Prosím o kontrolu, podozrenie na vírus Vyřešeno

[Kobra.svk]

Zdravím, mám celkom slušné podozrenie na vírus, z dôvodov nasledovných: keď niečo píšem, hádže mi to náhodné znaky (písmená, číslice, špeciálne znaky) a to vždy keď stlačím nejakú klávesu, hoc aj backspace aby som to vymazal. napr medzerník mi hádže okrem medzery aj =+9, klávesa o mi hádže oň, neustále sa mi píšu 8888 alebo 9999 kdekovek chcem napísať. Najhorše je, že mi to robí aj keď sa prihlasujem priamo po reštarte do systému, vypadávajú klávesové skratky.Zároveň sa mi neustále vo firefoxe spúšťa niečo na spôsob prehliadanie klávesnicou pomocou skratky F7. Súčasne sa mi dookola zapína windows media center, kľudne niekoľko krát za sebou. Tiež mám problém s obrazovkou, ako by ju niekto vypínal (niečo na spôosob keď sa pripája k projektoru a namiesto duplikovania obrazu sa obraz na ntbooku vypne a premieta len na plátne cez projektor) a zapne sa mi len ked si manuálne cez klávesnicu prepnem obraz spat. Mal som aj raz problém zapnúť wifi. Ak treba nejaké dodatočné info, stačí povedať. tu je ten log z hijackthis. Velka vdaka!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:28, on 2. 5. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program files\P4G\BatteryLife.exe
C:\Program Fil9es\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
D:\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\ehome\ehshell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NPVR Recording Service - Unknown owner - C:\Program Files\NPVR\NRecord.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Unknown owner - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 12244 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[Kobra.svk]

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verzia databázy: v2013.05.02.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Miroslav :: KOBRA [administrátor]

2. 5. 2013 20:54:56
mbam-log-2013-05-02 (20-54-56).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 278223
Uplynutý čas: 11 min,

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)
_______________________________________________________________________________________________________________

# AdwCleaner v2.300 - Log vytvorený 02/05/2013 o 21:26:20
# Aktualizované 28/04/2013 Xplode
# Operaený systém : Windows 7 Ultimate Service Pack 1 (32 bits)
# Uživateľ : Miroslav - KOBRA
# Spustený systém : Normálny
# Spustené z : D:\Download\adwcleaner.exe
# Voľba [Prehľada?]


***** [Služby] *****


***** [Súbory / Adresáre] *****

Adresár Nájdené : C:\ProgramData\Ask
Adresár Nájdené : C:\Users\Miroslav\AppData\Local\PackageAware
Adresár Nájdené : C:\Users\Miroslav\AppData\Local\TempDir
Adresár Nájdené : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\n0wmyrw4.default\jetpack
Súbor Nájdené : C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

***** [Registre] *****

Kľúe Nájdené : HKCU\Software\APN PIP
Kľúe Nájdené : HKCU\Software\AppDataLow\Software\SmartBar
Kľúe Nájdené : HKCU\Software\Conduit
Kľúe Nájdené : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Kľúe Nájdené : HKCU\Software\PIP
Kľúe Nájdené : HKCU\Software\Softonic
Kľúe Nájdené : HKCU\Software\Zugo
Kľúe Nájdené : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Kľúe Nájdené : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Kľúe Nájdené : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Kľúe Nájdené : HKLM\Software\Conduit
Kľúe Nájdené : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Kľúe Nájdené : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Kľúe Nájdené : HKLM\Software\PIP
Kľúe Nájdené : HKU\S-1-5-21-3699326542-2331523080-999826992-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v10.0.9200.16537

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru

-\\ Mozilla Firefox v21.0 (sk)

Súbor : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\n0wmyrw4.default\prefs.js

[OK] Súbor je eistý.

Súbor : C:\Users\Wiki\AppData\Roaming\Mozilla\Firefox\Profiles\7spcwn9t.default\prefs.js

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [2685 octets] - [02/05/2013 21:26:20]

########## EOF - C:\AdwCleaner[R1].txt - [2745 octets] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Kobra.svk]

extremne frustrovany som tieto dve veci uz spravil vcera vecer a nejakym zahadnym sposobom sa mi log z adw neulozil, no od toho povodneho sa lisi len tym, ze najdene veci zmazal alebo presunul/premenoval alebo tak nejak, teraz mi ten log ukazuje cisty. podobne aj s rogue, log vsak mam.
# AdwCleaner v2.300 - Log vytvorený 03/05/2013 o 16:02:30
# Aktualizované 28/04/2013 Xplode
# Operaený systém : Windows 7 Ultimate Service Pack 1 (32 bits)
# Uživateľ : Miroslav - KOBRA
# Spustený systém : Normálny
# Spustené z : C:\Users\Miroslav\Desktop\adwcleaner.exe
# Voľba [Vymaza?]


***** [Služby] *****


***** [Súbory / Adresáre] *****


***** [Registre] *****


***** [Internetové prehliadaee] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registre sú eisté.

-\\ Mozilla Firefox v21.0 (sk)

Súbor : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\n0wmyrw4.default\prefs.js

[OK] Súbor je eistý.

Súbor : C:\Users\Wiki\AppData\Roaming\Mozilla\Firefox\Profiles\7spcwn9t.default\prefs.js

[OK] Súbor je eistý.

*************************

AdwCleaner[R4].txt - [929 octets] - [03/05/2013 16:01:59]
AdwCleaner[S2].txt - [859 octets] - [03/05/2013 16:02:30]

########## EOF - C:\AdwCleaner[S2].txt - [918 octets] ##########


________________________________________________________________________________________________________________________

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ : Miroslav [Práva Správcu]
Režim : Kontrola -- Dátum : 05/02/2013 23:24:15
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 10 ¤¤¤
[TASK][SUSP PATH] ASUS InstallAll ReInst : C:\Users\Miroslav\AppData\Local\Temp\InstallAll\ReInst.exe [x] -> NÁJDENÉ
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> NÁJDENÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NÁJDENÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 88be0104052b79c37b603789589752bb
[BSP] c83f6d3cdea8c218388548da794008b8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 80011 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 188442450 | Size: 384924 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[1]_S_05022013_02d2324.txt >>
RKreport[1]_S_05022013_02d2324.txt



predpokladam, ze potom bude nasledovat mazanie, cize aj to som uz v tej frustracii spravil po com nasledoval tento log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ : Miroslav [Práva Správcu]
Režim : Odebrať -- Dátum : 05/02/2013 23:27:03
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 10 ¤¤¤
[TASK][SUSP PATH] ASUS InstallAll ReInst : C:\Users\Miroslav\AppData\Local\Temp\InstallAll\ReInst.exe [x] -> VYMAZANÉ
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> VYMAZANÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZANÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 88be0104052b79c37b603789589752bb
[BSP] c83f6d3cdea8c218388548da794008b8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 80011 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 188442450 | Size: 384924 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[2]_D_05022013_02d2327.txt >>
RKreport[1]_S_05022013_02d2324.txt ; RKreport[2]_D_05022013_02d2327.txt



napriek tomuto všetkému to stále blbo. no dnes od rana sa zatial nic nedeje. obavam sa, ze to ale nebude trvat dlho.

[Žbeky]

Můžeš být frustrovaný, dělej ale jen to, co po tobě chceme. Tzn. pokud neřekneme mazat, nic nemaž!

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Kobra.svk]

16:30:53.0790 3416 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:30:54.0321 3416 ============================================================
16:30:54.0321 3416 Current date / time: 2013/05/04 16:30:54.0321
16:30:54.0321 3416 SystemInfo:
16:30:54.0321 3416
16:30:54.0321 3416 OS Version: 6.1.7601 ServicePack: 1.0
16:30:54.0321 3416 Product type: Workstation
16:30:54.0321 3416 ComputerName: KOBRA
16:30:54.0321 3416 UserName: Miroslav
16:30:54.0321 3416 Windows directory: C:\Windows
16:30:54.0321 3416 System windows directory: C:\Windows
16:30:54.0321 3416 Processor architecture: Intel x86
16:30:54.0321 3416 Number of processors: 2
16:30:54.0321 3416 Page size: 0x1000
16:30:54.0321 3416 Boot type: Normal boot
16:30:54.0321 3416 ============================================================
16:30:55.0257 3416 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:30:55.0257 3416 ============================================================
16:30:55.0257 3416 \Device\Harddisk0\DR0:
16:30:55.0257 3416 MBR partitions:
16:30:55.0257 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x9C459D8
16:30:55.0272 3416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB3B6791, BlocksNum 0x2EFCE4B0
16:30:55.0272 3416 ============================================================
16:30:55.0303 3416 C: <-> \Device\Harddisk0\DR0\Partition1
16:30:55.0335 3416 D: <-> \Device\Harddisk0\DR0\Partition2
16:30:55.0335 3416 ============================================================
16:30:55.0335 3416 Initialize success
16:30:55.0335 3416 ============================================================
16:30:59.0016 5400 ============================================================
16:30:59.0016 5400 Scan started
16:30:59.0016 5400 Mode: Manual;
16:30:59.0016 5400 ============================================================
16:30:59.0297 5400 ================ Scan system memory ========================
16:30:59.0297 5400 System memory - ok
16:30:59.0297 5400 ================ Scan services =============================
16:30:59.0375 5400 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:30:59.0375 5400 !SASCORE - ok
16:30:59.0547 5400 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:30:59.0547 5400 1394ohci - ok
16:30:59.0578 5400 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:30:59.0578 5400 ACPI - ok
16:30:59.0609 5400 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:30:59.0609 5400 AcpiPmi - ok
16:30:59.0749 5400 [ C42AFB9B90F4CEE574294E524262E796 ] Active@ Disk Monitor C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
16:30:59.0781 5400 Active@ Disk Monitor - ok
16:30:59.0890 5400 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:30:59.0890 5400 AdobeARMservice - ok
16:30:59.0983 5400 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:59.0983 5400 AdobeFlashPlayerUpdateSvc - ok
16:31:00.0030 5400 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:31:00.0030 5400 adp94xx - ok
16:31:00.0046 5400 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:31:00.0061 5400 adpahci - ok
16:31:00.0061 5400 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:31:00.0077 5400 adpu320 - ok
16:31:00.0093 5400 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:31:00.0093 5400 AeLookupSvc - ok
16:31:00.0171 5400 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:31:00.0171 5400 AFD - ok
16:31:00.0202 5400 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:31:00.0202 5400 agp440 - ok
16:31:00.0249 5400 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:31:00.0249 5400 aic78xx - ok
16:31:00.0451 5400 [ ECD75EB9678D3AE4F610751E42B50239 ] Akamai c:\program files\common files\akamai\netsession_win_b31de1e.dll
16:31:00.0545 5400 Akamai - ok
16:31:00.0592 5400 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:31:00.0592 5400 ALG - ok
16:31:00.0654 5400 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:31:00.0654 5400 aliide - ok
16:31:00.0763 5400 ALSysIO - ok
16:31:00.0779 5400 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:31:00.0779 5400 amdagp - ok
16:31:00.0826 5400 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:31:00.0826 5400 amdide - ok
16:31:00.0857 5400 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:31:00.0857 5400 AmdK8 - ok
16:31:00.0873 5400 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:31:00.0873 5400 AmdPPM - ok
16:31:00.0919 5400 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:31:00.0919 5400 amdsata - ok
16:31:00.0935 5400 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:31:00.0935 5400 amdsbs - ok
16:31:00.0951 5400 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:31:00.0951 5400 amdxata - ok
16:31:00.0997 5400 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:31:00.0997 5400 AppID - ok
16:31:01.0029 5400 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:31:01.0029 5400 AppIDSvc - ok
16:31:01.0060 5400 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:31:01.0060 5400 Appinfo - ok
16:31:01.0107 5400 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:31:01.0107 5400 AppMgmt - ok
16:31:01.0138 5400 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:31:01.0138 5400 arc - ok
16:31:01.0153 5400 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:31:01.0153 5400 arcsas - ok
16:31:01.0231 5400 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
16:31:01.0231 5400 ASLDRService - ok
16:31:01.0294 5400 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
16:31:01.0294 5400 ASMMAP - ok
16:31:01.0309 5400 ASUSProcObsrv - ok
16:31:01.0325 5400 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:01.0325 5400 AsyncMac - ok
16:31:01.0372 5400 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:31:01.0372 5400 atapi - ok
16:31:01.0450 5400 [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr C:\Windows\system32\DRIVERS\athr.sys
16:31:01.0512 5400 athr - ok
16:31:01.0528 5400 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
16:31:01.0699 5400 ATKGFNEXSrv - ok
16:31:01.0777 5400 [ 547F07839F71A4357A5E503646CAC2B0 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
16:31:01.0809 5400 atksgt - ok
16:31:01.0871 5400 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:01.0871 5400 AudioEndpointBuilder - ok
16:31:01.0887 5400 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:31:01.0887 5400 Audiosrv - ok
16:31:01.0933 5400 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:31:01.0933 5400 AxInstSV - ok
16:31:01.0965 5400 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:31:01.0965 5400 b06bdrv - ok
16:31:02.0011 5400 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:31:02.0011 5400 b57nd60x - ok
16:31:02.0043 5400 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:31:02.0058 5400 BDESVC - ok
16:31:02.0074 5400 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:31:02.0074 5400 Beep - ok
16:31:02.0121 5400 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:31:02.0136 5400 BFE - ok
16:31:02.0152 5400 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:31:02.0152 5400 BITS - ok
16:31:02.0183 5400 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:02.0183 5400 blbdrive - ok
16:31:02.0214 5400 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:31:02.0214 5400 bowser - ok
16:31:02.0230 5400 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:31:02.0230 5400 BrFiltLo - ok
16:31:02.0245 5400 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:31:02.0245 5400 BrFiltUp - ok
16:31:02.0292 5400 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:31:02.0292 5400 Browser - ok
16:31:02.0308 5400 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:31:02.0308 5400 Brserid - ok
16:31:02.0323 5400 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:02.0323 5400 BrSerWdm - ok
16:31:02.0339 5400 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:02.0339 5400 BrUsbMdm - ok
16:31:02.0355 5400 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:02.0355 5400 BrUsbSer - ok
16:31:02.0417 5400 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:31:02.0417 5400 BthEnum - ok
16:31:02.0417 5400 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:31:02.0433 5400 BTHMODEM - ok
16:31:02.0464 5400 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:31:02.0464 5400 BthPan - ok
16:31:02.0495 5400 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:31:02.0495 5400 BTHPORT - ok
16:31:02.0526 5400 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:31:02.0542 5400 bthserv - ok
16:31:02.0542 5400 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:31:02.0557 5400 BTHUSB - ok
16:31:02.0589 5400 [ 463483285B2D2D345443AAEE7B9391E7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:31:02.0589 5400 btwaudio - ok
16:31:02.0620 5400 [ 4F82B6173EF8637CB26CF4E73B90F172 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:31:02.0620 5400 btwavdt - ok
16:31:02.0682 5400 [ B78D1ACA1BBD0077848D9F87C8207AB1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:31:02.0698 5400 btwdins - ok
16:31:02.0745 5400 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:31:02.0745 5400 btwl2cap - ok
16:31:02.0776 5400 [ F771034F5B59A4A5054A2FA6F4E9F28B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:31:02.0776 5400 btwrchid - ok
16:31:02.0807 5400 catchme - ok
16:31:02.0838 5400 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:31:02.0838 5400 cdfs - ok
16:31:02.0901 5400 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:31:02.0901 5400 cdrom - ok
16:31:02.0947 5400 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:31:02.0947 5400 CertPropSvc - ok
16:31:02.0979 5400 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:31:02.0979 5400 circlass - ok
16:31:03.0010 5400 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:31:03.0010 5400 CLFS - ok
16:31:03.0072 5400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:03.0072 5400 clr_optimization_v2.0.50727_32 - ok
16:31:03.0135 5400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:03.0135 5400 clr_optimization_v4.0.30319_32 - ok
16:31:03.0150 5400 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:31:03.0150 5400 CmBatt - ok
16:31:03.0197 5400 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:31:03.0197 5400 cmdide - ok
16:31:03.0228 5400 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
16:31:03.0244 5400 CNG - ok
16:31:03.0275 5400 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:31:03.0275 5400 Compbatt - ok
16:31:03.0306 5400 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:31:03.0306 5400 CompositeBus - ok
16:31:03.0322 5400 COMSysApp - ok
16:31:03.0400 5400 cpuz135 - ok
16:31:03.0431 5400 cpuz136 - ok
16:31:03.0462 5400 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:31:03.0462 5400 crcdisk - ok
16:31:03.0525 5400 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:31:03.0525 5400 CryptSvc - ok
16:31:03.0587 5400 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:31:03.0587 5400 CSC - ok
16:31:03.0603 5400 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:31:03.0618 5400 CscService - ok
16:31:03.0634 5400 CV2K1 - ok
16:31:03.0681 5400 [ EC0CC1AA9ABFE9A32DAA66832CB06271 ] CYUSB C:\Windows\system32\Drivers\CYUSB.sys
16:31:03.0681 5400 CYUSB - ok
16:31:03.0743 5400 [ 92A16DF81F6CFEEBF93204217C38DAE0 ] danewFltr C:\Windows\system32\drivers\danew.sys
16:31:03.0743 5400 danewFltr - ok
16:31:03.0774 5400 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:31:03.0790 5400 DcomLaunch - ok
16:31:03.0805 5400 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:31:03.0821 5400 defragsvc - ok
16:31:03.0852 5400 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:31:03.0852 5400 DfsC - ok
16:31:03.0930 5400 [ 649705E3DAE598BC0F957BACBF9A2BD5 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:31:03.0930 5400 dg_ssudbus - ok
16:31:03.0993 5400 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:31:03.0993 5400 Dhcp - ok
16:31:04.0008 5400 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:31:04.0008 5400 discache - ok
16:31:04.0039 5400 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:31:04.0039 5400 Disk - ok
16:31:04.0071 5400 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:31:04.0071 5400 Dnscache - ok
16:31:04.0149 5400 [ 04036AB29BC52A71A70BAA16FA33F8AE ] Dokan C:\Windows\system32\drivers\dokan.sys
16:31:04.0164 5400 Dokan - ok
16:31:04.0195 5400 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files\Dokan\DokanLibrary\mounter.exe
16:31:04.0211 5400 DokanMounter - ok
16:31:04.0258 5400 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:31:04.0258 5400 dot3svc - ok
16:31:04.0305 5400 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:31:04.0305 5400 DPS - ok
16:31:04.0336 5400 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:31:04.0336 5400 drmkaud - ok
16:31:04.0383 5400 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:31:04.0414 5400 DXGKrnl - ok
16:31:04.0461 5400 EagleXNt - ok
16:31:04.0492 5400 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:31:04.0492 5400 EapHost - ok
16:31:04.0570 5400 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:31:04.0632 5400 ebdrv - ok
16:31:04.0679 5400 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:31:04.0679 5400 EFS - ok
16:31:04.0741 5400 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:31:04.0773 5400 ehRecvr - ok
16:31:04.0804 5400 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:31:04.0835 5400 ehSched - ok
16:31:04.0866 5400 EIO - ok
16:31:04.0882 5400 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:31:04.0897 5400 elxstor - ok
16:31:04.0913 5400 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:31:04.0913 5400 ErrDev - ok
16:31:04.0929 5400 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:31:04.0944 5400 EventSystem - ok
16:31:04.0960 5400 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:31:04.0960 5400 exfat - ok
16:31:04.0975 5400 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:31:04.0975 5400 fastfat - ok
16:31:05.0022 5400 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:31:05.0038 5400 Fax - ok
16:31:05.0053 5400 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:31:05.0053 5400 fdc - ok
16:31:05.0085 5400 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:31:05.0085 5400 fdPHost - ok
16:31:05.0100 5400 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:31:05.0100 5400 FDResPub - ok
16:31:05.0131 5400 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:31:05.0131 5400 FileInfo - ok
16:31:05.0147 5400 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:31:05.0163 5400 Filetrace - ok
16:31:05.0209 5400 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:31:05.0209 5400 FLEXnet Licensing Service - ok
16:31:05.0225 5400 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:31:05.0225 5400 flpydisk - ok
16:31:05.0272 5400 [ 66D252E6BD9BC2D9EC961032B2246874 ] FlrnUSB C:\Windows\system32\DRIVERS\LtkUSB.sys
16:31:05.0287 5400 FlrnUSB - ok
16:31:05.0287 5400 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:31:05.0303 5400 FltMgr - ok
16:31:05.0365 5400 [ 99392D03F32BE1DB9C395708F21551F1 ] FMMService C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
16:31:05.0381 5400 FMMService - ok
16:31:05.0443 5400 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:31:05.0459 5400 FontCache - ok
16:31:05.0537 5400 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:31:05.0537 5400 FontCache3.0.0.0 - ok
16:31:05.0553 5400 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:31:05.0553 5400 FsDepends - ok
16:31:05.0584 5400 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:31:05.0584 5400 Fs_Rec - ok
16:31:05.0631 5400 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:31:05.0646 5400 fvevol - ok
16:31:05.0662 5400 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:31:05.0662 5400 gagp30kx - ok
16:31:05.0709 5400 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:31:05.0724 5400 gpsvc - ok
16:31:05.0755 5400 [ 69155FC3F92E8DA5A7E1D8F5DE4C534A ] GRemoteBus C:\Windows\system32\DRIVERS\GRemoteBus.sys
16:31:05.0787 5400 GRemoteBus - ok
16:31:05.0818 5400 [ B5A29B6C44F78FAA54E552F7E4AEEBD3 ] GRemoteJoy C:\Windows\system32\DRIVERS\GRemoteJoy.sys
16:31:05.0849 5400 GRemoteJoy - ok
16:31:05.0958 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:05.0974 5400 gupdate - ok
16:31:05.0974 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:05.0989 5400 gupdatem - ok
16:31:06.0005 5400 [ D30B31375C40309425C21EFE75DB90BB ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:31:06.0005 5400 hamachi - ok
16:31:06.0036 5400 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:31:06.0036 5400 hcw85cir - ok
16:31:06.0067 5400 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:31:06.0083 5400 HdAudAddService - ok
16:31:06.0099 5400 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:31:06.0099 5400 HDAudBus - ok
16:31:06.0114 5400 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:31:06.0114 5400 HidBatt - ok
16:31:06.0145 5400 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:31:06.0145 5400 HidBth - ok
16:31:06.0161 5400 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:31:06.0161 5400 HidIr - ok
16:31:06.0177 5400 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:31:06.0177 5400 hidserv - ok
16:31:06.0239 5400 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:31:06.0239 5400 HidUsb - ok
16:31:06.0270 5400 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:31:06.0270 5400 hkmsvc - ok
16:31:06.0301 5400 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:31:06.0301 5400 HomeGroupListener - ok
16:31:06.0333 5400 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:31:06.0333 5400 HomeGroupProvider - ok
16:31:06.0348 5400 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:31:06.0348 5400 HpSAMD - ok
16:31:06.0395 5400 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:31:06.0395 5400 HTTP - ok
16:31:06.0426 5400 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:31:06.0426 5400 hwpolicy - ok
16:31:06.0473 5400 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:31:06.0489 5400 i8042prt - ok
16:31:06.0520 5400 [ 9F1220113A3A7F4F08042C699324D073 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:31:06.0520 5400 iaStor - ok
16:31:06.0567 5400 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:31:06.0567 5400 iaStorV - ok
16:31:06.0629 5400 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:31:06.0660 5400 IDriverT - ok
16:31:06.0723 5400 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:31:06.0754 5400 idsvc - ok
16:31:06.0769 5400 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:31:06.0769 5400 iirsp - ok
16:31:06.0816 5400 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:31:06.0816 5400 IKEEXT - ok
16:31:06.0910 5400 [ 22980CE70CF3937E48CB7C46A9A1C5F1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:31:06.0988 5400 IntcAzAudAddService - ok
16:31:06.0988 5400 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:31:07.0003 5400 intelide - ok
16:31:07.0035 5400 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:31:07.0035 5400 intelppm - ok
16:31:07.0066 5400 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:31:07.0066 5400 IPBusEnum - ok
16:31:07.0081 5400 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:07.0081 5400 IpFilterDriver - ok
16:31:07.0128 5400 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:31:07.0128 5400 iphlpsvc - ok
16:31:07.0159 5400 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:31:07.0159 5400 IPMIDRV - ok
16:31:07.0175 5400 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:31:07.0175 5400 IPNAT - ok
16:31:07.0206 5400 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:31:07.0206 5400 IRENUM - ok
16:31:07.0222 5400 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:31:07.0222 5400 isapnp - ok
16:31:07.0237 5400 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:31:07.0237 5400 iScsiPrt - ok
16:31:07.0284 5400 [ 37412294EA4B70ED8B4A9338EBAEECAA ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
16:31:07.0300 5400 ivusb - ok
16:31:07.0331 5400 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:31:07.0331 5400 kbdclass - ok
16:31:07.0347 5400 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:31:07.0347 5400 kbdhid - ok
16:31:07.0393 5400 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:31:07.0393 5400 kbfiltr - ok
16:31:07.0409 5400 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:31:07.0409 5400 KeyIso - ok
16:31:07.0440 5400 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:31:07.0456 5400 KSecDD - ok
16:31:07.0456 5400 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:31:07.0471 5400 KSecPkg - ok
16:31:07.0487 5400 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:31:07.0503 5400 KtmRm - ok
16:31:07.0549 5400 [ 1C2AF919FDE8ED307135B6487AF4D7F8 ] L1C C:\Windows\system32\DRIVERS\L1C60x86.sys
16:31:07.0549 5400 L1C - ok
16:31:07.0581 5400 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:31:07.0581 5400 LanmanServer - ok
16:31:07.0612 5400 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:31:07.0612 5400 LanmanWorkstation - ok
16:31:07.0659 5400 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
16:31:07.0659 5400 lirsgt - ok
16:31:07.0690 5400 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:31:07.0690 5400 lltdsvc - ok
16:31:07.0705 5400 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:31:07.0705 5400 lmhosts - ok
16:31:07.0737 5400 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:31:07.0737 5400 LSI_FC - ok
16:31:07.0752 5400 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:31:07.0752 5400 LSI_SAS - ok
16:31:07.0768 5400 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:31:07.0768 5400 LSI_SAS2 - ok
16:31:07.0783 5400 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:31:07.0783 5400 LSI_SCSI - ok
16:31:07.0799 5400 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:31:07.0799 5400 luafv - ok
16:31:07.0830 5400 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:31:07.0846 5400 Mcx2Svc - ok
16:31:07.0861 5400 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:31:07.0861 5400 megasas - ok
16:31:07.0877 5400 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:31:07.0877 5400 MegaSR - ok
16:31:08.0002 5400 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
16:31:08.0033 5400 mi-raysat_3dsmax2010_32 - ok
16:31:08.0080 5400 Microsoft SharePoint Workspace Audit Service - ok
16:31:08.0111 5400 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:31:08.0111 5400 MMCSS - ok
16:31:08.0127 5400 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:31:08.0127 5400 Modem - ok
16:31:08.0158 5400 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:31:08.0158 5400 monitor - ok
16:31:08.0189 5400 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:31:08.0205 5400 mouclass - ok
16:31:08.0205 5400 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:31:08.0205 5400 mouhid - ok
16:31:08.0251 5400 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:31:08.0251 5400 mountmgr - ok
16:31:08.0298 5400 [ A7ACF488B76F447A06C55BA3AE319E9D ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:31:08.0298 5400 MozillaMaintenance - ok
16:31:08.0345 5400 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:31:08.0345 5400 MpFilter - ok
16:31:08.0376 5400 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:31:08.0392 5400 mpio - ok
16:31:08.0548 5400 [ A69630D039C38018689190234F866D77 ] MpKsl4b372782 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F42C346-011C-461C-AE9F-2A84A6C2A463}\MpKsl4b372782.sys
16:31:08.0548 5400 MpKsl4b372782 - ok
16:31:08.0579 5400 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:31:08.0579 5400 mpsdrv - ok
16:31:08.0626 5400 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:31:08.0626 5400 MpsSvc - ok
16:31:08.0673 5400 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:31:08.0673 5400 MRxDAV - ok
16:31:08.0719 5400 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:08.0719 5400 mrxsmb - ok
16:31:08.0751 5400 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:08.0751 5400 mrxsmb10 - ok
16:31:08.0766 5400 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:08.0766 5400 mrxsmb20 - ok
16:31:08.0782 5400 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:31:08.0782 5400 msahci - ok
16:31:08.0813 5400 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:31:08.0813 5400 msdsm - ok
16:31:08.0829 5400 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:31:08.0829 5400 MSDTC - ok
16:31:08.0844 5400 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:31:08.0844 5400 Msfs - ok
16:31:08.0860 5400 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:31:08.0860 5400 mshidkmdf - ok
16:31:08.0891 5400 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:31:08.0907 5400 msisadrv - ok
16:31:08.0938 5400 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:31:08.0938 5400 MSiSCSI - ok
16:31:08.0938 5400 msiserver - ok
16:31:08.0953 5400 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:31:08.0953 5400 MSKSSRV - ok
16:31:09.0047 5400 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:31:09.0047 5400 MsMpSvc - ok
16:31:09.0063 5400 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:09.0063 5400 MSPCLOCK - ok
16:31:09.0063 5400 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:31:09.0063 5400 MSPQM - ok
16:31:09.0078 5400 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:31:09.0078 5400 MsRPC - ok
16:31:09.0125 5400 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:31:09.0125 5400 mssmbios - ok
16:31:09.0125 5400 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:31:09.0125 5400 MSTEE - ok
16:31:09.0141 5400 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:31:09.0141 5400 MTConfig - ok
16:31:09.0156 5400 [ 2E71504A74BE4E3D4EA94568EFF7556E ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
16:31:09.0156 5400 MTsensor - ok
16:31:09.0172 5400 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:31:09.0172 5400 Mup - ok
16:31:09.0219 5400 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:31:09.0219 5400 napagent - ok
16:31:09.0250 5400 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:31:09.0250 5400 NativeWifiP - ok
16:31:09.0328 5400 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
16:31:09.0343 5400 NAUpdate - ok
16:31:09.0390 5400 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:31:09.0390 5400 NDIS - ok
16:31:09.0406 5400 ndisahMP - ok
16:31:09.0437 5400 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:09.0437 5400 NdisCap - ok
16:31:09.0468 5400 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:09.0484 5400 NdisTapi - ok
16:31:09.0515 5400 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:09.0531 5400 Ndisuio - ok
16:31:09.0562 5400 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:09.0562 5400 NdisWan - ok
16:31:09.0577 5400 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:31:09.0577 5400 NDProxy - ok
16:31:09.0593 5400 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:31:09.0593 5400 NetBIOS - ok
16:31:09.0655 5400 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:31:09.0655 5400 NetBT - ok
16:31:09.0655 5400 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:31:09.0671 5400 Netlogon - ok
16:31:09.0718 5400 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:31:09.0718 5400 Netman - ok
16:31:09.0733 5400 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:31:09.0749 5400 netprofm - ok
16:31:09.0780 5400 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:31:09.0780 5400 NetTcpPortSharing - ok
16:31:09.0811 5400 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:31:09.0811 5400 nfrd960 - ok
16:31:09.0858 5400 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:31:09.0874 5400 NisDrv - ok
16:31:09.0905 5400 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:31:09.0905 5400 NisSrv - ok
16:31:09.0936 5400 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:31:09.0936 5400 NlaSvc - ok
16:31:10.0014 5400 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
16:31:10.0014 5400 NPF - ok
16:31:10.0014 5400 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:31:10.0030 5400 Npfs - ok
16:31:10.0061 5400 npggsvc - ok
16:31:10.0092 5400 NPVR Recording Service - ok
16:31:10.0123 5400 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:31:10.0123 5400 nsi - ok
16:31:10.0139 5400 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:31:10.0139 5400 nsiproxy - ok
16:31:10.0311 5400 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:31:10.0342 5400 Ntfs - ok
16:31:10.0389 5400 nTuneService - ok
16:31:10.0420 5400 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:31:10.0420 5400 Null - ok
16:31:10.0467 5400 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:31:10.0467 5400 NVHDA - ok
16:31:10.0701 5400 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:31:10.0935 5400 nvlddmkm - ok
16:31:10.0981 5400 [ 61D6B1C71AD94F8485E966BEBC36D092 ] NVR0Dev C:\Windows\nvoclock.sys
16:31:10.0997 5400 NVR0Dev - ok
16:31:11.0028 5400 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:31:11.0028 5400 nvraid - ok
16:31:11.0075 5400 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:31:11.0075 5400 nvstor - ok
16:31:11.0091 5400 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:31:11.0106 5400 nvsvc - ok
16:31:11.0169 5400 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:31:11.0200 5400 nvUpdatusService - ok
16:31:11.0247 5400 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:31:11.0247 5400 nv_agp - ok
16:31:11.0247 5400 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:31:11.0247 5400 ohci1394 - ok
16:31:11.0278 5400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:31:11.0278 5400 ose - ok
16:31:11.0418 5400 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:31:11.0496 5400 osppsvc - ok
16:31:11.0527 5400 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:31:11.0543 5400 p2pimsvc - ok
16:31:11.0559 5400 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:31:11.0574 5400 p2psvc - ok
16:31:11.0605 5400 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:31:11.0605 5400 Parport - ok
16:31:11.0637 5400 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:31:11.0637 5400 partmgr - ok
16:31:11.0637 5400 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:31:11.0637 5400 Parvdm - ok
16:31:11.0652 5400 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:31:11.0668 5400 PcaSvc - ok
16:31:11.0683 5400 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:31:11.0683 5400 pci - ok
16:31:11.0715 5400 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:31:11.0715 5400 pciide - ok
16:31:11.0746 5400 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:31:11.0746 5400 pcmcia - ok
16:31:11.0746 5400 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:31:11.0746 5400 pcw - ok
16:31:11.0777 5400 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:31:11.0793 5400 PEAUTH - ok
16:31:11.0839 5400 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:31:11.0871 5400 PeerDistSvc - ok
16:31:11.0949 5400 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:31:11.0995 5400 pla - ok
16:31:12.0042 5400 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:31:12.0042 5400 PlugPlay - ok
16:31:12.0089 5400 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
16:31:12.0105 5400 PnkBstrA - ok
16:31:12.0120 5400 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:31:12.0120 5400 PNRPAutoReg - ok
16:31:12.0136 5400 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:31:12.0136 5400 PNRPsvc - ok
16:31:12.0183 5400 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:31:12.0198 5400 PolicyAgent - ok
16:31:12.0229 5400 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:31:12.0229 5400 Power - ok
16:31:12.0276 5400 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:31:12.0276 5400 PptpMiniport - ok
16:31:12.0292 5400 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:31:12.0292 5400 Processor - ok
16:31:12.0323 5400 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:31:12.0323 5400 ProfSvc - ok
16:31:12.0339 5400 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:31:12.0339 5400 ProtectedStorage - ok
16:31:12.0385 5400 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:31:12.0385 5400 Psched - ok
16:31:12.0417 5400 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:31:12.0463 5400 ql2300 - ok
16:31:12.0495 5400 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:31:12.0495 5400 ql40xx - ok
16:31:12.0526 5400 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:31:12.0541 5400 QWAVE - ok
16:31:12.0557 5400 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:31:12.0557 5400 QWAVEdrv - ok
16:31:12.0635 5400 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
16:31:12.0635 5400 RapiMgr - ok
16:31:12.0651 5400 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:31:12.0666 5400 RasAcd - ok
16:31:12.0697 5400 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:31:12.0697 5400 RasAgileVpn - ok
16:31:12.0713 5400 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:31:12.0729 5400 RasAuto - ok
16:31:12.0744 5400 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:31:12.0744 5400 Rasl2tp - ok
16:31:12.0775 5400 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:31:12.0791 5400 RasMan - ok
16:31:12.0791 5400 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:31:12.0791 5400 RasPppoe - ok
16:31:12.0822 5400 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:31:12.0822 5400 RasSstp - ok
16:31:12.0869 5400 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:31:12.0869 5400 rdbss - ok
16:31:12.0885 5400 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:31:12.0885 5400 rdpbus - ok
16:31:12.0916 5400 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:31:12.0916 5400 RDPCDD - ok

[Kobra.svk]

16:31:12.0931 5400 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:31:12.0931 5400 RDPDR - ok
16:31:12.0947 5400 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:31:12.0947 5400 RDPENCDD - ok
16:31:12.0963 5400 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:31:12.0963 5400 RDPREFMP - ok
16:31:13.0025 5400 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:31:13.0025 5400 RdpVideoMiniport - ok
16:31:13.0181 5400 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:31:13.0181 5400 RDPWD - ok
16:31:13.0228 5400 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:31:13.0228 5400 rdyboost - ok
16:31:13.0259 5400 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:31:13.0259 5400 RemoteAccess - ok
16:31:13.0290 5400 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:31:13.0290 5400 RemoteRegistry - ok
16:31:13.0337 5400 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:31:13.0337 5400 RFCOMM - ok
16:31:13.0384 5400 [ A5B12A4B3B774432DB9B9FA221190E59 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:31:13.0384 5400 rimmptsk - ok
16:31:13.0415 5400 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:31:13.0415 5400 rimsptsk - ok
16:31:13.0446 5400 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:31:13.0446 5400 rismxdp - ok
16:31:13.0509 5400 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
16:31:13.0509 5400 rpcapd - ok
16:31:13.0524 5400 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:31:13.0524 5400 RpcEptMapper - ok
16:31:13.0540 5400 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:31:13.0540 5400 RpcLocator - ok
16:31:13.0587 5400 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:31:13.0587 5400 RpcSs - ok
16:31:13.0618 5400 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:31:13.0618 5400 s3cap - ok
16:31:13.0633 5400 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:31:13.0633 5400 SamSs - ok
16:31:13.0711 5400 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:31:13.0711 5400 SASDIFSV - ok
16:31:13.0774 5400 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:31:13.0774 5400 SASKUTIL - ok
16:31:13.0805 5400 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:31:13.0805 5400 sbp2port - ok
16:31:13.0836 5400 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:31:13.0852 5400 SCardSvr - ok
16:31:13.0883 5400 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:31:13.0883 5400 scfilter - ok
16:31:13.0930 5400 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:31:13.0961 5400 Schedule - ok
16:31:13.0992 5400 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:31:13.0992 5400 SCPolicySvc - ok
16:31:14.0039 5400 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:31:14.0039 5400 sdbus - ok
16:31:14.0070 5400 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:31:14.0070 5400 SDRSVC - ok
16:31:14.0117 5400 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:31:14.0117 5400 secdrv - ok
16:31:14.0148 5400 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:31:14.0148 5400 seclogon - ok
16:31:14.0179 5400 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:31:14.0179 5400 SENS - ok
16:31:14.0195 5400 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:31:14.0195 5400 SensrSvc - ok
16:31:14.0211 5400 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:31:14.0211 5400 Serenum - ok
16:31:14.0211 5400 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:31:14.0211 5400 Serial - ok
16:31:14.0226 5400 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:31:14.0226 5400 sermouse - ok
16:31:14.0273 5400 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:31:14.0289 5400 SessionEnv - ok
16:31:14.0304 5400 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:31:14.0320 5400 sffdisk - ok
16:31:14.0320 5400 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:31:14.0320 5400 sffp_mmc - ok
16:31:14.0335 5400 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:31:14.0335 5400 sffp_sd - ok
16:31:14.0367 5400 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:14.0367 5400 sfloppy - ok
16:31:14.0413 5400 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:31:14.0413 5400 SharedAccess - ok
16:31:14.0460 5400 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:31:14.0460 5400 ShellHWDetection - ok
16:31:14.0476 5400 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:31:14.0491 5400 sisagp - ok
16:31:14.0523 5400 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:14.0523 5400 SiSRaid2 - ok
16:31:14.0523 5400 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:14.0523 5400 SiSRaid4 - ok
16:31:14.0616 5400 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:31:14.0616 5400 SkypeUpdate - ok
16:31:14.0663 5400 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:31:14.0663 5400 Smb - ok
16:31:14.0694 5400 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:31:14.0694 5400 SNMPTRAP - ok
16:31:14.0772 5400 [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:31:14.0835 5400 SNP2UVC - ok
16:31:14.0975 5400 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
16:31:14.0975 5400 Soluto - ok
16:31:15.0022 5400 [ 2B215BB93ED3D9E6D21AAEC1D883A89C ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
16:31:15.0037 5400 SolutoLauncherService - ok
16:31:15.0069 5400 [ 379BED16AB0FE75EAF4B19C1F4DD5E37 ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
16:31:15.0100 5400 SolutoRemoteService - ok
16:31:15.0131 5400 [ 8399FC38576E3A4798BA970345EC4213 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
16:31:15.0131 5400 SolutoService - ok
16:31:15.0147 5400 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:31:15.0147 5400 spldr - ok
16:31:15.0193 5400 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:31:15.0193 5400 Spooler - ok
16:31:15.0287 5400 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:31:15.0365 5400 sppsvc - ok
16:31:15.0396 5400 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:31:15.0412 5400 sppuinotify - ok
16:31:15.0459 5400 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\system32\Drivers\sptd.sys
16:31:15.0459 5400 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A
16:31:15.0459 5400 sptd ( LockedFile.Multi.Generic ) - warning
16:31:15.0459 5400 sptd - detected LockedFile.Multi.Generic (1)
16:31:15.0521 5400 [ B747EA555A72070F258B3E31E1392D62 ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
16:31:15.0521 5400 SRS_PremiumSound_Service - ok
16:31:15.0568 5400 [ 543B82F5846CEF761EE98D727C15D539 ] SRS_VolSync_Service C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
16:31:15.0599 5400 SRS_VolSync_Service - ok
16:31:15.0646 5400 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:31:15.0646 5400 srv - ok
16:31:15.0661 5400 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:31:15.0661 5400 srv2 - ok
16:31:15.0677 5400 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:31:15.0677 5400 srvnet - ok
16:31:15.0708 5400 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:31:15.0724 5400 SSDPSRV - ok
16:31:15.0739 5400 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:31:15.0739 5400 SstpSvc - ok
16:31:15.0802 5400 [ 6D82CB78DE57A073E95431F3486B1B27 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:31:15.0802 5400 ssudmdm - ok
16:31:15.0895 5400 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:31:15.0942 5400 StarWindServiceAE - ok
16:31:15.0989 5400 Steam Client Service - ok
16:31:16.0098 5400 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:31:16.0114 5400 Stereo Service - ok
16:31:16.0129 5400 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:31:16.0129 5400 stexstor - ok
16:31:16.0176 5400 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:31:16.0192 5400 StiSvc - ok
16:31:16.0239 5400 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:31:16.0239 5400 storflt - ok
16:31:16.0254 5400 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:31:16.0254 5400 storvsc - ok
16:31:16.0301 5400 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:31:16.0301 5400 swenum - ok
16:31:16.0395 5400 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:31:16.0410 5400 SwitchBoard - ok
16:31:16.0441 5400 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:31:16.0441 5400 swprv - ok
16:31:16.0457 5400 Synth3dVsc - ok
16:31:16.0504 5400 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:31:16.0504 5400 SynTP - ok
16:31:16.0566 5400 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:31:16.0597 5400 SysMain - ok
16:31:16.0629 5400 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:31:16.0644 5400 TabletInputService - ok
16:31:16.0675 5400 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:31:16.0675 5400 TapiSrv - ok
16:31:16.0707 5400 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:31:16.0707 5400 TBS - ok
16:31:16.0753 5400 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:31:16.0785 5400 Tcpip - ok
16:31:16.0831 5400 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:31:16.0847 5400 TCPIP6 - ok
16:31:16.0878 5400 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:31:16.0878 5400 tcpipreg - ok
16:31:16.0925 5400 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
16:31:16.0925 5400 TcUsb - ok
16:31:16.0956 5400 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:31:16.0956 5400 TDPIPE - ok
16:31:17.0003 5400 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:31:17.0003 5400 TDTCP - ok
16:31:17.0034 5400 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:31:17.0034 5400 tdx - ok
16:31:17.0175 5400 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:31:17.0253 5400 TeamViewer7 - ok
16:31:17.0268 5400 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:31:17.0268 5400 TermDD - ok
16:31:17.0315 5400 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:31:17.0315 5400 TermService - ok
16:31:17.0362 5400 [ 59CFDA4EACB3788F8B17F87B49B0AC0E ] Themes C:\Windows\system32\themeservice.dll
16:31:17.0362 5400 Themes - ok
16:31:17.0377 5400 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:31:17.0377 5400 THREADORDER - ok
16:31:17.0393 5400 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:31:17.0409 5400 TrkWks - ok
16:31:17.0471 5400 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:31:17.0549 5400 TrustedInstaller - ok
16:31:17.0580 5400 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:17.0580 5400 tssecsrv - ok
16:31:17.0627 5400 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:31:17.0627 5400 TsUsbFlt - ok
16:31:17.0627 5400 tsusbhub - ok
16:31:17.0705 5400 [ 3BAD51CD26FBE57AD7A4E2A6CC4E282A ] TS_AR5416 C:\Windows\system32\DRIVERS\ts_athw.sys
16:31:17.0783 5400 TS_AR5416 - ok
16:31:17.0845 5400 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:31:17.0845 5400 tunnel - ok
16:31:17.0877 5400 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:31:17.0877 5400 uagp35 - ok
16:31:17.0908 5400 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:31:17.0908 5400 udfs - ok
16:31:17.0955 5400 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:31:17.0955 5400 UI0Detect - ok
16:31:17.0986 5400 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:31:17.0986 5400 uliagpkx - ok
16:31:18.0033 5400 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:31:18.0033 5400 umbus - ok
16:31:18.0064 5400 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:31:18.0064 5400 UmPass - ok
16:31:18.0111 5400 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:31:18.0111 5400 UmRdpService - ok
16:31:18.0142 5400 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:31:18.0157 5400 upnphost - ok
16:31:18.0204 5400 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:18.0204 5400 usbccgp - ok
16:31:18.0235 5400 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:31:18.0235 5400 usbcir - ok
16:31:18.0267 5400 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:31:18.0267 5400 usbehci - ok
16:31:18.0298 5400 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:31:18.0298 5400 usbhub - ok
16:31:18.0345 5400 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:31:18.0345 5400 usbohci - ok
16:31:18.0345 5400 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:31:18.0345 5400 usbprint - ok
16:31:18.0376 5400 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:31:18.0376 5400 usbscan - ok
16:31:18.0391 5400 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:18.0391 5400 USBSTOR - ok
16:31:18.0423 5400 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:31:18.0423 5400 usbuhci - ok
16:31:18.0469 5400 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:31:18.0469 5400 usbvideo - ok
16:31:18.0516 5400 [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
16:31:18.0516 5400 usb_rndisx - ok
16:31:18.0532 5400 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:31:18.0532 5400 UxSms - ok
16:31:18.0547 5400 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:31:18.0547 5400 VaultSvc - ok
16:31:18.0563 5400 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:31:18.0563 5400 vdrvroot - ok
16:31:18.0610 5400 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:31:18.0625 5400 vds - ok
16:31:18.0641 5400 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:18.0641 5400 vga - ok
16:31:18.0657 5400 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:31:18.0657 5400 VgaSave - ok
16:31:18.0672 5400 VGPU - ok
16:31:18.0719 5400 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:31:18.0719 5400 vhdmp - ok
16:31:18.0766 5400 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:31:18.0766 5400 viaagp - ok
16:31:18.0781 5400 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:31:18.0797 5400 ViaC7 - ok
16:31:18.0797 5400 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:31:18.0797 5400 viaide - ok
16:31:18.0875 5400 [ 07C20E596A0838809BC5FF5DE5A65973 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
16:31:18.0875 5400 VKbms - ok
16:31:18.0906 5400 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:31:18.0906 5400 vmbus - ok
16:31:18.0922 5400 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:31:18.0922 5400 VMBusHID - ok
16:31:18.0953 5400 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:31:18.0953 5400 volmgr - ok
16:31:18.0969 5400 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:31:18.0969 5400 volmgrx - ok
16:31:19.0000 5400 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:31:19.0000 5400 volsnap - ok
16:31:19.0015 5400 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:19.0015 5400 vsmraid - ok
16:31:19.0078 5400 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:31:19.0109 5400 VSS - ok
16:31:19.0109 5400 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:31:19.0109 5400 vwifibus - ok
16:31:19.0140 5400 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:31:19.0140 5400 vwififlt - ok
16:31:19.0187 5400 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:31:19.0187 5400 vwifimp - ok
16:31:19.0218 5400 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:31:19.0218 5400 W32Time - ok
16:31:19.0249 5400 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:31:19.0249 5400 WacomPen - ok
16:31:19.0265 5400 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:31:19.0281 5400 WANARP - ok
16:31:19.0281 5400 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:31:19.0281 5400 Wanarpv6 - ok
16:31:19.0343 5400 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:31:19.0343 5400 WatAdminSvc - ok
16:31:19.0561 5400 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:31:19.0608 5400 wbengine - ok
16:31:19.0639 5400 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:31:19.0655 5400 WbioSrvc - ok
16:31:19.0686 5400 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
16:31:19.0686 5400 WcesComm - ok
16:31:19.0733 5400 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:31:19.0733 5400 wcncsvc - ok
16:31:19.0764 5400 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:31:19.0764 5400 WcsPlugInService - ok
16:31:19.0780 5400 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:31:19.0780 5400 Wd - ok
16:31:19.0811 5400 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
16:31:19.0811 5400 WDC_SAM - ok
16:31:19.0889 5400 [ 90C0FE55328FB79292A2DC3B3CBEB12A ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:31:19.0920 5400 WDDMService - ok
16:31:19.0967 5400 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:31:19.0967 5400 Wdf01000 - ok
16:31:20.0045 5400 [ DD017DEB8A60085559E94089801BCCB1 ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:31:20.0185 5400 WDFME - ok
16:31:20.0201 5400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:31:20.0201 5400 WdiServiceHost - ok
16:31:20.0201 5400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:31:20.0217 5400 WdiSystemHost - ok
16:31:20.0232 5400 [ 796A652180ACBAB0771E206043C1F628 ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:31:20.0263 5400 WDSC - ok
16:31:20.0295 5400 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:31:20.0310 5400 WebClient - ok
16:31:20.0326 5400 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:31:20.0341 5400 Wecsvc - ok
16:31:20.0341 5400 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:31:20.0357 5400 wercplsupport - ok
16:31:20.0388 5400 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:31:20.0388 5400 WerSvc - ok
16:31:20.0419 5400 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:20.0419 5400 WfpLwf - ok
16:31:20.0451 5400 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:31:20.0451 5400 WIMMount - ok
16:31:20.0513 5400 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:31:20.0513 5400 WinDefend - ok
16:31:20.0529 5400 WinHttpAutoProxySvc - ok
16:31:20.0575 5400 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:31:20.0591 5400 Winmgmt - ok
16:31:20.0653 5400 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:31:20.0669 5400 WinRM - ok
16:31:20.0747 5400 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
16:31:20.0747 5400 WinUsb - ok
16:31:20.0794 5400 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:31:20.0809 5400 Wlansvc - ok
16:31:20.0919 5400 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:31:20.0919 5400 wlcrasvc - ok
16:31:20.0981 5400 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:31:21.0028 5400 wlidsvc - ok
16:31:21.0090 5400 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
16:31:21.0090 5400 WmBEnum - ok
16:31:21.0137 5400 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
16:31:21.0137 5400 WmFilter - ok
16:31:21.0199 5400 [ 1F596392149CAC51F7C095AF7D533934 ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
16:31:21.0199 5400 WmHidLo - ok
16:31:21.0231 5400 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:31:21.0231 5400 WmiAcpi - ok
16:31:21.0262 5400 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:31:21.0293 5400 wmiApSrv - ok
16:31:21.0387 5400 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:31:21.0402 5400 WMPNetworkSvc - ok
16:31:21.0449 5400 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
16:31:21.0449 5400 WmVirHid - ok
16:31:21.0480 5400 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
16:31:21.0480 5400 WmXlCore - ok
16:31:21.0496 5400 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:31:21.0511 5400 WPCSvc - ok
16:31:21.0543 5400 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:31:21.0558 5400 WPDBusEnum - ok
16:31:21.0574 5400 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:31:21.0574 5400 ws2ifsl - ok
16:31:21.0589 5400 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:31:21.0589 5400 wscsvc - ok
16:31:21.0589 5400 WSearch - ok
16:31:21.0667 5400 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:31:21.0714 5400 wuauserv - ok
16:31:21.0745 5400 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:31:21.0745 5400 WudfPf - ok
16:31:21.0761 5400 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:21.0761 5400 WUDFRd - ok
16:31:21.0808 5400 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:31:21.0808 5400 wudfsvc - ok
16:31:21.0839 5400 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:31:21.0839 5400 WwanSvc - ok
16:31:21.0870 5400 ================ Scan global ===============================
16:31:21.0917 5400 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:31:21.0948 5400 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:31:21.0964 5400 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:31:21.0979 5400 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:31:22.0011 5400 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:31:22.0011 5400 [Global] - ok
16:31:22.0011 5400 ================ Scan MBR ==================================
16:31:22.0026 5400 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:31:22.0432 5400 \Device\Harddisk0\DR0 - ok
16:31:22.0432 5400 ================ Scan VBR ==================================
16:31:22.0432 5400 [ 7E6781A8BD0FBC35E04A6BE02E38EFBE ] \Device\Harddisk0\DR0\Partition1
16:31:22.0432 5400 \Device\Harddisk0\DR0\Partition1 - ok
16:31:22.0463 5400 [ 9A4771A1B2B6C3C3140DE6C7A802023B ] \Device\Harddisk0\DR0\Partition2
16:31:22.0463 5400 \Device\Harddisk0\DR0\Partition2 - ok
16:31:22.0463 5400 ============================================================
16:31:22.0463 5400 Scan finished
16:31:22.0463 5400 ============================================================
16:31:22.0479 1036 Detected object count: 1
16:31:22.0479 1036 Actual detected object count: 1
16:31:50.0106 1036 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
16:31:50.0652 1036 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
16:32:11.0104 2636 Deinitialize success

[Kobra.svk]

ComboFix 13-05-04.01 - Miroslav . 05. 2013 16:44:38.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3071.1917 [GMT 2:00]
Running from: c:\users\Miroslav\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\frapsvid.dll
c:\windows\system32\tmp14FA.tmp
c:\windows\system32\tmp14FB.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))
.
.
2013-05-04 14:54 . 2013-05-04 14:54 -------- d-----w- c:\users\Wiki\AppData\Local\temp
2013-05-04 14:54 . 2013-05-04 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 14:34 . 2013-05-04 14:34 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F42C346-011C-461C-AE9F-2A84A6C2A463}\MpKsld777dfd1.sys
2013-05-04 14:31 . 2013-05-04 14:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-04 14:23 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F42C346-011C-461C-AE9F-2A84A6C2A463}\mpengine.dll
2013-05-02 20:26 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-26 22:16 . 2013-04-26 22:16 -------- d-----w- c:\programdata\Steam
2013-04-23 18:50 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:48 . 2013-04-23 18:48 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43E6FEFB-F3EB-43E3-95ED-383B548C95D2}\gapaengine.dll
2013-04-10 15:36 . 2013-04-10 15:36 -------- d-----w- c:\program files\Common Files\Skype
2013-04-10 10:56 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:56 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 10:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 10:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 10:56 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 10:56 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-07 19:05 . 2013-04-07 19:05 -------- d-----w- C:\Download
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-04 14:34 . 2010-11-26 19:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-02 15:28 . 2010-11-06 15:26 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 12:50 . 2011-05-22 18:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 11:10 . 2012-04-09 19:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 11:10 . 2011-06-02 07:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 10:44 . 2013-03-15 10:44 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 10:44 . 2013-03-15 10:44 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-15 10:44 . 2013-03-15 10:44 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-15 10:44 . 2013-03-15 10:44 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 10:44 . 2013-03-15 10:44 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-15 10:44 . 2013-03-15 10:44 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-15 10:44 . 2013-03-15 10:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-15 10:44 . 2013-03-15 10:44 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-15 10:44 . 2013-03-15 10:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-15 10:44 . 2013-03-15 10:44 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-15 10:44 . 2013-03-15 10:44 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-15 10:44 . 2013-03-15 10:44 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-15 10:44 . 2013-03-15 10:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-15 10:44 . 2013-03-15 10:44 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-15 10:44 . 2013-03-15 10:44 361984 ----a-w- c:\windows\system32\html.iec
2013-03-15 10:44 . 2013-03-15 10:44 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-15 10:44 . 2013-03-15 10:44 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-07 22:07 . 2013-03-07 22:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 22:07 . 2012-06-09 16:29 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-07 22:07 . 2010-11-06 17:35 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-18 07:22 . 2013-02-18 07:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 07:22 . 2013-02-18 07:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-18 07:22 . 2012-07-25 15:29 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-12 04:48 . 2013-03-13 10:22 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-15 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 03:32 . 2013-03-15 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-02-05 16:53 . 2013-03-09 15:07 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52 172032 ----a-w- c:\windows\system32\muzapp.exe
2013-02-05 16:52 . 2013-02-05 16:52 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-02-05 16:52 . 2013-03-09 15:07 821824 ----a-w- c:\windows\system32\dgderapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-06-10 8568832]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-01 98304]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"Mouse Tachometer"="c:\program files\Mouse Tachometer\Mouse Tachometer.exe" [2002-11-01 282624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2011-02-19 248320]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-24 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovková spinka a spúšťač programu OneNote 2010.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Obrazovková spinka a spúšťač programu OneNote 2010.lnk
backup=c:\windows\pss\Obrazovková spinka a spúšťač programu OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobilityManager]
c:\program files\Mobility Manager\MobilityManager [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-09-30 22:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 00:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-04-16 14:10 19662744 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-02-06 04:17 578560 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 18:38 1509232 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-02-13 18:38 310128 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2010-07-01 10:43 220336 ------w- c:\program files\OLYMPUS\ib\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2011-08-18 14:42 93880 ------w- c:\program files\OLYMPUS\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-13 01:36 7707168 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-24 11:31 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 20:17 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2003-03-25 04:49 106544 ----a-w- c:\windows\System32\tweakui.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [x]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files\NPVR\NRecord.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [x]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Miroslav\AppData\Local\Temp\ALSysIO.sys [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\LtkUSB.sys [x]
R3 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [x]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [x]
R3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
R3 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
R3 ndisahMP;ndisahMP;c:\windows\system32\DRIVERS\ndisah.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R3 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R3 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKsld777dfd1;MpKsld777dfd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F42C346-011C-461C-AE9F-2A84A6C2A463}\MpKsld777dfd1.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD777DFD1
*NewlyCreated* - RTCORE32
*Deregistered* - RTCore32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:10]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 21:59]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 21:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.sk
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\n0wmyrw4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.http - 192.168.20.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ERGOM DayOrganizer - c:\program files\Ergom\DayOrganizer\dayorganizer.exe
MSConfigStartUp-FaceSoft - c:\program files\Face Software\FaceSoft.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
MSConfigStartUp-Infium - c:\program files\QIP 2012\qip.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-QIP Internet Guardian - c:\users\Miroslav\AppData\Roaming\QipGuard\QipGuard.exe
MSConfigStartUp-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3699326542-2331523080-999826992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3699326542-2331523080-999826992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-05-04 16:56:58
ComboFix-quarantined-files.txt 2013-05-04 14:56
.
Pre-Run: 19 328 241 664 bytes free
Post-Run: 19 107 696 640 bytes free
.
- - End Of File - - 804A27B76A0B622B4E4C40E3EB868CC3

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
SkypeUpdate
cpuz135
cpuz136

Folder::
c:\program files\Skype\Updater

File::
c:\windows\TEMP\cpuz135\cpuz135_x32.sys
c:\windows\TEMP\cpuz136\cpuz136_x32.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Kobra.svk]

ComboFix 13-05-04.01 - Miroslav . 05. 2013 20:38:07.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3071.1661 [GMT 2:00]
Running from: c:\users\Miroslav\Desktop\ComboFix.exe
Command switches used :: c:\users\Miroslav\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\TEMP\cpuz135\cpuz135_x32.sys"
"c:\windows\TEMP\cpuz136\cpuz136_x32.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Config.ini
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Legacy_CPUZ136
-------\Service_cpuz135
-------\Service_cpuz136
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))
.
.
2013-05-04 18:47 . 2013-05-04 18:47 -------- d-----w- c:\users\Wiki\AppData\Local\temp
2013-05-04 18:47 . 2013-05-04 18:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-04 18:47 . 2013-05-04 18:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-04 18:47 . 2013-05-04 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 16:17 . 2013-05-04 16:17 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5419EE5-EE65-46EE-AAFB-D7FB1EDFBE34}\MpKslb8044832.sys
2013-05-04 15:42 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5419EE5-EE65-46EE-AAFB-D7FB1EDFBE34}\mpengine.dll
2013-05-04 15:27 . 2013-05-04 15:44 -------- d-----w- c:\users\Miroslav\AppData\Local\Adobe
2013-05-04 14:31 . 2013-05-04 14:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-02 20:26 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-26 22:16 . 2013-04-26 22:16 -------- d-----w- c:\programdata\Steam
2013-04-23 18:50 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:48 . 2013-04-23 18:48 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43E6FEFB-F3EB-43E3-95ED-383B548C95D2}\gapaengine.dll
2013-04-10 15:36 . 2013-04-10 15:36 -------- d-----w- c:\program files\Common Files\Skype
2013-04-10 10:56 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:56 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 10:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 10:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 10:56 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 10:56 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-07 19:05 . 2013-04-07 19:05 -------- d-----w- C:\Download
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-04 18:50 . 2010-11-26 19:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-04 17:12 . 2012-04-09 19:32 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-04 17:12 . 2011-06-02 07:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2010-11-06 15:26 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 12:50 . 2011-05-22 18:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 10:44 . 2013-03-15 10:44 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 10:44 . 2013-03-15 10:44 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-15 10:44 . 2013-03-15 10:44 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-15 10:44 . 2013-03-15 10:44 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 10:44 . 2013-03-15 10:44 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-15 10:44 . 2013-03-15 10:44 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-15 10:44 . 2013-03-15 10:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-15 10:44 . 2013-03-15 10:44 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-15 10:44 . 2013-03-15 10:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-15 10:44 . 2013-03-15 10:44 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-15 10:44 . 2013-03-15 10:44 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-15 10:44 . 2013-03-15 10:44 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-15 10:44 . 2013-03-15 10:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-15 10:44 . 2013-03-15 10:44 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-15 10:44 . 2013-03-15 10:44 361984 ----a-w- c:\windows\system32\html.iec
2013-03-15 10:44 . 2013-03-15 10:44 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-15 10:44 . 2013-03-15 10:44 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-07 22:07 . 2013-03-07 22:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 22:07 . 2012-06-09 16:29 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-07 22:07 . 2010-11-06 17:35 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-18 07:22 . 2013-02-18 07:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 07:22 . 2013-02-18 07:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-18 07:22 . 2012-07-25 15:29 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-12 04:48 . 2013-03-13 10:22 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-15 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 03:32 . 2013-03-15 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-02-05 16:53 . 2013-03-09 15:07 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-02-05 16:52 . 2013-03-09 15:07 821824 ----a-w- c:\windows\system32\dgderapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-06-10 8568832]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-01 98304]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"Mouse Tachometer"="c:\program files\Mouse Tachometer\Mouse Tachometer.exe" [2002-11-01 282624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2011-02-19 248320]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-24 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovková spinka a spúšťač programu OneNote 2010.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Obrazovková spinka a spúšťač programu OneNote 2010.lnk
backup=c:\windows\pss\Obrazovková spinka a spúšťač programu OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobilityManager]
c:\program files\Mobility Manager\MobilityManager [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-09-30 22:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 00:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-04-16 14:10 19662744 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-02-06 04:17 578560 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 18:38 1509232 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-02-13 18:38 310128 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2010-07-01 10:43 220336 ------w- c:\program files\OLYMPUS\ib\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2011-08-18 14:42 93880 ------w- c:\program files\OLYMPUS\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-13 01:36 7707168 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-24 11:31 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 20:17 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2003-03-25 04:49 106544 ----a-w- c:\windows\System32\tweakui.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 NPVR Recording Service;NPVR Recording Service;c:\program files\NPVR\NRecord.exe [x]
R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [x]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Miroslav\AppData\Local\Temp\ALSysIO.sys [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\LtkUSB.sys [x]
R3 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [x]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [x]
R3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
R3 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
R3 ndisahMP;ndisahMP;c:\windows\system32\DRIVERS\ndisah.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R3 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R3 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKslb8044832;MpKslb8044832;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5419EE5-EE65-46EE-AAFB-D7FB1EDFBE34}\MpKslb8044832.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 17:12]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.sk
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\n0wmyrw4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.http - 192.168.20.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3699326542-2331523080-999826992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3699326542-2331523080-999826992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-04 20:56:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-04 18:56
ComboFix2.txt 2013-05-04 14:56
.
Pre-Run: 18 459 566 080 bytes free
Post-Run: 18 221 105 152 bytes free
.
- - End Of File - - DF5B7A59FBAEC4BFD4BB06F3C4AAD1D8

[jaro3]

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.