Solved Problems with sirefef/patched.a.gen trojan

vlac112

Posts: 14   +0
Hi,

I made the steps with the logs, could you please help me with this trojans? Thank you in advance.


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Babi :: BABI-PC [administrator]

Protection: Enabled

2012.10.13. 1:04:00
mbam-log-2012-10-13 (01-04-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206907
Time elapsed: 1 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-13 00:46:45
Windows 6.1.7601 Service Pack 1
Running: wuorfjqr.exe




---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5f3d92a
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Games\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xF9 0x68 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0x43 0xAB 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xE3 0x85 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5f3d92a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Games\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xF9 0x68 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0x43 0xAB 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xE3 0x85 0xBD ...

---- EOF - GMER 1.0.15 ----




DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Babi at 0:47:53 on 2012-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.4092.2529 [GMT 2:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
mRun: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\441435D2457425 : DhcpNameServer = 195.184.180.4 195.184.181.4
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\544696D616870225F657475627 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\75966696A5F6E65623 : DhcpNameServer = 10.103.82.254
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\84F4453505F445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\B62756D216A6B6 : DhcpNameServer = 213.163.34.66 62.77.203.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
mRun-x64: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
mRun-x64: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: {88485281-8b4b-4f8d-9ede-82e29a064277}: MarkAny Contents Safer Manager 1.0
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\
FF - prefs.js: browser.startup.homepage - www.google.hu
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-3-18 172328]
R2 Windows Trace Session Manager;Windows Trace Session Manager;C:\Program Files (x86)\Microsoft Enterprise Instrumentation\Bin\Trace Service\TraceSessionManager.exe [2003-9-3 125616]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 INIDVD;Initio USB DVD Filter Driver;C:\Windows\system32\DRIVERS\inidvd.sys --> C:\Windows\system32\DRIVERS\inidvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/14 09:15:32;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-25 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca9f7d64f5f5ff;Google frissítési szolgáltatás (gupdate1ca9f7d64f5f5ff);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 250808]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-12 22:05:34 -------- d-----w- C:\Users\Babi\AppData\Roaming\Malwarebytes
2012-10-12 22:05:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-12 22:05:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-12 22:05:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 10:06:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-10 16:43:33 -------- d-----w- C:\Users\Babi\AppData\Roaming\Frogwares
2012-10-10 14:04:18 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 14:04:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 14:04:08 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 14:04:08 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 14:02:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 14:46:15 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1FF99D6-98C7-4132-8B88-CBCAA651D401}\mpengine.dll
2012-10-08 18:25:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-10-08 18:06:12 -------- d-----w- C:\Program Files (x86)\Focus
2012-09-26 12:48:26 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-23 10:24:36 304128 ----a-w- C:\Windows\IsUninst.exe
2012-09-23 09:51:02 -------- d-----w- C:\ProgramData\Fugazo
.
==================== Find3M ====================
.
2012-10-10 16:48:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 16:48:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-26 12:56:21 138400 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2012-08-26 12:56:21 138400 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 0:48:36,55 ===============


DSS Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2010.01.27. 10:19:39
System Uptime: 2012.10.13. 0:10:51 (0 hours ago)
.
Motherboard: Dell Inc. | | 0CJG36
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 3,345 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 - Hungarian
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
AnyDVD
Apple Application Support
Apple Software Update
Aqualux Deluxe 1.2.0.0
ArcSoft TotalMedia Theatre 3
ATI Catalyst Control Center
Audacity 1.3.13 (Unicode)
AviSynth 2.5
Batman: Arkham Asylum
BDCMF Creator Ver1.2.4b
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CDex extraction audio
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneCD
CrystalSetup
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerBackup
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
Dell Webcam Central
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.9.2 (12/05/2011) Qt
EasyBD Lite 1.0
Enterprise Instrumentation
ffdshow v1.1.3882 [2011-06-13]
FFmpeg v0.6.2 for Audacity
Film Fatale
Google Chrome
Google Föld
Google Update Helper
Haali Media Splitter
Heroes of Might and Magic® IV
Heroes of Might and Magic® IV: Winds of War
ImageMagick 6.2.2-4 Q8 (05/14/05)
ImgBurn
Intel(R) Rapid Storage Technology
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 31
Kompatibilitási csomag a 2007-es Office rendszerhez
LADSPA_plugins-win-0.4.15
Lame ACM MP3 Codec
LAME v3.98.3 for Audacity
LG Tool Kit
Live! Cam Avatar Creator
Malwarebytes Anti-Malware 1.65.0.1400 verzió
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft J# Redist 2003 Hotfix (KB891863)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007 Help-frissítés (KB963678)
Microsoft Office Excel MUI (Hungarian) 2007
Microsoft Office File Validation Add-In
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office IME (Japanese) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office Outlook MUI (Hungarian) 2007
Microsoft Office Powerpoint 2007 Help-frissítés (KB963669)
Microsoft Office PowerPoint MUI (Hungarian) 2007
Microsoft Office PowerPoint Viewer 2007 (Hungarian)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Bulgarian) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Croatian) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Estonian) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Gujarati) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Hindi) 2007
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proof (Kannada) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proof (Latvian) 2007
Microsoft Office Proof (Lithuanian) 2007
Microsoft Office Proof (Marathi) 2007
Microsoft Office Proof (Norwegian (Bokmal)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Punjabi) 2007
Microsoft Office Proof (Romanian) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Serbian (Latin)) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proof (Slovenian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proof (Tamil) 2007
Microsoft Office Proof (Telugu) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proof (Urdu) 2007
Microsoft Office Proofing (Hungarian) 2007
Microsoft Office Proofing Kit 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools Kit 2007
Microsoft Office ProofMUI (English) 2007
Microsoft Office Shared MUI (Hungarian) 2007
Microsoft Office Standard 2007
Microsoft Office Word 2007 Help-frissítés (KB963665)
Microsoft Office Word MUI (Hungarian) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
MindMapper 2008
Monkey Island™ Special Edition Collection
Mozilla Firefox 15.0.1 (x86 hu)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
NVIDIA PhysX
Pavtube Blu-ray Ripper Ver 3.11.2.925
Pavtube Blu-ray Ripper Ver 4.1.1.3857
Pavtube Blu-Ray Ripper version 3.6.2.2053
PowerDVD DX
QuickTime
RealPlayer
RealUpgrade 1.0
Restaurant Empire II
Roxio Burn
Roxio Update Manager
Samsung Media Studio
Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2478663)
Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skins
Skype™ 5.10
Subtitle Workshop 2.51
swMSM
TeamViewer 5
The Testament of Sherlock Holmes
Total Commander (Remove or Repair)
Tropico 3 1.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2597120) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Version 6.0 (Build 20091202)
VLC media player 1.1.1
WavePad Sound Editor
Windows Media Player Firefox Plugin
WinRAR archiver
XviD MPEG-4 Video Codec
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Hi,

thank you for your help, I think the the tools have been working good, I did not get any new alerts after I run them.

Here are the logs:

TDSSKiller:
07:49:29.0200 1256 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:49:29.0263 1256 ============================================================
07:49:29.0263 1256 Current date / time: 2012/10/13 07:49:29.0263
07:49:29.0263 1256 SystemInfo:
07:49:29.0263 1256
07:49:29.0263 1256 OS Version: 6.1.7601 ServicePack: 1.0
07:49:29.0263 1256 Product type: Workstation
07:49:29.0263 1256 ComputerName: BABI-PC
07:49:29.0263 1256 UserName: Babi
07:49:29.0263 1256 Windows directory: C:\Windows
07:49:29.0263 1256 System windows directory: C:\Windows
07:49:29.0263 1256 Running under WOW64
07:49:29.0263 1256 Processor architecture: Intel x64
07:49:29.0263 1256 Number of processors: 2
07:49:29.0263 1256 Page size: 0x1000
07:49:29.0263 1256 Boot type: Normal boot
07:49:29.0263 1256 ============================================================
07:49:30.0604 1256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:49:30.0620 1256 Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:49:30.0620 1256 ============================================================
07:49:30.0620 1256 \Device\Harddisk0\DR0:
07:49:30.0620 1256 MBR partitions:
07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
07:49:30.0620 1256 \Device\Harddisk1\DR1:
07:49:30.0620 1256 MBR partitions:
07:49:30.0620 1256 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBFE0
07:49:30.0620 1256 ============================================================
07:49:30.0651 1256 C: <-> \Device\Harddisk0\DR0\Partition2
07:49:30.0651 1256 ============================================================
07:49:30.0651 1256 Initialize success
07:49:30.0651 1256 ============================================================
07:49:36.0938 1188 ============================================================
07:49:36.0938 1188 Scan started
07:49:36.0938 1188 Mode: Manual;
07:49:36.0938 1188 ============================================================
07:49:37.0125 1188 ================ Scan system memory ========================
07:49:37.0125 1188 System memory - ok
07:49:37.0125 1188 ================ Scan services =============================
07:49:37.0312 1188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:49:37.0328 1188 1394ohci - ok
07:49:37.0390 1188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:49:37.0390 1188 ACPI - ok
07:49:37.0437 1188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:49:37.0437 1188 AcpiPmi - ok
07:49:37.0578 1188 [ 63F8A1722B88D5065650D7E49A4AC143 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:49:37.0593 1188 Adobe LM Service - ok
07:49:37.0749 1188 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:49:37.0749 1188 AdobeFlashPlayerUpdateSvc - ok
07:49:37.0796 1188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
 
RogueKiller:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Babi [Admin rights]
Mode : Scan -- Date : 10/13/2012 07:59:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> FOUND
[TASK][SUSP PATH] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
--- User ---
[MBR] 9838eb46b525a3fef9fc79946803871b
[BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Babi [Admin rights]
Mode : Scan -- Date : 10/13/2012 08:00:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][PREVRUN] {2C34A78B-F309-44EF-964D-D8C862AE715A} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> FOUND
[TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> FOUND
[TASK][PREVRUN] {76AE6A84-8C3E-452E-B5F3-8FD088AA3C58} : C:\Windows\system32\pcalua.exe -a "C:\film\Új mappa\daemon4.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
[TASK][PREVRUN] {D4AEFCFD-80CB-4EE9-909C-3CA109FE7ABC} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> FOUND
[TASK][PREVRUN] {D5DA4AB2-C199-4B1E-90F5-8349D11D653B} : C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -> FOUND
[TASK][PREVRUN] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
--- User ---
[MBR] 9838eb46b525a3fef9fc79946803871b
[BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Babi [Admin rights]
Mode : Remove -- Date : 10/13/2012 08:01:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][PREVRUN] {2C34A78B-F309-44EF-964D-D8C862AE715A} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> DELETED
[TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> DELETED
[TASK][PREVRUN] {76AE6A84-8C3E-452E-B5F3-8FD088AA3C58} : C:\Windows\system32\pcalua.exe -a "C:\film\Új mappa\daemon4.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
[TASK][PREVRUN] {D4AEFCFD-80CB-4EE9-909C-3CA109FE7ABC} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> DELETED
[TASK][PREVRUN] {D5DA4AB2-C199-4B1E-90F5-8349D11D653B} : C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -> DELETED
[TASK][PREVRUN] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
--- User ---
[MBR] 9838eb46b525a3fef9fc79946803871b
[BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-13 08:05:47
-----------------------------
08:05:47.733 OS Version: Windows x64 6.1.7601 Service Pack 1
08:05:47.733 Number of processors: 2 586 0x170A
08:05:47.733 ComputerName: BABI-PC UserName: Babi
08:05:49.527 Initialize success
08:09:26.963 AVAST engine defs: 12101202
08:09:35.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:09:35.356 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
08:09:35.371 Disk 0 MBR read successfully
08:09:35.371 Disk 0 MBR scan
08:09:35.403 Disk 0 Windows VISTA default MBR code
08:09:35.403 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:09:35.434 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
08:09:35.465 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
08:09:35.496 Disk 0 scanning C:\Windows\system32\drivers
08:10:00.082 Service scanning
08:10:43.247 Modules scanning
08:10:43.247 Disk 0 trace - called modules:
08:10:43.278 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spkq.sys hal.dll
08:10:43.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004705230]
08:10:43.278 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800455d050]
08:10:46.008 AVAST engine scan C:\Windows
08:10:51.500 AVAST engine scan C:\Windows\system32
08:17:03.825 AVAST engine scan C:\Windows\system32\drivers
08:17:23.825 AVAST engine scan C:\Users\Babi
08:27:30.775 AVAST engine scan C:\ProgramData
08:29:43.765 Scan finished successfully
08:31:23.995 Disk 0 MBR has been saved successfully to "C:\Users\Babi\Desktop\MBR.dat"
08:31:24.011 The log file has been saved successfully to "C:\Users\Babi\Desktop\aswMBR.txt"


This also created an MBR.dat file and RogueKiller created a Quarantine folder with files in it.
 
Sorry, this is the whole log (part 1):

07:49:29.0200 1256 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:49:29.0263 1256 ============================================================
07:49:29.0263 1256 Current date / time: 2012/10/13 07:49:29.0263
07:49:29.0263 1256 SystemInfo:
07:49:29.0263 1256
07:49:29.0263 1256 OS Version: 6.1.7601 ServicePack: 1.0
07:49:29.0263 1256 Product type: Workstation
07:49:29.0263 1256 ComputerName: BABI-PC
07:49:29.0263 1256 UserName: Babi
07:49:29.0263 1256 Windows directory: C:\Windows
07:49:29.0263 1256 System windows directory: C:\Windows
07:49:29.0263 1256 Running under WOW64
07:49:29.0263 1256 Processor architecture: Intel x64
07:49:29.0263 1256 Number of processors: 2
07:49:29.0263 1256 Page size: 0x1000
07:49:29.0263 1256 Boot type: Normal boot
07:49:29.0263 1256 ============================================================
07:49:30.0604 1256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:49:30.0620 1256 Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:49:30.0620 1256 ============================================================
07:49:30.0620 1256 \Device\Harddisk0\DR0:
07:49:30.0620 1256 MBR partitions:
07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
07:49:30.0620 1256 \Device\Harddisk1\DR1:
07:49:30.0620 1256 MBR partitions:
07:49:30.0620 1256 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBFE0
07:49:30.0620 1256 ============================================================
07:49:30.0651 1256 C: <-> \Device\Harddisk0\DR0\Partition2
07:49:30.0651 1256 ============================================================
07:49:30.0651 1256 Initialize success
07:49:30.0651 1256 ============================================================
07:49:36.0938 1188 ============================================================
07:49:36.0938 1188 Scan started
07:49:36.0938 1188 Mode: Manual;
07:49:36.0938 1188 ============================================================
07:49:37.0125 1188 ================ Scan system memory ========================
07:49:37.0125 1188 System memory - ok
07:49:37.0125 1188 ================ Scan services =============================
07:49:37.0312 1188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:49:37.0328 1188 1394ohci - ok
07:49:37.0390 1188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:49:37.0390 1188 ACPI - ok
07:49:37.0437 1188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:49:37.0437 1188 AcpiPmi - ok
07:49:37.0578 1188 [ 63F8A1722B88D5065650D7E49A4AC143 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:49:37.0593 1188 Adobe LM Service - ok
07:49:37.0749 1188 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:49:37.0749 1188 AdobeFlashPlayerUpdateSvc - ok
07:49:37.0796 1188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:49:37.0905 1188 adp94xx - ok
07:49:37.0952 1188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:49:37.0952 1188 adpahci - ok
07:49:37.0999 1188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:49:37.0999 1188 adpu320 - ok
07:49:38.0046 1188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:49:38.0046 1188 AeLookupSvc - ok
07:49:38.0092 1188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:49:38.0124 1188 AFD - ok
07:49:38.0170 1188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:49:38.0170 1188 agp440 - ok
07:49:38.0217 1188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:49:38.0217 1188 ALG - ok
07:49:38.0264 1188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:49:38.0264 1188 aliide - ok
07:49:38.0311 1188 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:49:38.0311 1188 AMD External Events Utility - ok
07:49:38.0358 1188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:49:38.0373 1188 amdide - ok
07:49:38.0404 1188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:49:38.0404 1188 AmdK8 - ok
07:49:38.0420 1188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:49:38.0420 1188 AmdPPM - ok
07:49:38.0482 1188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:49:38.0514 1188 amdsata - ok
07:49:38.0545 1188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:49:38.0560 1188 amdsbs - ok
07:49:38.0623 1188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:49:38.0623 1188 amdxata - ok
07:49:38.0685 1188 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
07:49:38.0685 1188 AnyDVD - ok
07:49:38.0732 1188 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:49:38.0732 1188 ApfiltrService - ok
07:49:38.0779 1188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:49:38.0794 1188 AppID - ok
07:49:38.0826 1188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:49:38.0826 1188 AppIDSvc - ok
07:49:38.0888 1188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:49:38.0888 1188 Appinfo - ok
07:49:38.0966 1188 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:49:38.0982 1188 Apple Mobile Device - ok
07:49:39.0028 1188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
07:49:39.0028 1188 arc - ok
07:49:39.0122 1188 [ F97C3AAF0699E0B85DF1A02DE8AAE333 ] archlp C:\Windows\system32\drivers\archlp.sys
07:49:39.0153 1188 archlp - ok
07:49:39.0200 1188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:49:39.0200 1188 arcsas - ok
07:49:39.0372 1188 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:49:39.0450 1188 aspnet_state - ok
07:49:39.0465 1188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:49:39.0481 1188 AsyncMac - ok
07:49:39.0543 1188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:49:39.0543 1188 atapi - ok
07:49:39.0715 1188 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:49:39.0871 1188 atikmdag - ok
07:49:39.0980 1188 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
07:49:40.0011 1188 atksgt - ok
07:49:40.0308 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:49:41.0197 1188 AudioEndpointBuilder - ok
07:49:41.0212 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:49:41.0228 1188 AudioSrv - ok
07:49:41.0306 1188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:49:41.0337 1188 AxInstSV - ok
07:49:41.0462 1188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:49:41.0509 1188 b06bdrv - ok
07:49:41.0602 1188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:49:41.0665 1188 b57nd60a - ok
07:49:41.0727 1188 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
07:49:41.0743 1188 BCM42RLY - ok
07:49:41.0914 1188 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
07:49:41.0930 1188 BCM43XX - ok
07:49:42.0008 1188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:49:42.0039 1188 BDESVC - ok
07:49:42.0133 1188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:49:42.0148 1188 Beep - ok
07:49:42.0242 1188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:49:42.0336 1188 BFE - ok
07:49:42.0367 1188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:49:42.0398 1188 blbdrive - ok
07:49:42.0523 1188 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
07:49:42.0585 1188 Bonjour Service - ok
07:49:42.0694 1188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:49:42.0726 1188 bowser - ok
07:49:42.0772 1188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:49:42.0788 1188 BrFiltLo - ok
07:49:42.0804 1188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:49:42.0835 1188 BrFiltUp - ok
07:49:42.0944 1188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:49:43.0022 1188 Browser - ok
07:49:43.0084 1188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:49:43.0162 1188 Brserid - ok
07:49:43.0240 1188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:49:43.0287 1188 BrSerWdm - ok
07:49:43.0334 1188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:49:43.0365 1188 BrUsbMdm - ok
07:49:43.0428 1188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:49:43.0443 1188 BrUsbSer - ok
07:49:43.0568 1188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:49:43.0599 1188 BthEnum - ok
07:49:43.0677 1188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:49:43.0708 1188 BTHMODEM - ok
07:49:43.0755 1188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:49:43.0786 1188 BthPan - ok
07:49:43.0989 1188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
07:49:44.0098 1188 BTHPORT - ok
07:49:44.0176 1188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:49:44.0208 1188 bthserv - ok
07:49:44.0270 1188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
07:49:44.0301 1188 BTHUSB - ok
07:49:44.0348 1188 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
07:49:44.0379 1188 btwaudio - ok
07:49:44.0488 1188 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
07:49:44.0520 1188 btwavdt - ok
07:49:44.0629 1188 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:49:44.0707 1188 btwdins - ok
07:49:44.0738 1188 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
07:49:44.0769 1188 btwl2cap - ok
07:49:44.0800 1188 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
07:49:44.0800 1188 btwrchid - ok
07:49:44.0832 1188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:49:44.0832 1188 cdfs - ok
07:49:44.0910 1188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:49:44.0910 1188 cdrom - ok
07:49:44.0956 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:49:44.0972 1188 CertPropSvc - ok
07:49:45.0003 1188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:49:45.0019 1188 circlass - ok
07:49:45.0050 1188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:49:45.0066 1188 CLFS - ok
07:49:45.0206 1188 [ FE1C81A049E5C5D67C4AB7C31C899F6F ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
07:49:45.0206 1188 CLKMSVC10_9EC60124 - ok
07:49:45.0284 1188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:49:45.0300 1188 clr_optimization_v2.0.50727_32 - ok
07:49:45.0346 1188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:49:45.0346 1188 clr_optimization_v2.0.50727_64 - ok
07:49:45.0471 1188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:49:45.0658 1188 clr_optimization_v4.0.30319_32 - ok
07:49:45.0690 1188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:49:45.0799 1188 clr_optimization_v4.0.30319_64 - ok
07:49:45.0846 1188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:49:45.0846 1188 CmBatt - ok
07:49:45.0861 1188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:49:45.0877 1188 cmdide - ok
07:49:45.0924 1188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
07:49:45.0939 1188 CNG - ok
07:49:46.0002 1188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:49:46.0002 1188 Compbatt - ok
07:49:46.0048 1188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:49:46.0064 1188 CompositeBus - ok
07:49:46.0064 1188 COMSysApp - ok
07:49:46.0095 1188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:49:46.0095 1188 crcdisk - ok
07:49:46.0158 1188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:49:46.0158 1188 CryptSvc - ok
07:49:46.0189 1188 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:49:46.0189 1188 CtClsFlt - ok
07:49:46.0251 1188 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
07:49:46.0267 1188 CVirtA - ok
07:49:46.0392 1188 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
07:49:46.0407 1188 CVPND - ok
07:49:46.0485 1188 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
07:49:46.0485 1188 CVPNDRVA - ok
07:49:46.0548 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:49:46.0563 1188 DcomLaunch - ok
07:49:46.0626 1188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:49:46.0626 1188 defragsvc - ok
07:49:46.0672 1188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:49:46.0672 1188 DfsC - ok
07:49:46.0735 1188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:49:46.0750 1188 Dhcp - ok
07:49:46.0782 1188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:49:46.0782 1188 discache - ok
07:49:46.0813 1188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:49:46.0813 1188 Disk - ok
07:49:46.0891 1188 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
07:49:46.0891 1188 DNE - ok
07:49:46.0953 1188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:49:46.0953 1188 Dnscache - ok
07:49:47.0000 1188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:49:47.0000 1188 dot3svc - ok
07:49:47.0047 1188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:49:47.0047 1188 DPS - ok
07:49:47.0078 1188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:49:47.0078 1188 drmkaud - ok
07:49:47.0140 1188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:49:47.0156 1188 DXGKrnl - ok
07:49:47.0234 1188 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
07:49:47.0234 1188 eamonm - ok
07:49:47.0265 1188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:49:47.0281 1188 EapHost - ok
07:49:47.0390 1188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:49:47.0484 1188 ebdrv - ok
07:49:47.0530 1188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:49:47.0562 1188 EFS - ok
07:49:47.0640 1188 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
07:49:47.0640 1188 ehdrv - ok
07:49:47.0733 1188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:49:47.0749 1188 ehRecvr - ok
07:49:47.0796 1188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:49:47.0796 1188 ehSched - ok
07:49:47.0952 1188 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
07:49:47.0952 1188 ekrn - ok
07:49:48.0061 1188 [ 8D18A680BDAB2ACA00506FE6F8AEF81A ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
07:49:48.0061 1188 ElbyCDFL - ok
07:49:48.0092 1188 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
07:49:48.0092 1188 ElbyCDIO - ok
07:49:48.0154 1188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:49:48.0170 1188 elxstor - ok
07:49:48.0248 1188 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
07:49:48.0264 1188 epfw - ok
07:49:48.0326 1188 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
07:49:48.0326 1188 EpfwLWF - ok
07:49:48.0388 1188 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
07:49:48.0388 1188 epfwwfp - ok
07:49:48.0420 1188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:49:48.0420 1188 ErrDev - ok
07:49:48.0482 1188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:49:48.0498 1188 EventSystem - ok
07:49:48.0544 1188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:49:48.0544 1188 exfat - ok
07:49:48.0576 1188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:49:48.0576 1188 fastfat - ok
07:49:48.0654 1188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:49:48.0669 1188 Fax - ok
07:49:48.0716 1188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:49:48.0732 1188 fdc - ok
07:49:48.0747 1188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:49:48.0763 1188 fdPHost - ok
07:49:48.0763 1188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:49:48.0763 1188 FDResPub - ok
07:49:48.0778 1188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:49:48.0794 1188 FileInfo - ok
07:49:48.0794 1188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:49:48.0794 1188 Filetrace - ok
07:49:48.0841 1188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:49:48.0841 1188 flpydisk - ok
07:49:48.0888 1188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:49:48.0888 1188 FltMgr - ok
07:49:48.0966 1188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:49:49.0028 1188 FontCache - ok
07:49:49.0106 1188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:49:49.0106 1188 FontCache3.0.0.0 - ok
07:49:49.0137 1188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:49:49.0137 1188 FsDepends - ok
07:49:49.0168 1188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:49:49.0184 1188 Fs_Rec - ok
07:49:49.0231 1188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:49:49.0231 1188 fvevol - ok
07:49:49.0262 1188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:49:49.0262 1188 gagp30kx - ok
07:49:49.0324 1188 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:49:49.0356 1188 GEARAspiWDM - ok
07:49:49.0402 1188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:49:49.0434 1188 gpsvc - ok
07:49:49.0480 1188 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca9f7d64f5f5ff C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:49:49.0496 1188 gupdate1ca9f7d64f5f5ff - ok
07:49:49.0512 1188 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:49:49.0512 1188 gupdatem - ok
07:49:49.0543 1188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:49:49.0574 1188 hcw85cir - ok
07:49:49.0605 1188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:49:49.0605 1188 HDAudBus - ok
07:49:49.0636 1188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:49:49.0636 1188 HidBatt - ok
07:49:49.0652 1188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:49:49.0668 1188 HidBth - ok
07:49:49.0683 1188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:49:49.0683 1188 HidIr - ok
07:49:49.0714 1188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:49:49.0714 1188 hidserv - ok
07:49:49.0746 1188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:49:49.0746 1188 HidUsb - ok
07:49:49.0792 1188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:49:49.0792 1188 hkmsvc - ok
07:49:49.0824 1188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:49:49.0839 1188 HomeGroupListener - ok
07:49:49.0886 1188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:49:49.0886 1188 HomeGroupProvider - ok
07:49:49.0933 1188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:49:49.0933 1188 HpSAMD - ok
07:49:50.0011 1188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:49:50.0026 1188 HTTP - ok
07:49:50.0073 1188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:49:50.0073 1188 hwpolicy - ok
07:49:50.0151 1188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:49:50.0151 1188 i8042prt - ok
07:49:50.0198 1188 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:49:50.0214 1188 IAANTMON - ok
07:49:50.0260 1188 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:49:50.0276 1188 iaStor - ok
07:49:50.0323 1188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:49:50.0338 1188 iaStorV - ok
07:49:50.0416 1188 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:49:50.0432 1188 IDriverT - ok
07:49:50.0494 1188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:49:50.0526 1188 idsvc - ok
07:49:50.0572 1188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:49:50.0572 1188 iirsp - ok
07:49:50.0635 1188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:49:50.0666 1188 IKEEXT - ok
07:49:50.0713 1188 [ ED9F842A948412A58C58EE8C46234AA8 ] INIDVD C:\Windows\system32\DRIVERS\inidvd.sys
07:49:50.0713 1188 INIDVD - ok
07:49:50.0760 1188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:49:50.0760 1188 intelide - ok
07:49:50.0775 1188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:49:50.0791 1188 intelppm - ok
07:49:50.0806 1188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:49:50.0822 1188 IPBusEnum - ok
07:49:50.0853 1188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:49:50.0853 1188 IpFilterDriver - ok
07:49:50.0931 1188 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:49:50.0947 1188 iphlpsvc - ok
07:49:51.0009 1188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:49:51.0025 1188 IPMIDRV - ok
07:49:51.0087 1188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:49:51.0087 1188 IPNAT - ok
07:49:51.0150 1188 [ F0EAC938ECC1B2764D04CE16F8627E56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:49:51.0181 1188 iPod Service - ok
07:49:51.0228 1188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:49:51.0228 1188 IRENUM - ok
07:49:51.0274 1188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:49:51.0274 1188 isapnp - ok
07:49:51.0321 1188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:49:51.0321 1188 iScsiPrt - ok
07:49:51.0368 1188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:49:51.0368 1188 kbdclass - ok
07:49:51.0399 1188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:49:51.0399 1188 kbdhid - ok
07:49:51.0415 1188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:49:51.0415 1188 KeyIso - ok
07:49:51.0462 1188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:49:51.0477 1188 KSecDD - ok
07:49:51.0524 1188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:49:51.0524 1188 KSecPkg - ok
07:49:51.0571 1188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:49:51.0586 1188 ksthunk - ok
07:49:51.0633 1188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:49:51.0649 1188 KtmRm - ok
07:49:51.0727 1188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:49:51.0727 1188 LanmanServer - ok
07:49:51.0789 1188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:49:51.0789 1188 LanmanWorkstation - ok
07:49:51.0883 1188 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
07:49:51.0883 1188 lirsgt - ok
07:49:51.0930 1188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:49:51.0945 1188 lltdio - ok
07:49:51.0976 1188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:49:51.0992 1188 lltdsvc - ok
07:49:52.0023 1188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:49:52.0054 1188 lmhosts - ok
07:49:52.0070 1188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:49:52.0086 1188 LSI_FC - ok
07:49:52.0101 1188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:49:52.0101 1188 LSI_SAS - ok
07:49:52.0117 1188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:49:52.0117 1188 LSI_SAS2 - ok
07:49:52.0148 1188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:49:52.0148 1188 LSI_SCSI - ok
07:49:52.0179 1188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:49:52.0195 1188 luafv - ok
07:49:52.0226 1188 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:49:52.0242 1188 MBAMProtector - ok
07:49:52.0320 1188 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:49:52.0335 1188 MBAMScheduler - ok
07:49:52.0382 1188 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:49:52.0398 1188 MBAMService - ok
07:49:52.0460 1188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:49:52.0460 1188 Mcx2Svc - ok
07:49:52.0491 1188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:49:52.0507 1188 megasas - ok
07:49:52.0538 1188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:49:52.0538 1188 MegaSR - ok
07:49:52.0632 1188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:49:52.0632 1188 MMCSS - ok
07:49:52.0632 1188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:49:52.0632 1188 Modem - ok
07:49:52.0678 1188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:49:52.0678 1188 monitor - ok
07:49:52.0866 1188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
07:49:52.0866 1188 mouclass - ok
07:49:52.0928 1188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:49:52.0928 1188 mouhid - ok
07:49:53.0209 1188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:49:53.0209 1188 mountmgr - ok
07:49:53.0365 1188 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:49:53.0365 1188 MozillaMaintenance - ok
 
Part 2:

07:49:53.0599 1188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:49:53.0599 1188 mpio - ok
07:49:53.0661 1188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:49:53.0661 1188 mpsdrv - ok
07:49:53.0724 1188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:49:53.0770 1188 MpsSvc - ok
07:49:53.0817 1188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:49:53.0817 1188 MRxDAV - ok
07:49:53.0864 1188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:49:53.0895 1188 mrxsmb - ok
07:49:54.0004 1188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:49:54.0004 1188 mrxsmb10 - ok
07:49:54.0145 1188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:49:54.0145 1188 mrxsmb20 - ok
07:49:54.0316 1188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:49:54.0332 1188 msahci - ok
07:49:54.0504 1188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:49:54.0722 1188 msdsm - ok
07:49:54.0769 1188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:49:54.0784 1188 MSDTC - ok
07:49:54.0878 1188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:49:54.0878 1188 Msfs - ok
07:49:54.0894 1188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:49:54.0894 1188 mshidkmdf - ok
07:49:54.0956 1188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:49:54.0956 1188 msisadrv - ok
07:49:55.0003 1188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:49:55.0018 1188 MSiSCSI - ok
07:49:55.0018 1188 msiserver - ok
07:49:55.0050 1188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:49:55.0050 1188 MSKSSRV - ok
07:49:55.0096 1188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:49:55.0096 1188 MSPCLOCK - ok
07:49:55.0112 1188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:49:55.0112 1188 MSPQM - ok
07:49:55.0190 1188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:49:55.0206 1188 MsRPC - ok
07:49:55.0237 1188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:49:55.0237 1188 mssmbios - ok
07:49:55.0268 1188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:49:55.0268 1188 MSTEE - ok
07:49:55.0284 1188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:49:55.0299 1188 MTConfig - ok
07:49:55.0330 1188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:49:55.0330 1188 Mup - ok
07:49:55.0393 1188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:49:55.0408 1188 napagent - ok
07:49:55.0440 1188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:49:55.0471 1188 NativeWifiP - ok
07:49:55.0533 1188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:49:55.0580 1188 NDIS - ok
07:49:55.0611 1188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:49:55.0611 1188 NdisCap - ok
07:49:55.0642 1188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:49:55.0642 1188 NdisTapi - ok
07:49:55.0908 1188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:49:55.0908 1188 Ndisuio - ok
07:49:55.0986 1188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:49:55.0986 1188 NdisWan - ok
07:49:56.0048 1188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:49:56.0095 1188 NDProxy - ok
07:49:56.0142 1188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:49:56.0173 1188 NetBIOS - ok
07:49:56.0235 1188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:49:56.0235 1188 NetBT - ok
07:49:56.0266 1188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:49:56.0282 1188 Netlogon - ok
07:49:56.0344 1188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:49:56.0360 1188 Netman - ok
07:49:56.0532 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:49:56.0594 1188 NetMsmqActivator - ok
07:49:56.0594 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:49:56.0594 1188 NetPipeActivator - ok
07:49:56.0641 1188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:49:56.0656 1188 netprofm - ok
07:49:56.0672 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:49:56.0672 1188 NetTcpActivator - ok
07:49:56.0672 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:49:56.0688 1188 NetTcpPortSharing - ok
07:49:56.0734 1188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:49:56.0734 1188 nfrd960 - ok
07:49:56.0797 1188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:49:56.0812 1188 NlaSvc - ok
07:49:56.0859 1188 [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
07:49:56.0859 1188 nmwcdcx64 - ok
07:49:56.0906 1188 [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
07:49:56.0906 1188 nmwcdx64 - ok
07:49:56.0922 1188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:49:56.0922 1188 Npfs - ok
07:49:56.0953 1188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:49:56.0953 1188 nsi - ok
07:49:56.0968 1188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:49:56.0968 1188 nsiproxy - ok
07:49:57.0062 1188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:49:57.0124 1188 Ntfs - ok
07:49:57.0156 1188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:49:57.0156 1188 Null - ok
07:49:57.0218 1188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:49:57.0218 1188 nvraid - ok
07:49:57.0296 1188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:49:57.0296 1188 nvstor - ok
07:49:57.0374 1188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:49:57.0374 1188 nv_agp - ok
07:49:57.0468 1188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:49:57.0483 1188 odserv - ok
07:49:57.0530 1188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:49:57.0530 1188 ohci1394 - ok
07:49:57.0577 1188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:49:57.0592 1188 ose - ok
07:49:57.0655 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:49:57.0655 1188 p2pimsvc - ok
07:49:57.0686 1188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:49:57.0702 1188 p2psvc - ok
07:49:57.0733 1188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:49:57.0748 1188 Parport - ok
07:49:57.0795 1188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:49:57.0811 1188 partmgr - ok
07:49:57.0842 1188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:49:57.0858 1188 PcaSvc - ok
07:49:57.0873 1188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:49:57.0873 1188 pci - ok
07:49:57.0920 1188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:49:57.0920 1188 pciide - ok
07:49:57.0967 1188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:49:57.0967 1188 pcmcia - ok
07:49:57.0982 1188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:49:57.0998 1188 pcw - ok
07:49:58.0029 1188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:49:58.0045 1188 PEAUTH - ok
07:49:58.0154 1188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:49:58.0154 1188 PerfHost - ok
07:49:58.0216 1188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:49:58.0263 1188 pla - ok
07:49:58.0326 1188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:49:58.0372 1188 PlugPlay - ok
07:49:58.0419 1188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:49:58.0419 1188 PNRPAutoReg - ok
07:49:58.0466 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:49:58.0466 1188 PNRPsvc - ok
07:49:58.0528 1188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:49:58.0544 1188 PolicyAgent - ok
07:49:58.0591 1188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:49:58.0591 1188 Power - ok
07:49:58.0653 1188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:49:58.0669 1188 PptpMiniport - ok
07:49:58.0700 1188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:49:58.0700 1188 Processor - ok
07:49:58.0731 1188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:49:58.0747 1188 ProfSvc - ok
07:49:58.0762 1188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:49:58.0762 1188 ProtectedStorage - ok
07:49:58.0825 1188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:49:58.0825 1188 Psched - ok
07:49:58.0872 1188 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
07:49:58.0872 1188 PxHlpa64 - ok
07:49:58.0934 1188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:49:58.0981 1188 ql2300 - ok
07:49:59.0028 1188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:49:59.0028 1188 ql40xx - ok
07:49:59.0074 1188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:49:59.0090 1188 QWAVE - ok
07:49:59.0106 1188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:49:59.0152 1188 QWAVEdrv - ok
07:49:59.0340 1188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:49:59.0355 1188 RasAcd - ok
07:49:59.0386 1188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:49:59.0418 1188 RasAgileVpn - ok
07:49:59.0527 1188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:49:59.0542 1188 RasAuto - ok
07:49:59.0683 1188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:49:59.0683 1188 Rasl2tp - ok
07:49:59.0792 1188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:49:59.0839 1188 RasMan - ok
07:49:59.0886 1188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:49:59.0886 1188 RasPppoe - ok
07:49:59.0932 1188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:49:59.0932 1188 RasSstp - ok
07:50:00.0010 1188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:50:00.0010 1188 rdbss - ok
07:50:00.0073 1188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:50:00.0073 1188 rdpbus - ok
07:50:00.0088 1188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:00.0088 1188 RDPCDD - ok
07:50:00.0182 1188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:50:00.0198 1188 RDPENCDD - ok
07:50:00.0213 1188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:50:00.0213 1188 RDPREFMP - ok
07:50:00.0276 1188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:50:00.0276 1188 RDPWD - ok
07:50:00.0400 1188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:50:00.0416 1188 rdyboost - ok
07:50:00.0463 1188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:50:00.0463 1188 RemoteAccess - ok
07:50:00.0510 1188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:50:00.0525 1188 RemoteRegistry - ok
07:50:00.0588 1188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:50:00.0603 1188 RFCOMM - ok
07:50:00.0681 1188 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
07:50:00.0744 1188 RichVideo - ok
07:50:00.0775 1188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:50:00.0790 1188 RpcEptMapper - ok
07:50:00.0822 1188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:50:00.0822 1188 RpcLocator - ok
07:50:00.0900 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:50:00.0900 1188 RpcSs - ok
07:50:00.0993 1188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:50:00.0993 1188 rspndr - ok
07:50:01.0071 1188 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:50:01.0071 1188 RSUSBSTOR - ok
07:50:01.0102 1188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:50:01.0102 1188 SamSs - ok
07:50:01.0149 1188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:50:01.0149 1188 sbp2port - ok
07:50:01.0212 1188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:50:01.0227 1188 SCardSvr - ok
07:50:01.0258 1188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:50:01.0258 1188 scfilter - ok
07:50:01.0352 1188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:50:01.0383 1188 Schedule - ok
07:50:01.0461 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:50:01.0461 1188 SCPolicySvc - ok
07:50:01.0680 1188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:50:01.0680 1188 SDRSVC - ok
07:50:01.0898 1188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:50:01.0898 1188 secdrv - ok
07:50:02.0148 1188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:50:02.0148 1188 seclogon - ok
07:50:02.0179 1188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:50:02.0194 1188 SENS - ok
07:50:02.0210 1188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:50:02.0226 1188 SensrSvc - ok
07:50:02.0319 1188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:50:02.0335 1188 Serenum - ok
07:50:02.0428 1188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:50:02.0444 1188 Serial - ok
07:50:02.0553 1188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:50:02.0553 1188 sermouse - ok
07:50:02.0678 1188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:50:02.0694 1188 SessionEnv - ok
07:50:02.0756 1188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:50:02.0756 1188 sffdisk - ok
07:50:02.0803 1188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:50:02.0803 1188 sffp_mmc - ok
07:50:02.0881 1188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:50:02.0881 1188 sffp_sd - ok
07:50:02.0974 1188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:50:02.0974 1188 sfloppy - ok
07:50:03.0084 1188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:50:03.0099 1188 SharedAccess - ok
07:50:03.0130 1188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:50:03.0146 1188 ShellHWDetection - ok
07:50:03.0255 1188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:50:03.0255 1188 SiSRaid2 - ok
07:50:03.0302 1188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:50:03.0302 1188 SiSRaid4 - ok
07:50:03.0396 1188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
07:50:03.0411 1188 SkypeUpdate - ok
07:50:03.0614 1188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:50:03.0630 1188 Smb - ok
07:50:03.0692 1188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:50:03.0708 1188 SNMPTRAP - ok
07:50:03.0770 1188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:50:03.0770 1188 spldr - ok
07:50:03.0848 1188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:50:03.0926 1188 Spooler - ok
07:50:04.0051 1188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:50:04.0222 1188 sppsvc - ok
07:50:04.0285 1188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:50:04.0316 1188 sppuinotify - ok
07:50:04.0410 1188 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
07:50:04.0410 1188 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
07:50:04.0410 1188 sptd ( LockedFile.Multi.Generic ) - warning
07:50:04.0410 1188 sptd - detected LockedFile.Multi.Generic (1)
07:50:04.0488 1188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:50:04.0519 1188 srv - ok
07:50:04.0534 1188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:50:04.0550 1188 srv2 - ok
07:50:04.0566 1188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:50:04.0566 1188 srvnet - ok
07:50:04.0612 1188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:50:04.0612 1188 SSDPSRV - ok
07:50:04.0675 1188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:50:04.0675 1188 SstpSvc - ok
07:50:04.0846 1188 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
07:50:04.0862 1188 STacSV - ok
07:50:05.0065 1188 [ 415205B445C60B09E779F78D6DF25667 ] StarPortLite C:\Windows\system32\DRIVERS\StarPortLite.sys
07:50:05.0080 1188 StarPortLite - ok
07:50:05.0143 1188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:50:05.0174 1188 stexstor - ok
07:50:05.0205 1188 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
07:50:05.0221 1188 STHDA - ok
07:50:05.0314 1188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:50:05.0346 1188 stisvc - ok
07:50:05.0408 1188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:50:05.0408 1188 swenum - ok
07:50:05.0470 1188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:50:05.0517 1188 swprv - ok
07:50:05.0626 1188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:50:05.0704 1188 SysMain - ok
07:50:05.0798 1188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:50:05.0798 1188 TabletInputService - ok
07:50:05.0876 1188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:50:05.0892 1188 TapiSrv - ok
07:50:05.0923 1188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:50:05.0923 1188 TBS - ok
07:50:06.0048 1188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:50:06.0094 1188 Tcpip - ok
07:50:06.0188 1188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:50:06.0188 1188 TCPIP6 - ok
07:50:06.0250 1188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:50:06.0250 1188 tcpipreg - ok
07:50:06.0344 1188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:50:06.0360 1188 TDPIPE - ok
07:50:06.0422 1188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:50:06.0422 1188 TDTCP - ok
07:50:06.0500 1188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:50:06.0500 1188 tdx - ok
07:50:06.0625 1188 [ D91CB8A2D5A0F60E53EB7A0B0BC2E0F0 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
07:50:06.0625 1188 TeamViewer5 - ok
07:50:06.0672 1188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:50:06.0672 1188 TermDD - ok
07:50:06.0734 1188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:50:06.0750 1188 TermService - ok
07:50:06.0812 1188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:50:06.0812 1188 Themes - ok
07:50:06.0843 1188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:50:06.0843 1188 THREADORDER - ok
07:50:06.0906 1188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:50:06.0906 1188 TrkWks - ok
07:50:06.0999 1188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:50:06.0999 1188 TrustedInstaller - ok
07:50:07.0046 1188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:07.0046 1188 tssecsrv - ok
07:50:07.0093 1188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:50:07.0093 1188 TsUsbFlt - ok
07:50:07.0155 1188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:50:07.0155 1188 tunnel - ok
07:50:07.0186 1188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:50:07.0186 1188 uagp35 - ok
07:50:07.0249 1188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:50:07.0249 1188 udfs - ok
07:50:07.0296 1188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:50:07.0296 1188 UI0Detect - ok
07:50:07.0311 1188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:50:07.0311 1188 uliagpkx - ok
07:50:07.0389 1188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
07:50:07.0405 1188 umbus - ok
07:50:07.0420 1188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:50:07.0420 1188 UmPass - ok
07:50:07.0483 1188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:50:07.0483 1188 upnphost - ok
07:50:07.0530 1188 [ F49988FBF59413B974B1380D6F743EBC ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
07:50:07.0530 1188 upperdev - ok
07:50:07.0576 1188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:07.0576 1188 usbccgp - ok
07:50:07.0623 1188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:50:07.0639 1188 usbcir - ok
07:50:07.0701 1188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:50:07.0701 1188 usbehci - ok
07:50:07.0717 1188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:50:07.0732 1188 usbhub - ok
07:50:07.0748 1188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:50:07.0748 1188 usbohci - ok
07:50:07.0779 1188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:50:07.0779 1188 usbprint - ok
07:50:07.0842 1188 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
07:50:07.0842 1188 usbser - ok
07:50:07.0904 1188 [ 0FE9E048FC762DCAC087CB9EE1680079 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
07:50:07.0920 1188 UsbserFilt - ok
07:50:07.0935 1188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:07.0935 1188 USBSTOR - ok
07:50:07.0951 1188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:50:07.0966 1188 usbuhci - ok
07:50:08.0013 1188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:50:08.0013 1188 usbvideo - ok
07:50:08.0044 1188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:50:08.0060 1188 UxSms - ok
07:50:08.0076 1188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:50:08.0076 1188 VaultSvc - ok
07:50:08.0107 1188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:50:08.0107 1188 vdrvroot - ok
07:50:08.0154 1188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:50:08.0154 1188 vds - ok
07:50:08.0200 1188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:08.0200 1188 vga - ok
07:50:08.0216 1188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:50:08.0232 1188 VgaSave - ok
07:50:08.0247 1188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:50:08.0247 1188 vhdmp - ok
07:50:08.0294 1188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:50:08.0294 1188 viaide - ok
07:50:08.0310 1188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:50:08.0325 1188 volmgr - ok
07:50:08.0356 1188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:50:08.0372 1188 volmgrx - ok
07:50:08.0419 1188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:50:08.0419 1188 volsnap - ok
07:50:08.0466 1188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:50:08.0466 1188 vsmraid - ok
07:50:08.0544 1188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:50:08.0606 1188 VSS - ok
07:50:08.0637 1188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:50:08.0637 1188 vwifibus - ok
07:50:08.0668 1188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:50:08.0668 1188 vwififlt - ok
07:50:08.0700 1188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:50:08.0731 1188 W32Time - ok
07:50:08.0762 1188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:50:08.0762 1188 WacomPen - ok
07:50:08.0824 1188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:50:08.0824 1188 WANARP - ok
07:50:08.0840 1188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:50:08.0840 1188 Wanarpv6 - ok
07:50:08.0934 1188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:50:08.0996 1188 WatAdminSvc - ok
07:50:09.0074 1188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:50:09.0136 1188 wbengine - ok
07:50:09.0168 1188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:50:09.0168 1188 WbioSrvc - ok
07:50:09.0214 1188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:50:09.0230 1188 wcncsvc - ok
07:50:09.0246 1188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:50:09.0246 1188 WcsPlugInService - ok
07:50:09.0277 1188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:50:09.0277 1188 Wd - ok
07:50:09.0308 1188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:50:09.0324 1188 Wdf01000 - ok
07:50:09.0339 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:50:09.0339 1188 WdiServiceHost - ok
07:50:09.0355 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:50:09.0355 1188 WdiSystemHost - ok
07:50:09.0386 1188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:50:09.0402 1188 WebClient - ok
07:50:09.0417 1188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:50:09.0433 1188 Wecsvc - ok
07:50:09.0448 1188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:50:09.0464 1188 wercplsupport - ok
07:50:09.0480 1188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:50:09.0480 1188 WerSvc - ok
07:50:09.0511 1188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:50:09.0511 1188 WfpLwf - ok
07:50:09.0542 1188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:50:09.0542 1188 WIMMount - ok
07:50:09.0589 1188 WinDefend - ok
07:50:09.0636 1188 [ 2A3D8684AA22C94F91D7C6454600C7AA ] Windows Trace Session Manager c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
07:50:09.0651 1188 Windows Trace Session Manager - ok
07:50:09.0651 1188 WinHttpAutoProxySvc - ok
07:50:09.0838 1188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:50:09.0870 1188 Winmgmt - ok
07:50:09.0963 1188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:50:10.0026 1188 WinRM - ok
07:50:10.0135 1188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:50:10.0135 1188 WinUsb - ok
07:50:10.0213 1188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:50:10.0228 1188 Wlansvc - ok
07:50:10.0509 1188 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:50:10.0603 1188 wlidsvc - ok
07:50:10.0650 1188 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
07:50:10.0650 1188 wltrysvc - ok
07:50:10.0696 1188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:50:10.0696 1188 WmiAcpi - ok
07:50:10.0728 1188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:50:10.0728 1188 wmiApSrv - ok
07:50:10.0759 1188 WMPNetworkSvc - ok
07:50:10.0790 1188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:50:10.0790 1188 WPCSvc - ok
07:50:10.0837 1188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:50:10.0837 1188 WPDBusEnum - ok
07:50:10.0852 1188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:50:10.0868 1188 ws2ifsl - ok
07:50:10.0930 1188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:50:10.0930 1188 wscsvc - ok
07:50:10.0930 1188 WSearch - ok
07:50:10.0977 1188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:50:10.0993 1188 WudfPf - ok
07:50:11.0055 1188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:11.0055 1188 WUDFRd - ok
07:50:11.0102 1188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:50:11.0102 1188 wudfsvc - ok
07:50:11.0133 1188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:50:11.0133 1188 WwanSvc - ok
07:50:11.0211 1188 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
07:50:11.0211 1188 yukonw7 - ok
07:50:11.0227 1188 ================ Scan global ===============================
07:50:11.0289 1188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:50:11.0336 1188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
07:50:11.0352 1188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
07:50:11.0430 1188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:50:11.0476 1188 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
07:50:11.0492 1188 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
07:50:11.0492 1188 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
07:50:11.0492 1188 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
07:50:11.0492 1188 ================ Scan MBR ==================================
07:50:11.0586 1188 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
07:50:11.0898 1188 \Device\Harddisk0\DR0 - ok
07:50:11.0913 1188 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
07:50:12.0428 1188 \Device\Harddisk1\DR1 - ok
07:50:12.0428 1188 ================ Scan VBR ==================================
07:50:12.0428 1188 [ D45D46484E2634DF64699A9705D3B27D ] \Device\Harddisk0\DR0\Partition1
07:50:12.0428 1188 \Device\Harddisk0\DR0\Partition1 - ok
07:50:12.0475 1188 [ 88ADAFEB03C90938C6F7F2E8C80E10C5 ] \Device\Harddisk0\DR0\Partition2
07:50:12.0490 1188 \Device\Harddisk0\DR0\Partition2 - ok
07:50:12.0490 1188 [ A6AB40E383448973C6ECE2DAF961A704 ] \Device\Harddisk1\DR1\Partition1
07:50:12.0490 1188 \Device\Harddisk1\DR1\Partition1 - ok
07:50:12.0490 1188 ============================================================
07:50:12.0490 1188 Scan finished
07:50:12.0490 1188 ============================================================
07:50:12.0506 1416 Detected object count: 2
07:50:12.0506 1416 Actual detected object count: 2
07:50:59.0820 1416 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:50:59.0820 1416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:50:59.0945 1416 C:\Windows\system32\services.exe - copied to quarantine
07:51:04.0320 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ - copied to quarantine
07:51:04.0370 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\00000004.@ - copied to quarantine
07:51:04.0450 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\201d3dde - copied to quarantine
07:51:04.0470 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000032.@ - copied to quarantine
07:53:17.0408 1416 Backup copy not found, trying to cure infected file..
07:53:17.0408 1416 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
07:53:17.0408 1416 C:\Windows\system32\services.exe - processing error
07:53:17.0408 1416 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
07:55:14.0564 1224 Deinitialize success
 
Good :)

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Hi Broni,

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2012
Ran by SYSTEM at 14-10-2012 19:46:43
Running from G:\
Windows 7 Home Premium (X64) OS Language: 040E
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-12] (Sun Microsystems, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload [119664 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-19] ()
HKLM-x32\...\Run: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload [63856 2011-09-19] (Microsoft Corporation)
HKLM-x32\...\Run: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [126976 2007-02-23] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe [57344 2007-01-30] ((?)????)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2010-04-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-20] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-05-28] (Adobe Systems)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 gupdate1ca9f7d64f5f5ff; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-01-27] (Google Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [244904 2009-07-02] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
2 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [172328 2010-03-18] (TeamViewer GmbH)
2 Windows Trace Session Manager; C:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe [125616 2003-09-03] (Microsoft Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
1 archlp; C:\Windows\System32\Drivers\archlp.sys [142848 2010-01-12] ()
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-04-30] ()
3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2006-12-26] (SlySoft, Inc.)
3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2006-12-26] (SlySoft, Inc.)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
3 INIDVD; C:\Windows\System32\Drivers\INIDVD.sys [18328 2010-04-09] (Initio Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-04-30] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-02] (Nokia)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-04-16] (Duplex Secure Ltd.)
1 StarPortLite; C:\Windows\System32\Drivers\StarPortLite.sys [118888 2009-04-15] (Rocket Division Software)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-13 07:46 - 2012-10-13 07:48 - 00000000 ____D C:\Users\Babi\Desktop\Virusirtas
2012-10-13 06:50 - 2012-10-13 06:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Users\Babi\AppData\Roaming\Malwarebytes
2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 23:05 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-12 11:06 - 2012-10-12 11:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-10-10 17:43 - 2012-10-10 17:43 - 00000000 ____D C:\Users\Babi\AppData\Roaming\Frogwares
2012-10-10 15:04 - 2012-08-31 19:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 15:04 - 2012-08-30 19:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 15:04 - 2012-08-30 18:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 15:04 - 2012-08-30 18:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 15:03 - 2012-09-14 20:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 15:03 - 2012-09-14 19:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 15:03 - 2012-08-24 19:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 15:03 - 2012-08-24 17:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 15:03 - 2012-08-20 19:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 15:03 - 2012-08-20 19:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 15:03 - 2012-08-20 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 15:03 - 2012-08-20 18:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 15:03 - 2012-08-20 18:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 15:03 - 2012-08-20 18:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 15:03 - 2012-08-20 18:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 16:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 15:03 - 2012-08-20 16:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 15:03 - 2012-08-20 16:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 16:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 16:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 15:03 - 2012-08-20 16:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 15:03 - 2012-08-11 01:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 15:03 - 2012-08-11 00:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 15:03 - 2012-06-02 06:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 15:03 - 2012-06-02 06:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 15:03 - 2012-06-02 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 15:03 - 2012-06-02 05:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 15:03 - 2012-06-02 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 15:02 - 2012-06-02 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-08 19:25 - 2012-10-08 19:25 - 00001434 ____A C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
2012-10-08 19:25 - 2012-10-08 19:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-10-08 19:06 - 2012-10-08 19:06 - 00000000 ____D C:\Program Files (x86)\Focus
2012-10-08 09:22 - 2012-10-08 09:22 - 00000000 ____D C:\Users\Babi\Documents\My Cheat Tables
2012-10-08 09:18 - 2012-10-08 09:18 - 00000000 ____D C:\Users\Babi\Documents\FLiNGTrainer
2012-10-04 10:18 - 2012-10-04 10:18 - 00000040 ___SH C:\Users\All Users\.zreglib
2012-09-29 00:37 - 2012-10-14 18:35 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
2012-09-29 00:37 - 2012-10-14 00:50 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Babi.job
2012-09-29 00:37 - 2012-10-13 23:50 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Babi.job
2012-09-26 13:48 - 2012-08-21 22:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-23 11:24 - 1998-01-23 11:22 - 00304128 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-09-23 10:51 - 2012-09-23 10:51 - 00000000 ____D C:\Users\All Users\Fugazo
2012-09-23 02:00 - 2012-08-24 12:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 02:00 - 2012-08-24 11:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 02:00 - 2012-08-24 11:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 02:00 - 2012-08-24 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 02:00 - 2012-08-24 11:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 02:00 - 2012-08-24 11:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 02:00 - 2012-08-24 11:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 02:00 - 2012-08-24 11:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 02:00 - 2012-08-24 11:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 02:00 - 2012-08-24 11:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 02:00 - 2012-08-24 11:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 02:00 - 2012-08-24 11:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 02:00 - 2012-08-24 11:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 02:00 - 2012-08-24 11:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 02:00 - 2012-08-24 11:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 02:00 - 2012-08-24 11:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 02:00 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 02:00 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 02:00 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 02:00 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 02:00 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 02:00 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 02:00 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 02:00 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 02:00 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 02:00 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 02:00 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 02:00 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 02:00 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 02:00 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 02:00 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 02:00 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 09:10 - 2012-09-22 09:10 - 00051030 ____A C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt


==================== 3 Months Modified Files ==================

2012-10-14 18:38 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-14 18:38 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-14 18:36 - 2010-01-27 19:32 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-14 18:35 - 2012-09-29 00:37 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
2012-10-14 18:35 - 2011-05-19 16:31 - 00000306 __ASH C:\Windows\Tasks\YIKOZADEHA.job
2012-10-14 18:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-14 18:35 - 2009-07-14 05:51 - 00144008 ____A C:\Windows\setupact.log
2012-10-14 18:14 - 2009-07-14 13:46 - 00698408 ____A C:\Windows\System32\perfh00E.dat
2012-10-14 18:14 - 2009-07-14 13:46 - 00179166 ____A C:\Windows\System32\perfc00E.dat
2012-10-14 18:14 - 2009-07-14 06:13 - 01670922 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-14 18:09 - 2009-07-14 06:10 - 01377927 ____A C:\Windows\WindowsUpdate.log
2012-10-14 00:50 - 2012-09-29 00:37 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Babi.job
2012-10-14 00:48 - 2012-04-14 07:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-14 00:06 - 2010-01-27 19:32 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-13 23:50 - 2012-09-29 00:37 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Babi.job
2012-10-13 07:02 - 2009-12-11 18:30 - 00037908 ____A C:\Windows\PFRO.log
2012-10-12 22:25 - 2009-07-14 06:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-10 22:11 - 2010-01-27 22:05 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-10 17:48 - 2012-04-14 07:19 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-10 17:48 - 2011-05-19 06:48 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-08 19:27 - 2010-01-30 12:51 - 00522421 ____A C:\Windows\DirectX.log
2012-10-08 19:25 - 2012-10-08 19:25 - 00001434 ____A C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
2012-10-04 17:21 - 2010-01-28 08:14 - 2308187136 ____A C:\Users\Babi\Documents\backup.pst
2012-10-04 10:18 - 2012-10-04 10:18 - 00000040 ___SH C:\Users\All Users\.zreglib
2012-10-01 06:23 - 2011-07-06 22:50 - 00000118 ____A C:\Windows\StarPort.INI
2012-09-30 10:24 - 2011-12-15 20:26 - 00000786 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-09-22 09:10 - 2012-09-22 09:10 - 00051030 ____A C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
2012-09-14 20:19 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 19:28 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-07 16:04 - 2012-10-12 23:05 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 19:19 - 2012-10-10 15:04 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 19:03 - 2012-10-10 15:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 18:12 - 2012-10-10 15:04 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 18:12 - 2012-10-10 15:04 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-26 13:56 - 2012-08-26 13:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2012-08-26 13:56 - 2012-08-26 13:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
2012-08-24 19:05 - 2012-10-10 15:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 17:57 - 2012-10-10 15:03 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 12:15 - 2012-09-23 02:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 11:39 - 2012-09-23 02:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 11:31 - 2012-09-23 02:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 11:22 - 2012-09-23 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 11:21 - 2012-09-23 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 11:20 - 2012-09-23 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 11:18 - 2012-09-23 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 11:17 - 2012-09-23 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 11:14 - 2012-09-23 02:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 11:14 - 2012-09-23 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 11:13 - 2012-09-23 02:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 11:12 - 2012-09-23 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 11:11 - 2012-09-23 02:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 11:10 - 2012-09-23 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 11:09 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 11:04 - 2012-09-23 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:27 - 2012-09-23 02:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:03 - 2012-09-23 02:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 07:59 - 2012-09-23 02:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 07:51 - 2012-09-23 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 07:51 - 2012-09-23 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 07:51 - 2012-09-23 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 07:49 - 2012-09-23 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 07:48 - 2012-09-23 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:47 - 2012-09-23 02:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 07:47 - 2012-09-23 02:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 07:47 - 2012-09-23 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 07:45 - 2012-09-23 02:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 07:44 - 2012-09-23 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 07:44 - 2012-09-23 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 07:43 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 07:40 - 2012-09-23 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 19:12 - 2012-09-12 19:35 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 19:12 - 2012-09-12 19:35 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 19:12 - 2012-09-12 19:35 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 19:12 - 2012-09-12 19:35 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:01 - 2012-09-26 13:48 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 19:48 - 2012-10-10 15:03 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 19:48 - 2012-10-10 15:03 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 19:46 - 2012-10-10 15:03 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 19:38 - 2012-10-10 15:03 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 18:40 - 2012-10-10 15:03 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 18:38 - 2012-10-10 15:03 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 18:37 - 2012-10-10 15:03 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 18:37 - 2012-10-10 15:03 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 18:37 - 2012-10-10 15:03 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 16:38 - 2012-10-10 15:03 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 16:38 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 16:33 - 2012-10-10 15:03 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-19 22:22 - 2009-07-14 05:45 - 02291976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 01:56 - 2012-10-10 15:03 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-11 00:56 - 2012-10-10 15:03 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 18:58 - 2012-09-12 19:35 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 17:57 - 2012-09-12 19:35 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-20 23:17 - 2011-05-14 08:18 - 00000344 ____A C:\Windows\lgfwup.ini
2012-07-18 19:15 - 2012-08-19 20:21 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ZeroAccess:
C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}
C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4092.36 MB
Available physical RAM: 3454.84 MB
Total Pagefile: 4090.5 MB
Available Pagefile: 3459.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:3.03 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.18 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

A Lemez ### µllapot M‚ret Szabad Din Gpt
--------- -------------- -------- --------- --- ---
Lemez 0 Online 298 GB 0 B
Lemez 1 šres 0 B 0 B
Lemez 2 Online 984 MB 0 B

Kil‚p‚s a DiskPart programb˘l...


Last Boot: 2012-10-08 07:32

==================== End Of Log =============================
 
Search.txt

Farbar Recovery Scan Tool (x64) Version: 12-10-2012
Ran by SYSTEM at 2012-10-14 19:49:39
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

=================================

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 

Attachments

  • fixlist.txt
    129 bytes · Views: 1
Hi Broni,

here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2012
Ran by SYSTEM at 2012-10-14 20:33:43 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024} moved successfully.

==== End of Fixlog ====


ComboFix 12-10-14.03 - Babi 012.10.14. 20:49:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.4092.2883 [GMT 2:00]
Running from: c:\users\Babi\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Személyi tűzfal *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\data.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 19:00 . 2012-10-14 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 18:46 . 2012-10-14 18:46 -------- d-----w- C:\FRST
2012-10-13 05:50 . 2012-10-13 05:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\users\Babi\AppData\Roaming\Malwarebytes
2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 22:05 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-12 10:06 . 2012-10-12 10:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-10 16:43 . 2012-10-10 16:43 -------- d-----w- c:\users\Babi\AppData\Roaming\Frogwares
2012-10-10 14:04 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 14:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 14:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 14:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 14:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 14:46 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1FF99D6-98C7-4132-8B88-CBCAA651D401}\mpengine.dll
2012-10-08 18:25 . 2012-10-08 18:25 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-08 18:06 . 2012-10-08 18:06 -------- d-----w- c:\program files (x86)\Focus
2012-09-26 12:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 10:24 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-09-23 09:51 . 2012-09-23 09:51 -------- d-----w- c:\programdata\Fugazo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 21:11 . 2010-01-27 21:05 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 16:48 . 2012-04-14 06:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 16:48 . 2011-05-19 05:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 20:28 . 2010-02-14 20:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-09 20:28 . 2010-02-05 18:26 462672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-16 19:15 . 2010-01-27 17:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-16 19:14 . 2010-01-27 17:20 462672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-08-22 18:12 . 2012-09-12 18:35 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 18:35 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 18:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 18:35 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 14:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 18:35 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 18:35 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-19 19:21 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-09-19 63856]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"SMSTray"="c:\program files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-01 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMKR12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/14 09:15;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca9f7d64f5f5ff;Google frissítési szolgáltatás (gupdate1ca9f7d64f5f5ff);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2010-04-09 18328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-16 834544]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-12 142848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 Windows Trace Session Manager;Windows Trace Session Manager;c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe [2003-09-03 125616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-05 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 16:48]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 18:20]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 18:20]
.
2012-10-13 c:\windows\Tasks\ReclaimerUpdateFiles_Babi.job
- c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
.
2012-10-13 c:\windows\Tasks\ReclaimerUpdateXML_Babi.job
- c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
.
2012-10-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
- c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-26 119664]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Kép küldése &Bluetooth-eszköznek... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Oldal küldése &Bluetooth-eszköznek... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\
FF - prefs.js: browser.startup.homepage - www.google.hu
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-AnyDVD - h:\blu-ray\Blu-Ray editors\AnyDVD\AnyDVD-uninst.exe
AddRemove-BDDecrypter_is1 - g:\blu-ray\Blu-Ray editors\BDDecrypter\unins000.exe
AddRemove-C2674998-8A64-440C-810F-576D782404B3_is1 - g:\blu-ray editors\Blu-ray Ripper\unins000.exe
AddRemove-DVDFab 8 Qt_is1 - g:\blu-ray editors\DVDFab 8 Qt\unins000.exe
AddRemove-EasyBD Lite_is1 - g:\blu-ray editors\EasyBD Lite 1.0\unins000.exe
AddRemove-Film Fatale_is1 - h:\egyéb\Film Fatale\unins000.exe
AddRemove-ImgBurn - g:\egyéb\Blu-Ray editors\ImgBurn\uninstall.exe
AddRemove-SubtitleWorkshop - g:\blu-ray\Blu-Ray editors\Subtitle Workshop\uninstall.exe
AddRemove-{C2674998-8A64-440C-810F-576D782404B3}_is1 - h:\blu-ray\Blu-ray Ripper\unins001.exe
AddRemove-{FB216244-7728-4D97-893F-84B715E0886B}_is1 - g:\blu-ray ripper\unins000.exe
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sinks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sources: Request]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sources: Software Element]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-14 21:18:14
ComboFix-quarantined-files.txt 2012-10-14 19:18
.
Pre-Run: 2 742 734 848 bájt szabad
Post-Run: 2 783 973 376 bájt szabad
.
- - End Of File - - 9FE83A5406C27A43AC96574519C65F03
 
Looks good :)

Any current issues?

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Good to hear :)

No, I hav no current issues, I did not have any alert, since I've started.

The logs:

OTL logfile created on: 2012.10.14. 22:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free
7,99 Gb Paging File | 6,25 Gb Available in Paging File | 78,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 2,69 Gb Free Space | 0,95% Space Free | Partition Type: NTFS

Computer Name: BABI-PC | User Name: Babi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.14 22:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.05.25 03:39:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2010.04.02 07:59:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.07 17:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.07.02 02:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.06.25 00:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007.02.23 17:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007.01.30 21:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
PRC - [2003.09.03 13:57:20 | 000,125,616 | ---- | M] (Microsoft Corporation) -- c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe


========== Modules (No Company Name) ==========

MOD - [2010.04.02 08:00:07 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.10 18:48:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.10 18:14:35 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.05.25 10:39:52 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2003.09.03 13:57:20 | 000,125,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe -- (Windows Trace Session Manager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.26 14:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.04.30 18:25:10 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.30 18:25:10 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012.03.14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012.03.14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.16 15:57:02 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.09 15:23:28 | 000,018,328 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\inidvd.sys -- (INIDVD)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.12 16:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.05 02:28:36 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.05 02:28:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.05 02:28:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.05 02:28:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.04.15 10:03:40 | 000,118,888 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarPortLite.sys -- (StarPortLite)
DRV:64bit: - [2009.02.05 13:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.02 11:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008.05.02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2006.12.26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2012.08.26 14:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.12.26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.hu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.02 08:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 18:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 07:51:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.07 16:45:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 18:14:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 07:51:22 | 000,000,000 | ---D | M]

[2010.05.22 19:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babi\AppData\Roaming\mozilla\Extensions
[2012.05.02 21:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babi\AppData\Roaming\mozilla\Firefox\Profiles\jwbzp6i6.default\extensions
[2012.04.26 17:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 18:14:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 09:53:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.10 18:27:50 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.06.23 08:13:59 | 000,000,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-hu.xml
[2011.03.10 18:27:50 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\polymeta.xml
[2012.06.23 08:13:59 | 000,001,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2012.06.23 08:13:59 | 000,000,974 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vatera.xml
[2012.06.23 08:13:59 | 000,001,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-hu.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012.10.14 21:00:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload File not found
O4 - HKLM..\Run: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Küldés Bluetoothra - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Küldés &Bluetooth eszköznek... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.14 22:56:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
[2012.10.14 21:20:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.14 21:18:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.14 20:47:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.14 20:47:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.14 20:47:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.14 20:46:30 | 000,000,000 | ---D | C] -- C:\FRST
[2012.10.14 20:46:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.13 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Babi\Desktop\Virusirtas
[2012.10.13 07:50:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.13 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Babi\AppData\Roaming\Malwarebytes
[2012.10.13 00:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.13 00:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.13 00:05:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.13 00:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.12 12:06:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.10 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Babi\AppData\Roaming\Frogwares
[2012.10.08 20:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.10.08 20:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012.10.08 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus
[2012.10.08 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\Babi\Documents\My Cheat Tables
[2012.10.08 10:18:45 | 000,000,000 | ---D | C] -- C:\Users\Babi\Documents\FLiNGTrainer
[2012.09.23 11:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.14 23:01:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 23:01:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 23:00:19 | 001,670,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.14 23:00:19 | 000,698,408 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.10.14 23:00:19 | 000,667,474 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.14 23:00:19 | 000,179,166 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.10.14 23:00:19 | 000,127,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.14 22:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
[2012.10.14 22:53:31 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.14 22:53:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Babi.job
[2012.10.14 22:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 22:53:04 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 21:06:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.14 21:00:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.14 20:48:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 01:50:42 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Babi.job
[2012.10.14 00:50:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Babi.job
[2012.10.08 20:25:14 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
[2012.10.04 18:21:38 | 2308,187,136 | ---- | M] () -- C:\Users\Babi\Documents\backup.pst
[2012.10.04 11:18:58 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.10.01 07:23:33 | 000,000,118 | ---- | M] () -- C:\Windows\StarPort.INI
[2012.09.30 11:24:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012.09.22 10:10:30 | 000,051,030 | ---- | M] () -- C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.14 20:47:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.14 20:47:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.14 20:47:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.14 20:47:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.14 20:47:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.08 20:25:14 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
[2012.10.04 11:18:58 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.29 01:37:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Babi.job
[2012.09.29 01:37:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Babi.job
[2012.09.29 01:37:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Babi.job
[2012.09.22 10:10:27 | 000,051,030 | ---- | C] () -- C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
[2012.04.26 22:14:14 | 000,007,605 | ---- | C] () -- C:\Users\Babi\AppData\Local\Resmon.ResmonCfg
[2011.07.30 17:54:57 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2011.07.30 17:54:56 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011.07.30 17:48:55 | 000,000,147 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.07.06 23:50:53 | 000,000,118 | ---- | C] () -- C:\Windows\StarPort.INI
[2011.06.19 20:13:57 | 000,007,892 | ---- | C] () -- C:\Users\Babi\.recently-used.xbel
[2011.06.11 21:32:20 | 000,000,000 | ---- | C] () -- C:\Users\Babi\AppData\Local\{6D337313-DD5B-4A1A-81A7-EACAF300A956}
[2011.06.11 20:12:41 | 000,000,092 | ---- | C] () -- C:\Users\Babi\AppData\Local\fusioncache.dat
[2011.06.11 19:59:46 | 001,646,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.22 22:51:41 | 000,004,608 | ---- | C] () -- C:\Users\Babi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.15 15:01:36 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.05.14 09:18:34 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.17 00:04:43 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.08.15 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\.dvdcss
[2012.10.08 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Audacity
[2011.07.30 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Avid
[2010.04.24 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\avidemux
[2011.05.19 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\BDREBUILDER
[2012.10.12 01:06:24 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\BitTorrent
[2011.04.16 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DAEMON Tools Lite
[2010.01.27 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DataCast
[2011.05.22 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DVDLogic
[2012.07.07 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ESET
[2012.10.10 18:43:33 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Frogwares
[2012.04.30 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Games
[2012.08.25 23:04:24 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\GetRight
[2011.02.03 14:11:14 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\GHISLER
[2011.05.21 12:27:57 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\gtk-2.0
[2011.05.15 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ImgBurn
[2011.10.01 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\LucasArts
[2010.08.31 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\MindMapper 2008
[2010.01.27 18:19:53 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\NCH Swift Sound
[2012.06.13 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Pavtube
[2010.12.24 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\PgcEdit
[2012.09.02 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ShinyTales
[2010.09.18 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\SupRip
[2010.03.23 19:55:05 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\TeamViewer
[2012.07.07 18:15:19 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Tropico 3

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DBC416F8

< End of report >
 
OTL Extras logfile created on: 2012.10.14. 22:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free
7,99 Gb Paging File | 6,25 Gb Available in Paging File | 78,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 2,69 Gb Free Space | 0,95% Space Free | Partition Type: NTFS

Computer Name: BABI-PC | User Name: Babi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63140E2E-FC1B-3F88-8A7C-AC04DB549823}" = Microsoft .NET Framework 4 Client Profile HUN Language Pack
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hungarian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth szoftver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2797F7C-7E62-4421-8889-15C9BCAB9E4E}" = ESET Smart Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBADEF1E-AFE3-309D-9B42-C030684502C7}" = Microsoft .NET Framework 4 Extended HUN Language Pack
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HUN Language Pack" = A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HUN Language Pack" = A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagja
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{232E984E-F02D-4DAE-80F4-97884EC52F16}" = MindMapper 2008
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1" = The Testament of Sherlock Holmes
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1A1D19-9293-499F-A58A-79478BA66A2A}_is1" = Aqualux Deluxe 1.2.0.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Föld
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75448837-6222-434C-9204-4D548095232F}_is1" = Restaurant Empire II
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2007
"{90120000-0016-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2007
"{90120000-0018-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hungarian) 2007
"{90120000-001A-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2007
"{90120000-001B-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROOFKIT_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007
"{90120000-001F-0402-0000-0000000FF1CE}_PROOFKIT_{CB0A77FC-E59E-4418-9C1E-82E486C90EA5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROOFKIT_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROOFKIT_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROOFKIT_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_PROOFKIT_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROOFKIT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROOFKIT_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROOFKIT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_PROOFKIT_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROOFKIT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROOFKIT_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_PROOFKIT_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}_STANDARD_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROOFKIT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PROOFKIT_{8B0BBAAA-BB10-41E1-B27E-24CF08CBB253}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
"{90120000-001F-0412-0000-0000000FF1CE}_PROOFKIT_{2E46C2DF-47D7-4737-BA5C-8746DE103FFC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROOFKIT_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_PROOFKIT_{F47DC432-9E71-4DC4-A488-9842D767DDDB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_PROOFKIT_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROOFKIT_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2007
"{90120000-001F-0418-0000-0000000FF1CE}_PROOFKIT_{0E2DB3D7-94EA-4B12-A9C1-D3C52BDE07D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROOFKIT_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}_PROOFKIT_{9DECF714-4963-48E2-924A-B9075485AF6B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROOFKIT_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_PROOFKIT_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_PROOFKIT_{E9E01036-7842-437F-B99E-984D738A81DA}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_PROOFKIT_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2007
"{90120000-001F-0420-0000-0000000FF1CE}_PROOFKIT_{993FF26C-43DC-467C-9ABF-AE9E9829EA20}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_PROOFKIT_{E23630A0-8B0D-4145-9CEA-9B4967CDDC0E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0424-0000-0000000FF1CE}_PROOFKIT_{8FF4ED5D-9EA1-4EC5-8F10-767E1705310C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2007
"{90120000-001F-0425-0000-0000000FF1CE}_PROOFKIT_{4D7B3A39-E637-4B9C-970D-C06AB960EB90}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2007
"{90120000-001F-0426-0000-0000000FF1CE}_PROOFKIT_{FD888746-EF69-4D85-9E6B-5BDDB45A9E37}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2007
"{90120000-001F-0427-0000-0000000FF1CE}_PROOFKIT_{C1CD6235-85A4-48EA-9B51-093ADB86C2D2}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROOFKIT_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2007
"{90120000-001F-0439-0000-0000000FF1CE}_PROOFKIT_{4EF953D3-7040-4A7E-B0B3-A33860DE65E5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2007
"{90120000-001F-0446-0000-0000000FF1CE}_PROOFKIT_{9C98BA5F-7C34-4687-8A26-F233D7E563AD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2007
"{90120000-001F-0447-0000-0000000FF1CE}_PROOFKIT_{01C5E251-73B2-4DE0-8C48-78A272DDB6E1}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2007
"{90120000-001F-0449-0000-0000000FF1CE}_PROOFKIT_{543343AF-DFAD-4281-872A-83A033DBE59C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2007
"{90120000-001F-044A-0000-0000000FF1CE}_PROOFKIT_{9718BA87-FBBF-453B-BD3B-43A13C1D7CCF}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2007
"{90120000-001F-044B-0000-0000000FF1CE}_PROOFKIT_{7DA86C45-3502-4C82-AF29-202C7B0382B5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2007
"{90120000-001F-044E-0000-0000000FF1CE}_PROOFKIT_{92CCDCF1-46B6-4042-ACC0-9269D5317E48}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROOFKIT_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PROOFKIT_{0454BB31-DAD9-400F-9E06-45B36D4BA53B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_PROOFKIT_{67BED6C1-5AE1-45CD-8060-BFFD37ED0DDD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROOFKIT_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-081A-0000-0000000FF1CE}_PROOFKIT_{82FEB6ED-595A-4873-BD85-0578E83B90BB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROOFKIT_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-040E-0000-0000000FF1CE}" = Kompatibilitási csomag a 2007-es Office rendszerhez
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROOFKIT_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROOFKIT_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PROOFKIT_{277B1BCF-97A7-40F2-87A5-3CACB0E9714B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0411-1000-0000000FF1CE}_PROOFKIT_{8A3FCBEB-9029-40E2-8799-2299CBBEF4D8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0412-0000-0000000FF1CE}_PROOFKIT_{12D06165-60AA-4402-9834-B5F37221001D}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0412-1000-0000000FF1CE}_PROOFKIT_{198C790E-501A-4968-9091-95D84DCA4FD6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PROOFKIT_{803AB362-E418-4474-84E6-8ABFAF8D3A1E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0804-1000-0000000FF1CE}_PROOFKIT_{2F660432-0FA3-458E-86AB-4880366640B8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040E-1000-0000000FF1CE}_STANDARD_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040E-0000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2007
"{90120000-0048-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2007
"{90120000-006E-040E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2007
"{90120000-006E-040E-0000-0000000FF1CE}_STANDARD_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0103-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2007
"{95120000-00AF-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Hungarian)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8A483C-BE5B-4EDC-B649-63E0A47FB779}" = Enterprise Instrumentation
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1038-7B44-A95000000001}" = Adobe Reader 9.5.1 - Hungarian
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{B6AA470F-73AE-4C11-8615-5F9DDFD406AA}" = CrystalSetup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C2674998-8A64-440C-810F-576D782404B3}_is1" = Pavtube Blu-ray Ripper Ver 4.1.1.3857
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7F2F1C7-4AFB-4025-8CE2-848CEF731B88}" = Microsoft Works
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E19B66BB-29E9-4853-9916-3C368D3B40B5}" = BDCMF Creator Ver1.2.4b
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FB216244-7728-4D97-893F-84B715E0886B}_is1" = Pavtube Blu-Ray Ripper version 3.6.2.2053
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AviSynth" = AviSynth 2.5
"BDDecrypter_is1" = Version 6.0 (Build 20091202)
"BitTorrent" = BitTorrent
"C2674998-8A64-440C-810F-576D782404B3_is1" = Pavtube Blu-ray Ripper Ver 3.11.2.925
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"Dell Webcam Central" = Dell Webcam Central
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.0.9.2 (12/05/2011) Qt
"EasyBD Lite_is1" = EasyBD Lite 1.0
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Film Fatale_is1" = Film Fatale
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV: Winds of War
"Heroes of Might and Magic® IV" = Heroes of Might and Magic® IV
"ImageMagick 6.2.2 Q8_is1" = ImageMagick 6.2.2-4 Q8 (05/14/05)
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware 1.65.0.1400 verzió
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# .NET Redistributable Package 1.1 (1033)" = Microsoft Visual J# .NET Redistributable Package 1.1
"MISEC" = Monkey Island™ Special Edition Collection
"Mozilla Firefox 15.0.1 (x86 hu)" = Mozilla Firefox 15.0.1 (x86 hu)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PROOFKIT" = Microsoft Office Proofing Tools Kit 2007
"RealPlayer 12.0" = RealPlayer
"STANDARD" = Microsoft Office Standard 2007
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"Tropico3" = Tropico 3 1.00
"VLC media player" = VLC media player 1.1.1
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR archiver
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012.10.03. 14:17:58 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: audacity.exe, verzió: 1.3.13.0, időbélyeg:
0x4d9cdea9 A hibát okozó modul neve: ntdll.dll, verzió: 6.1.7601.17725, időbélyeg:
0x4ec49b8f Kivételkód: 0xc0000005 Hiba pozíciója: 0x0002e41b A hibát okozó folyamat
azonosítója: 0x1334 A hibát okozó alkalmazás indításának időpontja: 0x01cda1936758dd36
A
hibát okozó alkalmazás elérési útja: C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\audacity.exe
A
hibát okozó modul elérési útja: C:\Windows\SysWOW64\ntdll.dll Jelentés azonosítója:
a858a2a4-0d86-11e2-96e3-0025647ff5b4

Error - 2012.10.10. 13:41:24 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000005 Hiba pozíciója: 0xf8ad6384 A hibát okozó folyamat azonosítója: 0x1718 A
hibát okozó alkalmazás indításának időpontja: 0x01cda706626f03e9 A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: b55fa50d-1301-11e2-b8ee-0025647ff5b4

Error - 2012.10.10. 14:08:45 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000005 Hiba pozíciója: 0xf81d6396 A hibát okozó folyamat azonosítója: 0x1748 A
hibát okozó alkalmazás indításának időpontja: 0x01cda70e81624b65 A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 877b740f-1305-11e2-b8ee-0025647ff5b4

Error - 2012.10.10. 15:12:57 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000096 Hiba pozíciója: 0x20b5979a A hibát okozó folyamat azonosítója: 0x9c0 A
hibát okozó alkalmazás indításának időpontja: 0x01cda717abe8e9f1 A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 7f96eb25-130e-11e2-b8ee-0025647ff5b4

Error - 2012.10.10. 15:12:57 | Computer Name = Babi-PC | Source = Application Error | ID = 1005
Description = A Windows a következő okok valamelyike miatt nem tudja elérni a(z)
fájlt: meghibásodott a hálózati kapcsolat, a fájlt tároló lemez vagy a számítógépen
telepített tárolóeszköz-illesztőprogram; vagy hiányzik a lemez. A hiba miatt a Windows
bezárta a(z) game.exe programot. Program: game.exe Fájl: A hibaérték a További adatok
című szakaszban található. FelhasználóI művelet 1. Nyissa meg újra a fájlt. Lehetséges,
hogy átmeneti probléma lépett fel, amely a program ismételt futtatásával megszűnik.
2.
Ha
a fájl továbbra sem érhető el és - a hálózaton található, akkor a hálózati rendszergazdának
ellenőriznie kell, hogy nem lépett-e fel hálózati probléma, és a kiszolgáló elérhető-e.
-
Ha cserélhető lemezen található, például hajlékonylemezen vagy CD-ROM-on, ellenőrizze,
hogy a lemez megfelelően van-e behelyezve a számítógépbe. 3. A CHKDSK futtatásával
ellenőrizze a fájlrendszert, és javítsa a hibáit. A CHKDSK program futtatásához
kattintson a Start gombra, kattintson a Futtatás parancsra, írja be a CMD parancsot,
majd kattintson az OK gombra. A parancssorba írja be a CHKDSK /F parancsot, majd
nyomja le az ENTER billentyűt. 4. Ha a probléma továbbra is fennáll, állítsa helyre
egy mentésből a fájlrendszert. 5. Vizsgálja meg, hogy ugyanazon a lemezen lévő más
fájlokat meg lehet-e nyitni. Ha nem, akkor valószínűleg megsérült a lemez. Ha merevlemezről
van szó, további segítségért forduljon a rendszergazdához vagy a számítógép forgalmazójához.

További
adatok Hibaérték: 00000000 Lemeztípus: 0

Error - 2012.10.10. 17:03:15 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000096 Hiba pozíciója: 0x1875abf4 A hibát okozó folyamat azonosítója: 0xc80 A
hibát okozó alkalmazás indításának időpontja: 0x01cda7292f6e7162 A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: e8178565-131d-11e2-b8ee-0025647ff5b4

Error - 2012.10.10. 17:03:15 | Computer Name = Babi-PC | Source = Application Error | ID = 1005
Description = A Windows a következő okok valamelyike miatt nem tudja elérni a(z)
fájlt: meghibásodott a hálózati kapcsolat, a fájlt tároló lemez vagy a számítógépen
telepített tárolóeszköz-illesztőprogram; vagy hiányzik a lemez. A hiba miatt a Windows
bezárta a(z) game.exe programot. Program: game.exe Fájl: A hibaérték a További adatok
című szakaszban található. FelhasználóI művelet 1. Nyissa meg újra a fájlt. Lehetséges,
hogy átmeneti probléma lépett fel, amely a program ismételt futtatásával megszűnik.
2.
Ha
a fájl továbbra sem érhető el és - a hálózaton található, akkor a hálózati rendszergazdának
ellenőriznie kell, hogy nem lépett-e fel hálózati probléma, és a kiszolgáló elérhető-e.
-
Ha cserélhető lemezen található, például hajlékonylemezen vagy CD-ROM-on, ellenőrizze,
hogy a lemez megfelelően van-e behelyezve a számítógépbe. 3. A CHKDSK futtatásával
ellenőrizze a fájlrendszert, és javítsa a hibáit. A CHKDSK program futtatásához
kattintson a Start gombra, kattintson a Futtatás parancsra, írja be a CMD parancsot,
majd kattintson az OK gombra. A parancssorba írja be a CHKDSK /F parancsot, majd
nyomja le az ENTER billentyűt. 4. Ha a probléma továbbra is fennáll, állítsa helyre
egy mentésből a fájlrendszert. 5. Vizsgálja meg, hogy ugyanazon a lemezen lévő más
fájlokat meg lehet-e nyitni. Ha nem, akkor valószínűleg megsérült a lemez. Ha merevlemezről
van szó, további segítségért forduljon a rendszergazdához vagy a számítógép forgalmazójához.

További
adatok Hibaérték: 00000000 Lemeztípus: 0

Error - 2012.10.10. 17:20:01 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000005 Hiba pozíciója: 0x44559d05 A hibát okozó folyamat azonosítója: 0xf24 A
hibát okozó alkalmazás indításának időpontja: 0x01cda72cd726a12d A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 3fa29336-1320-11e2-a49c-0025647ff5b4

Error - 2012.10.11. 16:39:58 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000005 Hiba pozíciója: 0x1a556dff A hibát okozó folyamat azonosítója: 0xbe0 A
hibát okozó alkalmazás indításának időpontja: 0x01cda7f069c3cdd6 A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: d1f572f1-13e3-11e2-99fa-904ce5f3d92a

Error - 2012.10.11. 16:40:44 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
Kivételkód:
0xc0000005 Hiba pozíciója: 0x991e0808 A hibát okozó folyamat azonosítója: 0xa74 A
hibát okozó alkalmazás indításának időpontja: 0x01cda7f0969d38df A hibát okozó alkalmazás
elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: ed4e61d8-13e3-11e2-99fa-904ce5f3d92a

[ Media Center Events ]
Error - 2012.10.13. 16:51:11 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 22:51:11 - Hiba történt az internethez való kapcsolódás közben. 22:51:11
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 16:51:21 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 22:51:16 - Hiba történt az internethez való kapcsolódás közben. 22:51:16
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 17:51:26 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 23:51:26 - Hiba történt az internethez való kapcsolódás közben. 23:51:26
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 17:51:32 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 23:51:31 - Hiba történt az internethez való kapcsolódás közben. 23:51:31
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 18:51:37 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 0:51:37 - Hiba történt az internethez való kapcsolódás közben. 0:51:37
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 18:51:43 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 0:51:42 - Hiba történt az internethez való kapcsolódás közben. 0:51:42
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 19:51:48 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 1:51:48 - Hiba történt az internethez való kapcsolódás közben. 1:51:48
- A kiszolgáló nem érhető el..

Error - 2012.10.13. 19:51:55 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 1:51:53 - Hiba történt az internethez való kapcsolódás közben. 1:51:53
- A kiszolgáló nem érhető el..

Error - 2012.10.14. 14:51:12 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 20:51:12 - Hiba történt az internethez való kapcsolódás közben. 20:51:12
- A kiszolgáló nem érhető el..

Error - 2012.10.14. 14:52:27 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
Description = 20:51:17 - Hiba történt az internethez való kapcsolódás közben. 20:51:17
- A kiszolgáló nem érhető el..

[ OSession Events ]
Error - 2010.04.01. 14:31:27 | Computer Name = Babi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2256
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012.10.14. 13:18:41 | Computer Name = Babi-PC | Source = Disk | ID = 262155
Description = Az illesztőprogram vezérlési hibát talált a következőn: \Device\Harddisk1\DR1.

Error - 2012.10.14. 13:31:29 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7009
Description = Letelt egy időkorlát (30000 ms) a(z) Windows Trace Session Manager
szolgáltatás kapcsolódására való várakozás közben.

Error - 2012.10.14. 13:31:29 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Windows Trace Session Manager) a következő hiba következtében
leállt: %%1053

Error - 2012.10.14. 13:38:35 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

Error - 2012.10.14. 13:57:55 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

Error - 2012.10.14. 14:36:53 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

Error - 2012.10.14. 14:44:34 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

Error - 2012.10.14. 14:53:15 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7030
Description = A(z) PEVSystemStart szolgáltatás interaktív szolgáltatásként van megjelölve.
A rendszer azonban úgy van beállítva, hogy az interaktív szolgáltatások nem futhatnak.
Ez a szolgáltatás valószínűleg nem működik megfelelően.

Error - 2012.10.14. 14:56:44 | Computer Name = Babi-PC | Source = Application Popup | ID = 1060
Description = A(z) \??\C:\ComboFix\catchme.sys betöltését a rendszer blokkolta,
mert nem kompatibilis a rendszerrel. Lépjen kapcsolatba a szoftver szállítójával
az illesztőprogram kompatibilis verziójának beszerzéséért.

Error - 2012.10.14. 15:01:01 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7030
Description = A(z) PEVSystemStart szolgáltatás interaktív szolgáltatásként van megjelölve.
A rendszer azonban úgy van beállítva, hogy az interaktív szolgáltatások nem futhatnak.
Ez a szolgáltatás valószínűleg nem működik megfelelően.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O8:64bit: - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    [2012.10.14 20:46:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DBC416F8
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Hi Broni,

I've done the checks, here are the logs:

OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportálás a Microsoft Excel programba\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportálás a Microsoft Excel programba\ not found.
C:\FRST\Quarantine\{d1cda5b9-aedb-b369-805d-808993f06024}\U folder moved successfully.
C:\FRST\Quarantine\{d1cda5b9-aedb-b369-805d-808993f06024} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\Temp:DBC416F8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Babi
->Temp folder emptied: 2468 bytes
->Temporary Internet Files folder emptied: 1569073891 bytes
->Java cache emptied: 28029715 bytes
->FireFox cache emptied: 441411729 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 3309 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26024426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50517 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 976,00 mb


[EMPTYJAVA]

User: All Users

User: Babi
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Babi
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10152012_001225

Files\Folders moved on Reboot...
C:\Users\Babi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware 1.65.0.1400 verzió
Java(TM) 6 Update 17
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
FSS:

Farbar Service Scanner Version: 07-10-2012
Ran by Babi (administrator) on 15-10-2012 at 00:21:31
Running from "C:\Users\Babi\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 16:03] - [2012-06-02 07:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



AdwCleaner:

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 00:23:01
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Babi - BABI-PC
# Boot Mode : Normal
# Running from : C:\Users\Babi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (hu)

Profile name : default
File : C:\Users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Babi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1358 octets] - [15/10/2012 00:23:01]

########## EOF - C:\AdwCleaner[S1].txt - [1418 octets] ##########


TFC run without any problems.


F-Secure Online Scanner:

[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Monday, October 15, 2012 07:57:44 - 08:01:50[/FONT]

Computer name: BABI-PC
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]

[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 6356
  • System: 6356
  • Not scanned: 0
Actions:
  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=Arial]Options[/FONT]

Scanning engines:
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
Hi Broni,

thank you very much for your help and the good hints, how to avoid it from happening again.

I've done the fix and the cleanup (the log was unfortunatelly deleted by the cleanup), and everything was all right.

Thanks again,
vlac112
 
Back