010-11-20 56832]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
S3 nv_agp;Filtr sběrnice NVIDIA nForce AGP; C:\Windows\system32\drivers\nv_agp.sys [2009-07-14 122960]
S3 nvraid;nvraid; C:\Windows\system32\drivers\nvraid.sys [2011-03-11 148352]
S3 nvstor;nvstor; C:\Windows\system32\drivers\nvstor.sys [2011-03-11 166272]
S3 ohci1394;Hostitelský řadič pro rozhraní OHCI standardu 1394 (zastaralé); C:\Windows\system32\drivers\ohci1394.sys [2009-07-14 72832]
S3 Parport;Parallel port driver; C:\Windows\system32\DRIVERS\parport.sys [2009-07-14 97280]
S3 pcmcia;pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [2009-07-14 220752]
S3 Processor;Processor Driver; C:\Windows\system32\DRIVERS\processr.sys [2009-07-14 60416]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys [2009-07-14 14848]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RDPWD;RDP Winstation Driver; C:\Windows\system32\drivers\RDPWD.sys [2014-07-17 212480]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sbp2port;Ovladač sběrnice pro přenos dat zařízení podporujícího protokol SBP-2; C:\Windows\system32\drivers\sbp2port.sys [2010-11-20 103808]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2010-11-20 29696]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 26624]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\Windows\system32\drivers\sffdisk.sys [2009-07-14 14336]
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro konzolu MMC; C:\Windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\Windows\system32\drivers\sffp_sd.sys [2010-11-20 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive; C:\Windows\system32\DRIVERS\sfloppy.sys [2009-07-14 16896]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 43584]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2014-04-05 1903552]
S3 TDPIPE;TDPIPE; C:\Windows\system32\drivers\tdpipe.sys [2009-07-14 15872]
S3 TDTCP;TDTCP; C:\Windows\system32\drivers\tdtcp.sys [2012-02-17 23552]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2015-08-05 39936]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 64080]
S3 uliagpkx;Filtr sběrnice Uli AGP; C:\Windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 9728]
S3 usbohci;Ovladač miniportu otevřeného hostitelského řadiče Microsoft USB; C:\Windows\system32\drivers\usbohci.sys [2013-11-27 25600]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 25088]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 29184]
S3 viaide;viaide; C:\Windows\system32\drivers\viaide.sys [2009-07-14 17488]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 VMSP;VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [2011-05-14 407552]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
S3 WANARP;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 22096]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2009-07-14 14336]
S3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 87040]
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys [2009-07-14 92160]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 24144]
S4 secdrv;Security Driver; C:\Windows\system32\drivers\secdrv.sys [2009-06-10 23040]
S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys [2010-11-20 328192]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 21504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 DcomLaunch;@oleres.dll,-5012; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 eventlog;@%SystemRoot%\system32\wevtsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2010-11-20 15872]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe [2009-07-14 141824]
R2 MSSQL$MICROSOFT##SSEE;Windows Internal Database (MICROSOFT##SSEE); C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [2010-12-10 39627104]
R2 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe [2015-10-20 31232]
R2 NGSERVER;Symantec Ghost Configuration Server; C:\Program Files (x86)\Symantec\Ghost\ngserver.exe [2009-12-24 927112]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 nvspwmi;@%systemroot%\system32\nvspwmi.dll,-10810; C:\Windows\system32\svchost -k nvspwmi []
R2 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RpcSs;@oleres.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe [2015-10-20 31232]
R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe [2012-02-11 559104]
R2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2010-11-20 3524608]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-11-05 1026944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5697296]
R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 vhdsvc;@%systemroot%\system32\vhdsvc.dll,-16020; C:\Windows\system32\svchost -k virtsvcs []
R2 vmms;@%systemroot%\system32\vmms.exe,-10; C:\Windows\system32\vmms.exe [2010-11-20 4625408]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WsusService;Služba Update Service; C:\Program Files\Update Services\Service\bin\WsusService.exe [2009-08-06 34720]
R2 wuauserv;@%systemroot%\system32\wuaueng.dll,-105; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 NGDBSERV;Symantec Ghost Database Service Wrapper; C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe [2009-12-24 169352]
R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 269000]
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe [2009-07-14 79360]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AudioSrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2015-10-20 31232]
S3 FCRegSvc;@%SystemRoot%\system32\FCRegSvc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2015-10-20 31232]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2015-06-15 128000]
S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ProtectedStorage;@%systemroot%\system32\psbase.dll,-300; C:\Windows\system32\lsass.exe [2015-10-20 31232]
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe [2009-07-14 10240]
S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe [2009-07-14 91648]
S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 14336]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 40960]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2015-10-20 31232]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2010-11-20 533504]
S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe [2010-11-20 1600512]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2010-11-20 1504256]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe [2012-08-21 194560]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 WSusCertServer;WSusCertServer; C:\Program Files\Update Services\Service\bin\WsusCertServer.exe [2012-06-07 77608]
S3 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 Browser;@%systemroot%\system32\browser.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2014-03-20 67224]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-03-20 90776]
S4 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpPortSharing;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 upnphost;@%systemroot%\system32\upnphost.dll,-213; C:\Windows\system32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Zdravím, tak jdeme na to


V první řadě přes Odinstalovat programy nebo CCleaner níže odinstaluj SpyHunter 4.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Nakonec použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !


P.S. omlouvám se za tykání

Není proč se omlouvat, rovnou bych navrhl v tykání pokračovat.

Díky za rychlou odpověď, zítra kroky provedu a dám sem nové logy. Jinak v příloze přikládám screen z AVG - nechal jsem znovu proskenovat uživatelské profily a AVG mile překvapilo - našlo system.vbs ve složce Startup u jednoho profilu. Umístění a spuštění pod už. profilem by i sedělo na chování viru, kdy byla zašifrovaná pouze data přístupná z běžného už. účtu.

Bezva, pokud jsem si správně přiřadil jméno můžeme poděkovat za všechny problémy nadané mladé zpěvačce

Ještě poprosím již nezasahovat do léčení jinými prostředky než těmi co píšu, aby v tom nebyl hokej.

Mbam scan nenašel žádnou hrozbu:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 14.12.2015
Čas skenování: 23:30
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.14.06
Databáze rootkitů: v2015.12.07.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows Server 2008 R2 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Administrator

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 315997
Uplynulý čas: 5 min, 21 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

AdwCleaner log:
# AdwCleaner v5.025 - Logfile created 14/12/2015 at 16:26:34
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows Server 2008 R2 Enterprise Service Pack 1 (x64)
# Username : Administrator - SERVER-02
# Running from : C:\Users\Administrator\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [755 bytes] ##########

Mbam můžeš klidně odinstalovat, AdwCleaner stačí hodit do koše.

A jdeme do finále

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Tak ComboFix nepodporuje verze OS pro servery... Je možné použít jiný nástroj?

Zhong píše:Tak ComboFix nepodporuje verze OS pro servery... Je možné použít jiný nástroj?

to mi nedošlo, že jedem na jiné úrovni.

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

Nakonec poprosím ještě o log z Frst.