kontrola logu prosim

[evolution]

pc dlho nabieha niekolo dni, je vytazeny

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:55, on 14. 4. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986 ... 0f6e0da7d5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\PROGRA~2\COMPUT~1\cac.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12961 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986 ... 0f6e0da7d5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[evolution]

antivir mam kaspersky, platenu verziu

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
0000 :: TOMAS [limited]

Protection: Enabled

14. 4. 2012 21:04:36
mbam-log-2012-04-14 (21-10-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195773
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\0000\AppData\Roaming\ArtificialAiming.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\0000\AppData\Local\Temp\219602.Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.
C:\Users\0000\AppData\Local\Temp\is1293846689\IWantThisAD_ROW.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\0000\AppData\Local\Temp\System\mWSCvAP.exe (Backdoor.Agent) -> No action taken.

(end)

[Žbeky]

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[evolution]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.04.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
0000 :: TOMAS [limited]

Protection: Enabled

14. 4. 2012 21:55:26
mbam-log-2012-04-14 (21-55-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195965
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

ComboFix 12-04-14.03 - 0000 . 04. 2012 22:05:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3959.2183 [GMT 1:00]
Running from: c:\users\0000\Desktop\clean\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Setup.exe
c:\programdata\~11D02800_SEtuou4(c~c_027.tmp
c:\programdata\hpeF862.dll
c:\users\0000\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\0000\AppData\Roaming\chrtmp
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 21:20 . 2012-04-14 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\users\0000\AppData\Roaming\Malwarebytes
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 20:03 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 18:04 . 2012-04-14 18:04 388096 ----a-r- c:\users\0000\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-14 18:04 . 2012-04-14 18:04 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-13 00:40 . 2012-04-14 00:09 -------- d-----w- c:\users\0000\AppData\Local\Downloaded Installations
2012-04-12 23:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 23:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 23:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 23:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 23:56 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 23:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 23:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 23:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 23:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 23:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 23:03 . 2012-04-14 17:00 -------- d-----w- c:\users\0000\AppData\Local\ElevatedDiagnostics
2012-04-12 19:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8493EACC-C60B-4727-B38D-DADB9497045A}\mpengine.dll
2012-04-11 21:41 . 2011-05-23 22:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-04-11 21:41 . 2012-04-11 21:41 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-04-11 21:41 . 2011-05-23 22:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-04-11 21:37 . 2012-04-11 21:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-11 21:37 . 2012-04-11 21:37 -------- d-----r- c:\program files (x86)\Skype
2012-04-10 16:30 . 2012-04-10 16:30 -------- d-----w- c:\users\0000\AppData\Local\BVRP Software
2012-04-10 01:58 . 2012-04-10 01:58 251 ----a-w- C:\user.js
2012-04-10 01:58 . 2012-04-10 01:58 -------- d-----w- c:\users\0000\AppData\Local\Google
2012-04-10 01:58 . 2012-04-10 01:58 -------- d-----w- c:\users\0000\AppData\Local\Babylon
2012-04-10 01:58 . 2012-04-10 01:58 -------- d-----w- c:\users\0000\AppData\Roaming\Babylon
2012-04-10 01:58 . 2012-04-10 01:58 -------- d-----w- c:\programdata\Babylon
2012-04-10 01:55 . 2007-06-11 21:04 2267368 ----a-w- c:\windows\SysWow64\Flash.ocx
2012-04-10 01:55 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx
2012-04-10 01:20 . 2012-04-10 01:20 -------- d-sha-w- c:\users\Public\DRM
2012-04-10 01:16 . 2012-04-10 01:20 -------- d-----w- C:\Nový priečinok (2)
2012-04-10 01:11 . 2012-04-10 01:11 -------- d-----w- c:\users\0000\AppData\Local\PackageAware
2012-04-10 01:11 . 2011-02-21 21:25 2323520 ----a-w- c:\windows\SysWow64\gdpicturepro5.ocx
2012-04-10 01:11 . 2011-02-10 23:34 6600192 ----a-w- c:\windows\SysWow64\LicProtector310.exe
2012-04-10 01:11 . 2012-04-10 01:49 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-04-10 01:11 . 2012-04-10 01:11 -------- d-----w- c:\users\0000\AppData\Roaming\Ask.com
2012-04-09 21:46 . 2012-04-09 21:46 -------- d-----w- c:\programdata\NVIDIA
2012-04-09 21:46 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-04-09 21:46 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-09 21:46 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-04-09 21:46 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-09 21:46 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-09 21:46 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-09 21:46 . 2012-04-09 21:46 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-08 03:50 . 2012-04-14 00:50 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 03:01 . 2012-04-14 00:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-07 14:46 . 2012-04-11 21:41 -------- d-----w- c:\users\0000\AppData\Local\Dxtory Software
2012-04-06 03:00 . 2012-04-06 03:00 -------- d-----w- c:\program files (x86)\GameSpy
2012-03-31 00:34 . 2012-03-31 00:35 -------- d-----w- c:\program files (x86)\RapidShareManager
2012-03-28 21:11 . 2012-03-28 21:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-23 16:42 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 16:42 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 16:42 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 16:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 16:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 16:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 16:41 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-23 16:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-23 16:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 16:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-23 16:41 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 16:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 16:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 16:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 16:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 16:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 16:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-20 19:09 . 2012-03-20 19:09 -------- d-----w- c:\users\0000\AppData\Roaming\Apple Computer
2012-03-19 18:46 . 2012-03-19 18:46 -------- d-----w- c:\programdata\Sony
2012-03-19 18:46 . 2012-03-19 18:46 -------- d-----w- c:\users\0000\AppData\Roaming\Publish Providers
2012-03-19 18:30 . 2012-03-19 18:43 -------- d-----w- c:\users\0000\AppData\Local\Sony
2012-03-19 18:30 . 2012-03-19 18:30 -------- d-----w- c:\program files\Sony
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\programdata\Apple Computer
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\users\0000\AppData\Local\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\programdata\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-19 17:23 . 2012-03-19 17:23 -------- d-----w- c:\users\0000\AppData\Roaming\Xilisoft
2012-03-19 17:22 . 2012-03-19 17:22 -------- d-----w- c:\programdata\Xilisoft
2012-03-19 17:22 . 2012-03-19 17:22 -------- d-----w- c:\program files (x86)\Xilisoft
2012-03-19 00:21 . 2012-03-19 00:21 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 00:21 . 2012-03-19 00:21 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 00:50 . 2011-11-30 23:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 18:54 . 2012-03-07 00:20 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-03-07 18:54 . 2012-03-07 00:20 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-03-07 18:54 . 2012-03-07 00:20 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-03-07 18:36 . 2012-03-07 18:36 53248 ----a-w- c:\windows\SysWow64\nvTextureToolsUtil.dll
2012-02-29 00:11 . 2011-12-08 01:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2011-11-30 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:24 . 2012-02-15 23:24 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 23:24 . 2012-02-15 23:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-01 23:29 . 2012-02-01 23:29 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-02-01 23:29 . 2012-02-01 23:29 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-01 23:29 . 2012-02-01 23:29 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-01-18 01:08 . 2011-12-08 00:40 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-18 01:08 . 2011-12-01 06:24 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-18 01:08 . 2011-12-01 06:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-17 19:16 . 2012-01-13 23:10 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-17 19:16 . 2012-01-13 23:10 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-17 12:46 . 2012-02-23 17:12 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-23 17:12 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-23 17:12 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2011-09-28 1039872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:50]
.
2012-04-11 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2011-12-28 02:04]
.
2012-04-14 c:\windows\Tasks\Packard Bell Registration - Data Sending task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2010-04-28 02:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\0000\AppData\Roaming\Mozilla\Firefox\Profiles\you586ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986 ... e0da7d5&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - be67bb13000000000000560f6e0da7d5
FF - user.js: extensions.BabylonToolbar_i.hardId - be67bb13000000000000560f6e0da7d5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15440
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Computer Alarm Clock - c:\progra~2\COMPUT~1\cac.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Computer Alarm Clock - c:\progra~2\COMPUT~1\UNWISE.EXE
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}\FFOv2011-8_Setup.exe
AddRemove-C2reviveV2 MapPack - c:\program files (x86)\Origin Games\Crysis 2\RemoveC2reviveV2.exe
.
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2375679549-329937304-2270491646-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,f3,6c,67,41,45,06,84,a1,88,1d,a9,05,eb,ad,79,a9,81,6f,98,f5,86,85,
01,a0,d9,49,f0,b0,d9,43,cf,84,64,83,20,e8,83,ab,53,fc,59,9e,df,a3,f0,f2,bb,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2375679549-329937304-2270491646-1000\Software\SecuROM\License information*]
"datasecu"=hex:7f,69,bd,99,79,ba,09,87,d6,20,b4,13,08,57,f6,08,bc,60,e8,c5,4d,
09,83,0f,19,62,2c,7e,af,b9,8a,f7,30,5f,a1,bb,9b,5a,3d,cf,01,1e,07,13,5a,e2,\
"rkeysecu"=hex:2d,15,64,d9,ff,e9,4d,2c,1a,a3,42,27,e0,6a,da,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2012-04-14 22:37:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 21:37
.
Pre-Run: 60 742 488 064 bytes free
Post-Run: 62 732 075 008 bytes free
.
- - End Of File - - E43F64669C4809B21EE0CE27B24661C5

[jaro3]

Odinstaluj:
Babylon

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Folder::
c:\users\0000\AppData\Local\Babylon
c:\users\0000\AppData\Roaming\Babylon
c:\users\0000\AppData\Roaming\Ask.com
c:\programdata\Babylon

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

Firefox::
FF - ProfilePath - c:\users\0000\AppData\Roaming\Mozilla\Firefox\Profiles\you586ng.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986 ... e0da7d5&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - be67bb13000000000000560f6e0da7d5
FF - user.js: extensions.BabylonToolbar_i.hardId - be67bb13000000000000560f6e0da7d5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15440
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-
BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

[evolution]

ComboFix 12-04-14.03 - 0000 . 04. 2012 0:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3959.2412 [GMT 1:00]
Running from: c:\users\0000\Desktop\clean\ComboFix.exe
Command switches used :: c:\users\0000\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\0000\AppData\Local\Babylon
c:\users\0000\AppData\Local\Babylon\Setup\bab027.tt050412_30b.dat
c:\users\0000\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\0000\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\0000\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\0000\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\0000\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\0000\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\0000\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb
c:\users\0000\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\0000\AppData\Local\Babylon\Setup\Setup.exe
c:\users\0000\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\0000\AppData\Local\Babylon\Setup\sign
c:\users\0000\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\0000\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\0000\AppData\Roaming\Ask.com
c:\users\0000\AppData\Roaming\Ask.com\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}.ico
c:\users\0000\AppData\Roaming\Babylon
c:\users\0000\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 23:32 . 2012-04-15 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 21:55 . 2012-04-14 22:06 -------- d-----w- c:\users\0000\AppData\Roaming\Ulozto File Manager
2012-04-14 21:55 . 2012-04-14 21:55 -------- d-----w- c:\program files (x86)\Uložto File Manager
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\users\0000\AppData\Roaming\Malwarebytes
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-14 20:03 . 2012-04-14 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 20:03 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 18:04 . 2012-04-14 18:04 388096 ----a-r- c:\users\0000\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-14 18:04 . 2012-04-14 18:04 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-13 00:40 . 2012-04-14 00:09 -------- d-----w- c:\users\0000\AppData\Local\Downloaded Installations
2012-04-12 23:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 23:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 23:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 23:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 23:56 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 23:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 23:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 23:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 23:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 23:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 23:03 . 2012-04-14 23:54 -------- d-----w- c:\users\0000\AppData\Local\ElevatedDiagnostics
2012-04-12 19:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8493EACC-C60B-4727-B38D-DADB9497045A}\mpengine.dll
2012-04-11 21:41 . 2011-05-23 22:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-04-11 21:41 . 2012-04-11 21:41 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-04-11 21:41 . 2011-05-23 22:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-04-11 21:37 . 2012-04-11 21:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-11 21:37 . 2012-04-11 21:37 -------- d-----r- c:\program files (x86)\Skype
2012-04-10 16:30 . 2012-04-10 16:30 -------- d-----w- c:\users\0000\AppData\Local\BVRP Software
2012-04-10 01:58 . 2012-04-10 01:58 251 ----a-w- C:\user.js
2012-04-10 01:58 . 2012-04-10 01:58 -------- d-----w- c:\users\0000\AppData\Local\Google
2012-04-10 01:55 . 2007-06-11 21:04 2267368 ----a-w- c:\windows\SysWow64\Flash.ocx
2012-04-10 01:55 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx
2012-04-10 01:20 . 2012-04-10 01:20 -------- d-sha-w- c:\users\Public\DRM
2012-04-10 01:16 . 2012-04-10 01:20 -------- d-----w- C:\Nový priečinok (2)
2012-04-10 01:11 . 2012-04-10 01:11 -------- d-----w- c:\users\0000\AppData\Local\PackageAware
2012-04-10 01:11 . 2011-02-21 21:25 2323520 ----a-w- c:\windows\SysWow64\gdpicturepro5.ocx
2012-04-10 01:11 . 2011-02-10 23:34 6600192 ----a-w- c:\windows\SysWow64\LicProtector310.exe
2012-04-10 01:11 . 2012-04-10 01:49 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-04-09 21:46 . 2012-04-09 21:46 -------- d-----w- c:\programdata\NVIDIA
2012-04-09 21:46 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-04-09 21:46 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-09 21:46 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-04-09 21:46 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-09 21:46 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-09 21:46 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-09 21:46 . 2012-04-09 21:46 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-08 03:50 . 2012-04-14 00:50 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 03:01 . 2012-04-14 00:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-07 14:46 . 2012-04-11 21:41 -------- d-----w- c:\users\0000\AppData\Local\Dxtory Software
2012-04-06 03:00 . 2012-04-06 03:00 -------- d-----w- c:\program files (x86)\GameSpy
2012-03-31 00:34 . 2012-04-14 22:50 -------- d-----w- c:\program files (x86)\RapidShareManager
2012-03-28 21:11 . 2012-03-28 21:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-23 16:42 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 16:42 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-23 16:42 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 16:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 16:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-23 16:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 16:41 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-23 16:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-23 16:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 16:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-23 16:41 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 16:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 16:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-23 16:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-23 16:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-23 16:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 16:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-20 19:09 . 2012-03-20 19:09 -------- d-----w- c:\users\0000\AppData\Roaming\Apple Computer
2012-03-19 18:46 . 2012-03-19 18:46 -------- d-----w- c:\programdata\Sony
2012-03-19 18:46 . 2012-03-19 18:46 -------- d-----w- c:\users\0000\AppData\Roaming\Publish Providers
2012-03-19 18:30 . 2012-03-19 18:43 -------- d-----w- c:\users\0000\AppData\Local\Sony
2012-03-19 18:30 . 2012-03-19 18:30 -------- d-----w- c:\program files\Sony
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\programdata\Apple Computer
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\users\0000\AppData\Local\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\programdata\Apple
2012-03-19 17:34 . 2012-03-19 17:34 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-19 17:23 . 2012-03-19 17:23 -------- d-----w- c:\users\0000\AppData\Roaming\Xilisoft
2012-03-19 17:22 . 2012-03-19 17:22 -------- d-----w- c:\programdata\Xilisoft
2012-03-19 17:22 . 2012-03-19 17:22 -------- d-----w- c:\program files (x86)\Xilisoft
2012-03-19 00:21 . 2012-03-19 00:21 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 00:21 . 2012-03-19 00:21 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 00:50 . 2011-11-30 23:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 18:54 . 2012-03-07 00:20 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-03-07 18:54 . 2012-03-07 00:20 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-03-07 18:54 . 2012-03-07 00:20 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-03-07 18:36 . 2012-03-07 18:36 53248 ----a-w- c:\windows\SysWow64\nvTextureToolsUtil.dll
2012-02-29 00:11 . 2011-12-08 01:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2011-11-30 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:24 . 2012-02-15 23:24 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 23:24 . 2012-02-15 23:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-01 23:29 . 2012-02-01 23:29 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-02-01 23:29 . 2012-02-01 23:29 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-01 23:29 . 2012-02-01 23:29 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-01-18 01:08 . 2011-12-08 00:40 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-18 01:08 . 2011-12-01 06:24 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-18 01:08 . 2011-12-01 06:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-17 19:16 . 2012-01-13 23:10 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-17 19:16 . 2012-01-13 23:10 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-17 12:46 . 2012-02-23 17:12 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-23 17:12 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-23 17:12 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-14_21.22.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-14 21:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 23:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-14 21:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 23:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 21:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 23:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-03 15:28 . 2012-04-15 23:35 56260 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 23:35 39246 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-03 16:41 . 2012-04-15 23:35 13188 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2375679549-329937304-2270491646-1000_UserData.bin
- 2012-04-14 21:21 . 2012-04-14 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 23:33 . 2012-04-15 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-14 21:21 . 2012-04-14 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 23:33 . 2012-04-15 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-13 01:52 661512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 00:34 661512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 00:34 125598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-13 01:52 125598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-14 21:21 330520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-15 23:32 330520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-23 06:07 . 2012-04-15 01:40 2768008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-23 06:07 . 2012-04-14 01:38 2768008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-20 03:59 . 2012-04-15 23:32 10502096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2375679549-329937304-2270491646-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2011-09-28 1039872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:50]
.
2012-04-11 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2011-12-28 02:04]
.
2012-04-15 c:\windows\Tasks\Packard Bell Registration - Data Sending task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2010-04-28 02:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\0000\AppData\Roaming\Mozilla\Firefox\Profiles\you586ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2375679549-329937304-2270491646-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,f3,6c,67,41,45,06,84,a1,88,1d,a9,05,eb,ad,79,a9,81,6f,98,f5,86,85,
01,a0,d9,49,f0,b0,d9,43,cf,84,64,83,20,e8,83,ab,53,fc,59,9e,df,a3,f0,f2,bb,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2375679549-329937304-2270491646-1000\Software\SecuROM\License information*]
"datasecu"=hex:7f,69,bd,99,79,ba,09,87,d6,20,b4,13,08,57,f6,08,bc,60,e8,c5,4d,
09,83,0f,19,62,2c,7e,af,b9,8a,f7,30,5f,a1,bb,9b,5a,3d,cf,01,1e,07,13,5a,e2,\
"rkeysecu"=hex:2d,15,64,d9,ff,e9,4d,2c,1a,a3,42,27,e0,6a,da,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-04-16 00:48:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 23:47
ComboFix2.txt 2012-04-14 21:37
.
Pre-Run: 62 557 052 928 bytes free
Post-Run: 62 495 481 856 bytes free
.
- - End Of File - - 2A91A01B6C0616E4DD4894FEAD591613

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-16 00:50:53
-----------------------------
00:50:53.401 OS Version: Windows x64 6.1.7601 Service Pack 1
00:50:53.401 Number of processors: 4 586 0x2505
00:50:53.402 ComputerName: TOMAS UserName: 0000
00:50:55.023 Initialize success
00:51:03.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:51:03.703 Disk 0 Vendor: Size: 0MB BusType: 0
00:51:03.716 Disk 0 MBR read successfully
00:51:03.719 Disk 0 MBR scan
00:51:03.721 Disk 0 Windows 7 default MBR code
00:51:03.723 Disk 0 MBR hidden
00:51:03.726 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
00:51:03.742 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
00:51:03.758 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 284532 MB offset 28878848
00:51:03.761 Disk 0 Partition - 00 0F Extended LBA 311846 MB offset 611600384
00:51:03.783 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 311844 MB offset 611602434
00:51:03.812 Disk 0 scanning C:\Windows\system32\drivers
00:51:12.226 Service scanning
00:51:27.245 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
00:51:27.730 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
00:51:27.929 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
00:51:27.970 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
00:51:50.985 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:52:03.831 Modules scanning
00:52:03.836 Disk 0 trace - called modules:
00:52:03.938 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spjw.sys
00:52:03.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007099790]
00:52:03.947 3 CLASSPNP.SYS[fffff880027cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800506b050]
00:52:03.954 Scan finished successfully
00:52:31.103 Disk 0 MBR has been saved successfully to "C:\Users\0000\Desktop\MBR.dat"
00:52:31.108 The log file has been saved successfully to "C:\Users\0000\Desktop\aswMBR.txt"

[evolution]

01:11:53.0981 3252 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
01:11:54.0106 3252 ============================================================
01:11:54.0106 3252 Current date / time: 2012/04/16 01:11:54.0106
01:11:54.0106 3252 SystemInfo:
01:11:54.0106 3252
01:11:54.0106 3252 OS Version: 6.1.7601 ServicePack: 1.0
01:11:54.0106 3252 Product type: Workstation
01:11:54.0106 3252 ComputerName: TOMAS
01:11:54.0106 3252 UserName: 0000
01:11:54.0106 3252 Windows directory: C:\Windows
01:11:54.0106 3252 System windows directory: C:\Windows
01:11:54.0106 3252 Running under WOW64
01:11:54.0106 3252 Processor architecture: Intel x64
01:11:54.0106 3252 Number of processors: 4
01:11:54.0106 3252 Page size: 0x1000
01:11:54.0106 3252 Boot type: Normal boot
01:11:54.0106 3252 ============================================================
01:11:54.0465 3252 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:11:54.0465 3252 \Device\Harddisk0\DR0:
01:11:54.0465 3252 MBR used
01:11:54.0465 3252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
01:11:54.0465 3252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x22BBA000
01:11:54.0496 3252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24745002, BlocksNum 0x261127FE
01:11:54.0574 3252 Initialize success
01:11:54.0574 3252 ============================================================
01:12:01.0329 2224 ============================================================
01:12:01.0329 2224 Scan started
01:12:01.0329 2224 Mode: Manual;
01:12:01.0329 2224 ============================================================
01:12:01.0641 2224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:12:01.0641 2224 1394ohci - ok
01:12:01.0765 2224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:12:01.0765 2224 ACPI - ok
01:12:01.0875 2224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:12:01.0875 2224 AcpiPmi - ok
01:12:02.0171 2224 AcronisOSSReinstallSvc - ok
01:12:02.0249 2224 AcrSch2Svc (12e1662104f3e9fa35b91f5005b7f8a5) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
01:12:02.0249 2224 AcrSch2Svc - ok
01:12:02.0327 2224 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
01:12:02.0327 2224 AdobeActiveFileMonitor8.0 - ok
01:12:02.0483 2224 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:12:02.0483 2224 AdobeFlashPlayerUpdateSvc - ok
01:12:02.0592 2224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:12:02.0592 2224 adp94xx - ok
01:12:02.0623 2224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:12:02.0623 2224 adpahci - ok
01:12:02.0655 2224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:12:02.0670 2224 adpu320 - ok
01:12:02.0701 2224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:12:02.0701 2224 AeLookupSvc - ok
01:12:02.0811 2224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:12:02.0811 2224 AFD - ok
01:12:02.0857 2224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:12:02.0873 2224 agp440 - ok
01:12:02.0920 2224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:12:02.0920 2224 ALG - ok
01:12:02.0982 2224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:12:02.0982 2224 aliide - ok
01:12:03.0060 2224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:12:03.0060 2224 amdide - ok
01:12:03.0123 2224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:12:03.0123 2224 AmdK8 - ok
01:12:03.0216 2224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:12:03.0216 2224 AmdPPM - ok
01:12:03.0279 2224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:12:03.0279 2224 amdsata - ok
01:12:03.0325 2224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:12:03.0341 2224 amdsbs - ok
01:12:03.0388 2224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:12:03.0388 2224 amdxata - ok
01:12:03.0528 2224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:12:03.0528 2224 AppID - ok
01:12:03.0559 2224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:12:03.0559 2224 AppIDSvc - ok
01:12:03.0684 2224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:12:03.0684 2224 Appinfo - ok
01:12:03.0825 2224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:12:03.0825 2224 arc - ok
01:12:03.0840 2224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:12:03.0840 2224 arcsas - ok
01:12:04.0012 2224 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:12:04.0012 2224 aspnet_state - ok
01:12:04.0074 2224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:12:04.0074 2224 AsyncMac - ok
01:12:04.0199 2224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:12:04.0199 2224 atapi - ok
01:12:04.0230 2224 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
01:12:04.0230 2224 AthBTPort - ok
01:12:04.0324 2224 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
01:12:04.0324 2224 ATHDFU - ok
01:12:04.0433 2224 AtherosSvc (147d5c092d116e3e4768d7be532add79) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
01:12:04.0433 2224 AtherosSvc - ok
01:12:04.0542 2224 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
01:12:04.0589 2224 athr - ok
01:12:04.0714 2224 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
01:12:04.0714 2224 atksgt - ok
01:12:04.0839 2224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:12:04.0839 2224 AudioEndpointBuilder - ok
01:12:04.0854 2224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:12:04.0854 2224 AudioSrv - ok
01:12:04.0917 2224 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
01:12:04.0917 2224 AVP - ok
01:12:05.0026 2224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:12:05.0026 2224 AxInstSV - ok
01:12:05.0088 2224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:12:05.0088 2224 b06bdrv - ok
01:12:05.0213 2224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:12:05.0213 2224 b57nd60a - ok
01:12:05.0338 2224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:12:05.0338 2224 BDESVC - ok
01:12:05.0431 2224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:12:05.0431 2224 Beep - ok
01:12:05.0572 2224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:12:05.0572 2224 BFE - ok
01:12:05.0634 2224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:12:05.0634 2224 BITS - ok
01:12:05.0697 2224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:12:05.0697 2224 blbdrive - ok
01:12:05.0806 2224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:12:05.0821 2224 bowser - ok
01:12:05.0868 2224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:12:05.0868 2224 BrFiltLo - ok
01:12:05.0899 2224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:12:05.0899 2224 BrFiltUp - ok
01:12:06.0024 2224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:12:06.0024 2224 BridgeMP - ok
01:12:06.0118 2224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:12:06.0118 2224 Browser - ok
01:12:06.0165 2224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:12:06.0165 2224 Brserid - ok
01:12:06.0196 2224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:12:06.0196 2224 BrSerWdm - ok
01:12:06.0243 2224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:12:06.0243 2224 BrUsbMdm - ok
01:12:06.0367 2224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:12:06.0367 2224 BrUsbSer - ok
01:12:06.0414 2224 BTATH_A2DP (2ecf188c1d4246efc6419f118f7b8ec6) C:\Windows\system32\drivers\btath_a2dp.sys
01:12:06.0414 2224 BTATH_A2DP - ok
01:12:06.0461 2224 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
01:12:06.0461 2224 BTATH_BUS - ok
01:12:06.0508 2224 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
01:12:06.0508 2224 BTATH_HCRP - ok
01:12:06.0539 2224 BTATH_LWFLT (701c4fd9e8f2315bb1732e24093e7e8b) C:\Windows\system32\DRIVERS\btath_lwflt.sys
01:12:06.0555 2224 BTATH_LWFLT - ok
01:12:06.0570 2224 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
01:12:06.0570 2224 BTATH_RCP - ok
01:12:06.0679 2224 BtFilter (6e7427156de0f0601dc0df42caff971d) C:\Windows\system32\DRIVERS\btfilter.sys
01:12:06.0695 2224 BtFilter - ok
01:12:06.0742 2224 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:12:06.0742 2224 BthEnum - ok
01:12:06.0867 2224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:12:06.0867 2224 BTHMODEM - ok
01:12:06.0913 2224 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:12:06.0913 2224 BthPan - ok
01:12:07.0038 2224 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:12:07.0038 2224 BTHPORT - ok
01:12:07.0116 2224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:12:07.0116 2224 bthserv - ok
01:12:07.0179 2224 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:12:07.0194 2224 BTHUSB - ok
01:12:07.0210 2224 catchme - ok
01:12:07.0303 2224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:12:07.0303 2224 cdfs - ok
01:12:07.0366 2224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:12:07.0366 2224 cdrom - ok
01:12:07.0459 2224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:12:07.0459 2224 CertPropSvc - ok
01:12:07.0522 2224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:12:07.0522 2224 circlass - ok
01:12:07.0615 2224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:12:07.0615 2224 CLFS - ok
01:12:07.0693 2224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:12:07.0693 2224 clr_optimization_v2.0.50727_32 - ok
01:12:07.0740 2224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:12:07.0740 2224 clr_optimization_v2.0.50727_64 - ok
01:12:07.0912 2224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:12:07.0912 2224 clr_optimization_v4.0.30319_32 - ok
01:12:08.0037 2224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:12:08.0037 2224 clr_optimization_v4.0.30319_64 - ok
01:12:08.0130 2224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:12:08.0130 2224 CmBatt - ok
01:12:08.0239 2224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:12:08.0239 2224 cmdide - ok
01:12:08.0302 2224 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:12:08.0302 2224 CNG - ok
01:12:08.0395 2224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:12:08.0395 2224 Compbatt - ok
01:12:08.0520 2224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:12:08.0520 2224 CompositeBus - ok
01:12:08.0551 2224 COMSysApp - ok
01:12:08.0583 2224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:12:08.0583 2224 crcdisk - ok
01:12:08.0707 2224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:12:08.0707 2224 CryptSvc - ok
01:12:08.0832 2224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:12:08.0832 2224 DcomLaunch - ok
01:12:08.0863 2224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:12:08.0879 2224 defragsvc - ok
01:12:09.0019 2224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:12:09.0019 2224 DfsC - ok
01:12:09.0144 2224 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
01:12:09.0144 2224 dgderdrv - ok
01:12:09.0222 2224 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
01:12:09.0222 2224 dg_ssudbus - ok
01:12:09.0300 2224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:12:09.0300 2224 Dhcp - ok
01:12:09.0347 2224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:12:09.0347 2224 discache - ok
01:12:09.0456 2224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:12:09.0456 2224 Disk - ok
01:12:09.0487 2224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:12:09.0487 2224 Dnscache - ok
01:12:09.0597 2224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:12:09.0597 2224 dot3svc - ok
01:12:09.0643 2224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:12:09.0659 2224 DPS - ok
01:12:09.0753 2224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:12:09.0753 2224 drmkaud - ok
01:12:09.0831 2224 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
01:12:09.0831 2224 DsiWMIService - ok
01:12:09.0955 2224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:12:09.0971 2224 DXGKrnl - ok
01:12:10.0033 2224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:12:10.0033 2224 EapHost - ok
01:12:10.0189 2224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:12:10.0252 2224 ebdrv - ok
01:12:10.0314 2224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:12:10.0314 2224 EFS - ok
01:12:10.0377 2224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:12:10.0377 2224 ehRecvr - ok
01:12:10.0408 2224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:12:10.0408 2224 ehSched - ok
01:12:10.0486 2224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:12:10.0486 2224 elxstor - ok
01:12:10.0564 2224 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
01:12:10.0564 2224 ePowerSvc - ok
01:12:10.0657 2224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:12:10.0657 2224 ErrDev - ok
01:12:10.0751 2224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:12:10.0751 2224 EventSystem - ok
01:12:10.0845 2224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:12:10.0860 2224 exfat - ok
01:12:10.0876 2224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:12:10.0876 2224 fastfat - ok
01:12:10.0985 2224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:12:11.0001 2224 Fax - ok
01:12:11.0047 2224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:12:11.0047 2224 fdc - ok
01:12:11.0079 2224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:12:11.0094 2224 fdPHost - ok
01:12:11.0188 2224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:12:11.0188 2224 FDResPub - ok
01:12:11.0281 2224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:12:11.0281 2224 FileInfo - ok
01:12:11.0328 2224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:12:11.0328 2224 Filetrace - ok
01:12:11.0422 2224 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:12:11.0437 2224 FLEXnet Licensing Service - ok
01:12:11.0515 2224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:12:11.0515 2224 flpydisk - ok
01:12:11.0578 2224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:12:11.0578 2224 FltMgr - ok
01:12:11.0687 2224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:12:11.0703 2224 FontCache - ok
01:12:11.0843 2224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:12:11.0843 2224 FontCache3.0.0.0 - ok
01:12:11.0905 2224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:12:11.0905 2224 FsDepends - ok
01:12:12.0030 2224 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:12:12.0030 2224 Fs_Rec - ok
01:12:12.0108 2224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:12:12.0108 2224 fvevol - ok
01:12:12.0155 2224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:12:12.0155 2224 gagp30kx - ok
01:12:12.0249 2224 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
01:12:12.0249 2224 ggflt - ok
01:12:12.0311 2224 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
01:12:12.0311 2224 ggsemc - ok
01:12:12.0373 2224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:12:12.0373 2224 gpsvc - ok
01:12:12.0451 2224 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
01:12:12.0451 2224 GREGService - ok
01:12:12.0545 2224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:12:12.0545 2224 hcw85cir - ok
01:12:12.0607 2224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:12:12.0623 2224 HdAudAddService - ok
01:12:12.0748 2224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:12:12.0748 2224 HDAudBus - ok
01:12:12.0810 2224 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
01:12:12.0810 2224 HECIx64 - ok
01:12:12.0841 2224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:12:12.0841 2224 HidBatt - ok
01:12:12.0966 2224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:12:12.0966 2224 HidBth - ok
01:12:13.0013 2224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:12:13.0013 2224 HidIr - ok
01:12:13.0029 2224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:12:13.0029 2224 hidserv - ok
01:12:13.0169 2224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:12:13.0169 2224 HidUsb - ok
01:12:13.0247 2224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:12:13.0247 2224 hkmsvc - ok
01:12:13.0278 2224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:12:13.0294 2224 HomeGroupListener - ok
01:12:13.0325 2224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:12:13.0341 2224 HomeGroupProvider - ok
01:12:13.0481 2224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:12:13.0481 2224 HpSAMD - ok
01:12:13.0543 2224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:12:13.0559 2224 HTTP - ok
01:12:13.0684 2224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:12:13.0684 2224 hwpolicy - ok
01:12:13.0824 2224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:12:13.0824 2224 i8042prt - ok
01:12:13.0871 2224 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
01:12:13.0871 2224 iaStor - ok
01:12:13.0949 2224 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:12:13.0949 2224 IAStorDataMgrSvc - ok
01:12:14.0089 2224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:12:14.0089 2224 iaStorV - ok
01:12:14.0183 2224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:12:14.0183 2224 idsvc - ok
01:12:14.0277 2224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:12:14.0277 2224 iirsp - ok
01:12:14.0401 2224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:12:14.0417 2224 IKEEXT - ok
01:12:14.0542 2224 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
01:12:14.0542 2224 Impcd - ok
01:12:14.0698 2224 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
01:12:14.0745 2224 IntcAzAudAddService - ok
01:12:14.0869 2224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:12:14.0869 2224 intelide - ok
01:12:14.0901 2224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:12:14.0901 2224 intelppm - ok
01:12:15.0025 2224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:12:15.0025 2224 IPBusEnum - ok
01:12:15.0072 2224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:12:15.0088 2224 IpFilterDriver - ok
01:12:15.0213 2224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:12:15.0213 2224 iphlpsvc - ok
01:12:15.0291 2224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:12:15.0291 2224 IPMIDRV - ok
01:12:15.0337 2224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:12:15.0337 2224 IPNAT - ok
01:12:15.0447 2224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:12:15.0447 2224 IRENUM - ok
01:12:15.0509 2224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:12:15.0509 2224 isapnp - ok
01:12:15.0571 2224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:12:15.0587 2224 iScsiPrt - ok
01:12:15.0634 2224 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
01:12:15.0649 2224 k57nd60a - ok
01:12:15.0696 2224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:12:15.0696 2224 kbdclass - ok
01:12:15.0805 2224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:12:15.0805 2224 kbdhid - ok
01:12:15.0868 2224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:12:15.0868 2224 KeyIso - ok
01:12:15.0915 2224 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
01:12:15.0915 2224 KL1 - ok
01:12:15.0977 2224 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
01:12:15.0977 2224 kl2 - ok
01:12:16.0024 2224 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
01:12:16.0039 2224 KLIF - ok
01:12:16.0164 2224 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
01:12:16.0164 2224 KLIM6 - ok
01:12:16.0180 2224 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
01:12:16.0180 2224 klmouflt - ok
01:12:16.0227 2224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:12:16.0227 2224 KSecDD - ok
01:12:16.0367 2224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:12:16.0367 2224 KSecPkg - ok
01:12:16.0398 2224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:12:16.0398 2224 ksthunk - ok
01:12:16.0523 2224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:12:16.0523 2224 KtmRm - ok
01:12:16.0585 2224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:12:16.0585 2224 LanmanServer - ok
01:12:16.0695 2224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:12:16.0695 2224 LanmanWorkstation - ok
01:12:16.0835 2224 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
01:12:16.0835 2224 lirsgt - ok
01:12:16.0882 2224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:12:16.0882 2224 lltdio - ok
01:12:16.0975 2224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:12:16.0991 2224 lltdsvc - ok
01:12:17.0022 2224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:12:17.0022 2224 lmhosts - ok
01:12:17.0131 2224 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:12:17.0131 2224 LMS - ok
01:12:17.0241 2224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:12:17.0241 2224 LSI_FC - ok
01:12:17.0287 2224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:12:17.0287 2224 LSI_SAS - ok
01:12:17.0303 2224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:12:17.0303 2224 LSI_SAS2 - ok
01:12:17.0428 2224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:12:17.0428 2224 LSI_SCSI - ok
01:12:17.0459 2224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:12:17.0459 2224 luafv - ok
01:12:17.0599 2224 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
01:12:17.0599 2224 MBAMProtector - ok
01:12:17.0709 2224 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:12:17.0709 2224 MBAMService - ok
01:12:17.0802 2224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:12:17.0818 2224 Mcx2Svc - ok
01:12:17.0865 2224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:12:17.0865 2224 megasas - ok
01:12:17.0989 2224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:12:17.0989 2224 MegaSR - ok
01:12:18.0021 2224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:12:18.0021 2224 MMCSS - ok
01:12:18.0130 2224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:12:18.0130 2224 Modem - ok
01:12:18.0161 2224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:12:18.0161 2224 monitor - ok
01:12:18.0286 2224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:12:18.0286 2224 mouclass - ok
01:12:18.0333 2224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:12:18.0333 2224 mouhid - ok
01:12:18.0457 2224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:12:18.0457 2224 mountmgr - ok
01:12:18.0504 2224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:12:18.0520 2224 mpio - ok
01:12:18.0598 2224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:12:18.0598 2224 mpsdrv - ok
01:12:18.0660 2224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:12:18.0660 2224 MpsSvc - ok
01:12:18.0832 2224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:12:18.0832 2224 MRxDAV - ok
01:12:18.0863 2224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:12:18.0879 2224 mrxsmb - ok
01:12:18.0988 2224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:12:18.0988 2224 mrxsmb10 - ok
01:12:19.0035 2224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:12:19.0035 2224 mrxsmb20 - ok
01:12:19.0066 2224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:12:19.0066 2224 msahci - ok
01:12:19.0175 2224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:12:19.0175 2224 msdsm - ok
01:12:19.0222 2224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:12:19.0222 2224 MSDTC - ok
01:12:19.0347 2224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:12:19.0347 2224 Msfs - ok
01:12:19.0471 2224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:12:19.0471 2224 mshidkmdf - ok
01:12:19.0503 2224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:12:19.0503 2224 msisadrv - ok
01:12:19.0612 2224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:12:19.0612 2224 MSiSCSI - ok
01:12:19.0612 2224 msiserver - ok
01:12:19.0690 2224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:12:19.0690 2224 MSKSSRV - ok
01:12:19.0783 2224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:12:19.0783 2224 MSPCLOCK - ok
01:12:19.0815 2224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:12:19.0830 2224 MSPQM - ok
01:12:19.0877 2224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:12:19.0877 2224 MsRPC - ok
01:12:19.0924 2224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:12:19.0924 2224 mssmbios - ok
01:12:19.0971 2224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:12:19.0971 2224 MSTEE - ok
01:12:20.0002 2224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:12:20.0002 2224 MTConfig - ok
01:12:20.0017 2224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:12:20.0033 2224 Mup - ok
01:12:20.0064 2224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:12:20.0064 2224 napagent - ok
01:12:20.0142 2224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:12:20.0142 2224 NativeWifiP - ok
01:12:20.0267 2224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:12:20.0283 2224 NDIS - ok
01:12:20.0314 2224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:12:20.0314 2224 NdisCap - ok
01:12:20.0439 2224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:12:20.0439 2224 NdisTapi - ok
01:12:20.0563 2224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:12:20.0563 2224 Ndisuio - ok
01:12:20.0610 2224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:12:20.0610 2224 NdisWan - ok
01:12:20.0673 2224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:12:20.0673 2224 NDProxy - ok
01:12:20.0782 2224 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:12:20.0782 2224 Nero BackItUp Scheduler 4.0 - ok
01:12:20.0922 2224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:12:20.0922 2224 NetBIOS - ok
01:12:20.0969 2224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:12:20.0969 2224 NetBT - ok
01:12:21.0078 2224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:12:21.0078 2224 Netlogon - ok
01:12:21.0125 2224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:12:21.0141 2224 Netman - ok
01:12:21.0219 2224 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:12:21.0219 2224 NetMsmqActivator - ok
01:12:21.0219 2224 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:12:21.0219 2224 NetPipeActivator - ok
01:12:21.0297 2224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:12:21.0297 2224 netprofm - ok
01:12:21.0390 2224 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:12:21.0390 2224 NetTcpActivator - ok
01:12:21.0390 2224 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:12:21.0390 2224 NetTcpPortSharing - ok
01:12:21.0468 2224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:12:21.0484 2224 nfrd960 - ok
01:12:21.0546 2224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:12:21.0546 2224 NlaSvc - ok
01:12:21.0593 2224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:12:21.0593 2224 Npfs - ok
01:12:21.0687 2224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:12:21.0687 2224 nsi - ok
01:12:21.0718 2224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:12:21.0718 2224 nsiproxy - ok
01:12:21.0858 2224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:12:21.0858 2224 Ntfs - ok
01:12:21.0936 2224 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
01:12:21.0936 2224 NTI IScheduleSvc - ok
01:12:22.0045 2224 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
01:12:22.0045 2224 NTIDrvr - ok
01:12:22.0170 2224 nTuneService - ok
01:12:22.0279 2224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:12:22.0279 2224 Null - ok
01:12:22.0404 2224 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
01:12:22.0404 2224 NVHDA - ok
01:12:22.0747 2224 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:12:23.0013 2224 nvlddmkm - ok
01:12:23.0137 2224 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
01:12:23.0153 2224 nvoclk64 - ok
01:12:23.0278 2224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:12:23.0278 2224 nvraid - ok
01:12:23.0356 2224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:12:23.0356 2224 nvstor - ok
01:12:23.0481 2224 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
01:12:23.0481 2224 nvsvc - ok
01:12:23.0559 2224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:12:23.0559 2224 nv_agp - ok
01:12:23.0652 2224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:12:23.0652 2224 ohci1394 - ok
01:12:23.0808 2224 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
01:12:23.0808 2224 OMSI download service - ok
01:12:23.0902 2224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:12:23.0902 2224 p2pimsvc - ok
01:12:23.0933 2224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:12:23.0949 2224 p2psvc - ok
01:12:23.0995 2224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:12:23.0995 2224 Parport - ok
01:12:24.0042 2224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:12:24.0042 2224 partmgr - ok
01:12:24.0136 2224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:12:24.0136 2224 PcaSvc - ok
01:12:24.0214 2224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:12:24.0214 2224 pci - ok
01:12:24.0339 2224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:12:24.0339 2224 pciide - ok
01:12:24.0370 2224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:12:24.0385 2224 pcmcia - ok
01:12:24.0463 2224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:12:24.0463 2224 pcw - ok
01:12:24.0495 2224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:12:24.0510 2224 PEAUTH - ok
01:12:24.0619 2224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:12:24.0619 2224 PerfHost - ok
01:12:24.0713 2224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:12:24.0760 2224 pla - ok
01:12:24.0885 2224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:12:24.0885 2224 PlugPlay - ok
01:12:24.0916 2224 PnkBstrA - ok
01:12:24.0947 2224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:12:24.0947 2224 PNRPAutoReg - ok
01:12:24.0978 2224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:12:24.0978 2224 PNRPsvc - ok
01:12:25.0025 2224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:12:25.0041 2224 PolicyAgent - ok
01:12:25.0087 2224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:12:25.0103 2224 Power - ok
01:12:25.0165 2224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:12:25.0165 2224 PptpMiniport - ok
01:12:25.0259 2224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:12:25.0259 2224 Processor - ok
01:12:25.0306 2224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:12:25.0306 2224 ProfSvc - ok
01:12:25.0337 2224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:12:25.0337 2224 ProtectedStorage - ok
01:12:25.0462 2224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:12:25.0462 2224 Psched - ok
01:12:25.0555 2224 pwdrvio (3d895d9e93d39e113184a3b0fd49ac77) C:\Windows\system32\pwdrvio.sys
01:12:25.0555 2224 pwdrvio - ok
01:12:25.0618 2224 pwdspio (2f7f3d3bdb65cafce52f3e1d52cab937) C:\Windows\system32\pwdspio.sys
01:12:25.0618 2224 pwdspio - ok
01:12:25.0680 2224 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
01:12:25.0680 2224 PxHlpa64 - ok
01:12:25.0836 2224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:12:25.0867 2224 ql2300 - ok
01:12:26.0023 2224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:12:26.0023 2224 ql40xx - ok
01:12:26.0070 2224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:12:26.0070 2224 QWAVE - ok
01:12:26.0179 2224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:12:26.0179 2224 QWAVEdrv - ok
01:12:26.0211 2224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:12:26.0211 2224 RasAcd - ok
01:12:26.0320 2224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:12:26.0320 2224 RasAgileVpn - ok
01:12:26.0367 2224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:12:26.0367 2224 RasAuto - ok
01:12:26.0491 2224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:12:26.0491 2224 Rasl2tp - ok
01:12:26.0554 2224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:12:26.0554 2224 RasMan - ok
01:12:26.0616 2224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:12:26.0616 2224 RasPppoe - ok
01:12:26.0710 2224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:12:26.0710 2224 RasSstp - ok
01:12:26.0772 2224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:12:26.0772 2224 rdbss - ok
01:12:26.0819 2224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:12:26.0819 2224 rdpbus - ok
01:12:26.0866 2224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:12:26.0866 2224 RDPCDD - ok
01:12:26.0897 2224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:12:26.0897 2224 RDPENCDD - ok
01:12:27.0006 2224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:12:27.0006 2224 RDPREFMP - ok
01:12:27.0084 2224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:12:27.0084 2224 RDPWD - ok
01:12:27.0162 2224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:12:27.0162 2224 rdyboost - ok
01:12:27.0256 2224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:12:27.0256 2224 RemoteAccess - ok
01:12:27.0303 2224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:12:27.0303 2224 RemoteRegistry - ok
01:12:27.0412 2224 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:12:27.0412 2224 RFCOMM - ok
01:12:27.0443 2224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:12:27.0459 2224 RpcEptMapper - ok
01:12:27.0552 2224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:12:27.0552 2224 RpcLocator - ok
01:12:27.0599 2224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:12:27.0615 2224 RpcSs - ok
01:12:27.0724 2224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:12:27.0724 2224 rspndr - ok
01:12:27.0833 2224 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
01:12:27.0833 2224 RSUSBSTOR - ok
01:12:27.0958 2224 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
01:12:27.0958 2224 s1018bus - ok
01:12:28.0020 2224 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
01:12:28.0020 2224 s1018mdfl - ok
01:12:28.0036 2224 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
01:12:28.0036 2224 s1018mdm - ok
01:12:28.0161 2224 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
01:12:28.0161 2224 s1018mgmt - ok
01:12:28.0207 2224 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
01:12:28.0207 2224 s1018nd5 - ok
01:12:28.0332 2224 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
01:12:28.0332 2224 s1018obex - ok
01:12:28.0348 2224 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
01:12:28.0348 2224 s1018unic - ok
01:12:28.0395 2224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:12:28.0395 2224 SamSs - ok
01:12:28.0519 2224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:12:28.0519 2224 sbp2port - ok
01:12:28.0551 2224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:12:28.0566 2224 SCardSvr - ok
01:12:28.0613 2224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:12:28.0613 2224 scfilter - ok
01:12:28.0738 2224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:12:28.0738 2224 Schedule - ok
01:12:28.0785 2224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:12:28.0785 2224 SCPolicySvc - ok
01:12:28.0878 2224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:12:28.0878 2224 SDRSVC - ok
01:12:28.0956 2224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:12:28.0956 2224 secdrv - ok
01:12:29.0034 2224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:12:29.0050 2224 seclogon - ok
01:12:29.0081 2224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:12:29.0081 2224 SENS - ok
01:12:29.0097 2224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:12:29.0112 2224 SensrSvc - ok
01:12:29.0143 2224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:12:29.0143 2224 Serenum - ok
01:12:29.0253 2224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:12:29.0253 2224 Serial - ok
01:12:29.0331 2224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:12:29.0331 2224 sermouse - ok
01:12:29.0377 2224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:12:29.0377 2224 SessionEnv - ok
01:12:29.0455 2224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:12:29.0455 2224 sffdisk - ok
01:12:29.0487 2224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:12:29.0487 2224 sffp_mmc - ok
01:12:29.0502 2224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:12:29.0502 2224 sffp_sd - ok
01:12:29.0549 2224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:12:29.0549 2224 sfloppy - ok
01:12:29.0658 2224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:12:29.0658 2224 SharedAccess - ok
01:12:29.0721 2224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:12:29.0721 2224 ShellHWDetection - ok
01:12:29.0767 2224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:12:29.0767 2224 SiSRaid2 - ok
01:12:29.0877 2224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:12:29.0877 2224 SiSRaid4 - ok
01:12:29.0970 2224 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:12:29.0986 2224 SkypeUpdate - ok
01:12:30.0095 2224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:12:30.0095 2224 Smb - ok
01:12:30.0173 2224 snapman (427c2b34bf4dd4f813da4c0df154cc94) C:\Windows\system32\DRIVERS\snapman.sys
01:12:30.0189 2224 snapman - ok
01:12:30.0220 2224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:12:30.0220 2224 SNMPTRAP - ok
01:12:30.0282 2224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:12:30.0282 2224 spldr - ok
01:12:30.0376 2224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:12:30.0376 2224 Spooler - ok
01:12:30.0485 2224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:12:30.0501 2224 sppsvc - ok
01:12:30.0610 2224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:12:30.0610 2224 sppuinotify - ok
01:12:30.0625 2224 MBR (0x1B8) (3e0a9b8449a315e0044be2adf3d12596) \Device\Harddisk0\DR0
01:12:30.0688 2224 \Device\Harddisk0\DR0 - ok
01:12:30.0688 2224 Boot (0x1200) (e411a6c850ba161cf01e3f2cd0f3a107) \Device\Harddisk0\DR0\Partition0
01:12:30.0688 2224 \Device\Harddisk0\DR0\Partition0 - ok
01:12:30.0703 2224 Boot (0x1200) (d4cf6c561d6303e92f53f947e97c79c6) \Device\Harddisk0\DR0\Partition1
01:12:30.0703 2224 \Device\Harddisk0\DR0\Partition1 - ok
01:12:30.0735 2224 Boot (0x1200) (8f0b481c296482621fcf4754528d9d4b) \Device\Harddisk0\DR0\Partition2
01:12:30.0735 2224 \Device\Harddisk0\DR0\Partition2 - ok
01:12:30.0735 2224 ============================================================
01:12:30.0735 2224 Scan finished
01:12:30.0735 2224 ============================================================
01:12:30.0750 0128 Detected object count: 0
01:12:30.0750 0128 Actual detected object count: 0
01:12:37.0942 0932 Deinitialize success

stale si myslim ze processor a ram su nejak velmi vytazene

[jaro3]

Máš nainstalován Daemon Tools / Alcohol 120 ??

Stáhni si z některého odkazu SystemLook
a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
spjw.sys.*


Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

[evolution]

nemam ani jedno z toho..

SystemLook 30.07.11 by jpshortstuff
Log created at 12:33 on 17/04/2012 by 0000
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "spjw.sys.*"
No files found.

-= EOF =-

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Jak to vypadá nyní?