лаптопа много бавно зарежда вси4ко и се стартира много бавно ето ги логовете DDS (Ver_2011-09-30.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by monkata at 15:46:32 on 2012-02-22 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.3959.2730 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe C:\Windows\SysWOW64\rpcnet.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files (x86)\Winstep\Nexus.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Winstep\WsxService.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\system32\sppsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart uRun: [Google Update] "C:\Users\monkata\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{51B135D8-97FA-4D72-B84D-2951270FA8D4} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{51B135D8-97FA-4D72-B84D-2951270FA8D4}\55355425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\monkata\AppData\Roaming\Mozilla\Firefox\Profiles\e39felqk.default\ FF - component: C:\Users\monkata\AppData\Roaming\Mozilla\Firefox\Profiles\e39felqk.default\extensions\{daf5b34c-1aa3-4c33-ae24-766a370635d2}\components\dtTransparency.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Users\monkata\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 202752] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-7 2343816] R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-2-7 1867480] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-2-11 172328] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-9 3027840] R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-1-22 6233088] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-1-22 161280] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] R3 NisSrv;Проверка на мрежата на Microsoft;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216] S3 k57nd;Broadcom NetLink Gigabit Ethernet;C:\Windows\System32\drivers\k57amd64.sys [2010-3-20 334376] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-2-10 20992] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-2-19 31800] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-10 59392] S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-28 1255736] . =============== Created Last 30 ================ . 2012-02-21 06:25:20 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2149A38-1C1E-439F-A184-B47728940FF3}\mpengine.dll 2012-02-20 16:00:41 -------- d-----w- C:\Program Files\CCleaner 2012-02-20 14:58:16 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-02-20 14:10:10 -------- d-----w- C:\Users\monkata\AppData\Local\K-Meleon 2012-02-19 14:56:52 -------- d-----w- C:\Users\monkata\AppData\Local\VS Revo Group 2012-02-19 14:56:45 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-02-19 14:56:41 -------- d-----w- C:\Program Files\VS Revo Group 2012-02-19 14:32:52 -------- d-----w- C:\Users\monkata\AppData\Roaming\IrfanView 2012-02-19 14:32:50 -------- d-----w- C:\Program Files (x86)\IrfanView 2012-02-19 14:28:59 -------- d-----w- C:\Windows\Profiles 2012-02-19 13:30:21 -------- d-----w- C:\Program Files (x86)\SpeedFan 2012-02-15 06:24:54 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-15 06:24:53 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-15 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-15 06:24:52 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-15 06:24:50 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-15 06:24:48 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-15 06:24:44 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-15 06:24:44 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-12 13:57:49 -------- d-----w- C:\Windows\System32\SPReview 2012-02-12 13:56:40 -------- d-----w- C:\Windows\System32\EventProviders 2012-02-11 13:56:51 -------- d-----w- C:\Users\monkata\AppData\Roaming\SPlayer 2012-02-11 13:56:37 -------- d-----w- C:\Program Files (x86)\SPlayer 2012-02-11 13:44:31 -------- d-----w- C:\Users\monkata\AppData\Roaming\AIMP3 2012-02-11 13:44:20 -------- d-----w- C:\Program Files (x86)\AIMP3 2012-02-11 13:17:29 -------- d-----w- C:\Users\monkata\AppData\Local\TechSmith 2012-02-11 13:16:24 -------- d-----w- C:\Windows\SysWow64\QuickTime 2012-02-11 13:15:41 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2012-02-11 13:08:03 -------- d-----w- C:\Fraps 2012-02-10 14:41:31 -------- d-----w- C:\Users\monkata\AppData\Roaming\Google Chrome Backup 2012-02-10 14:39:34 -------- d-----w- C:\Users\monkata\AppData\Local\Google 2012-02-10 07:13:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll 2012-02-10 07:12:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl 2012-02-10 07:10:47 6656 ----a-w- C:\Windows\System32\drivers\vms3cap.sys 2012-02-10 07:09:59 92672 ----a-w- C:\Windows\System32\TabSvc.dll 2012-02-10 07:08:58 8192 ----a-w- C:\Windows\System32\kbdlk41a.dll 2012-02-10 07:07:59 958464 ----a-w- C:\Windows\System32\actxprxy.dll 2012-02-10 06:52:28 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-10 06:52:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14B3420-E326-4B55-8312-7B8457AE6877}\gapaengine.dll 2012-02-10 06:52:25 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-09 14:35:11 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-02-09 13:23:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-02-08 13:50:31 -------- d-----w- C:\Users\monkata\AppData\Roaming\Malwarebytes 2012-02-08 13:50:23 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-08 13:50:18 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-08 13:50:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-08 13:31:51 -------- d-----w- C:\Users\monkata\AppData\Local\ElevatedDiagnostics 2012-02-08 13:20:00 -------- d-----w- C:\Users\monkata\AppData\Roaming\TeamViewer 2012-02-08 12:44:57 2315776 ----a-w- C:\Windows\System32\tquery.dll 2012-02-08 12:43:56 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2012-02-08 12:43:56 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2012-02-08 12:43:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2012-02-08 12:43:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2012-02-08 12:43:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2012-02-08 12:43:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2012-02-08 12:43:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2012-02-08 12:38:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2012-02-08 12:38:14 31232 ----a-w- C:\Windows\System32\prevhost.exe 2012-02-08 06:26:59 -------- d-----w- C:\Program Files (x86)\Core Temp 2012-02-07 15:04:43 -------- d-----w- C:\Program Files (x86)\PANDORA.TV 2012-02-07 15:03:46 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2012-02-07 15:03:46 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2012-02-07 15:03:46 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm 2012-02-07 15:03:45 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2012-02-07 15:03:45 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2012-02-07 15:03:41 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2012-02-07 15:03:35 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2012-02-07 15:02:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-02-07 14:39:07 -------- d-----w- C:\Users\monkata\AppData\Local\LogMeIn Hamachi 2012-02-07 14:06:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-06 19:02:14 -------- d-----w- C:\Users\monkata\AppData\Roaming\URSoft 2012-02-06 19:02:01 -------- d-----w- C:\Users\monkata\AppData\Roaming\Babylon 2012-02-06 19:02:01 -------- d-----w- C:\Users\monkata\AppData\Local\Babylon 2012-02-06 19:02:01 -------- d-----w- C:\ProgramData\Babylon 2012-02-06 13:21:52 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2012-02-06 13:20:59 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax 2012-02-06 13:19:00 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2012-02-06 13:19:00 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-02-06 13:19:00 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-02-06 13:19:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-02-06 13:19:00 214528 ----a-w- C:\Windows\System32\winsrv.dll 2012-02-06 13:17:52 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-02-06 13:17:51 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-02-06 13:15:20 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-02-06 13:15:18 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-06 13:15:15 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-02-06 13:12:18 77312 ----a-w- C:\Windows\System32\packager.dll 2012-02-06 13:12:18 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-02-06 13:11:30 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1AE8295-F748-4898-9003-111C7052E7FB}\mpengine.dll 2012-02-06 13:07:36 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2012-02-06 13:00:20 -------- d-----w- C:\Program Files (x86)\Yu-Gi-Oh! Power Chaos common 2012-02-06 07:28:08 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-02-06 07:21:24 -------- d-----w- C:\Program Files (x86)\Acer 2012-02-06 07:19:29 -------- d-----w- C:\Program Files (x86)\Cisco 2012-02-06 07:18:32 95472 ----a-w- C:\Windows\System32\bcmwlcoi.dll 2012-02-06 07:18:32 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll 2012-02-06 07:18:31 3888128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll 2012-02-06 07:18:31 3552768 ----a-w- C:\Windows\System32\bcmihvui64.dll 2012-02-06 07:18:31 2978296 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS 2012-02-06 07:18:31 -------- d-----w- C:\Program Files\Broadcom 2012-02-06 07:16:56 1580584 ----a-w- C:\Windows\System32\athrx.sys 2012-02-06 07:16:56 -------- d-----w- C:\Program Files (x86)\Atheros 2012-02-06 07:16:31 -------- d-----w- C:\ProgramData\Atheros . ==================== Find3M ==================== . 2012-02-22 13:40:26 17920 ----a-w- C:\Windows\System32\rpcnetp.exe 2012-02-22 13:40:20 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll 2012-02-16 06:30:42 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe 2012-02-16 06:30:32 58288 ------w- C:\Windows\SysWow64\rpcnet.exe 2012-02-16 06:27:42 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll 2012-02-16 06:26:44 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe 2012-02-12 14:12:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-02-12 14:12:55 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-01-29 03:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 15:48:07,80 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 25.2.2011 г. 06:55:33 System Uptime: 22.2.2012 г. 15:39:34 (0 hours ago) . Motherboard: Acer | | TravelMate 5740G Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 929/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 46,017 GiB free. D: is FIXED (NTFS) - 391 GiB total, 68,46 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Broadcom NetLink Gigabit Ethernet Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_036D1025&REV_01\4&12119FE&0&00E0 Manufacturer: Broadcom Name: Broadcom NetLink Gigabit Ethernet PNP Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_036D1025&REV_01\4&12119FE&0&00E0 Service: k57nd . ==== System Restore Points =================== . RP63: 15.2.2012 г. 09:18:25 - Windows Update RP64: 18.2.2012 г. 15:59:00 - Windows Update RP66: 20.2.2012 г. 16:59:15 - Revo Uninstaller Pro's restore point - K-Meleon 1.5.4 en-US (remove only) . ==== Installed Programs ====================== . (Street-Boy) All Cards Unlocker µTorrent Acer Wireless Network Adapter Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin 64-bit Adobe Shockwave Player AIMP3 Ask Toolbar Atheros Client Installation Program ATI Catalyst Install Manager ATI Stream SDK v2 Developer Broadcom 802.11 Network Adapter Camtasia Studio 7 Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help English CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Fraps (remove only) Google Chrome IrfanView (remove only) Java Auto Updater Java 6 Update 30 K-Lite Mega Codec Pack 8.3.0 LogMeIn Hamachi Malwarebytes Anti-Malware, версия 1.60.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Antimalware Service BG-BG Language Pack Microsoft Security Client Microsoft Security Client BG-BG Language Pack Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 MozBackup 1.4.10 Mozilla Firefox 10.0.2 (x86 bg) Nexus 11.10 Pandora Service Revo Uninstaller Pro 2.5.7 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Skype Click to Call Skype™ 5.8 SpeedFan (remove only) SPlayer TeamViewer 5 TeamViewer 7 The KMPlayer (remove only) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) VLC media player 2.0.0 WinRAR 4.11 (64-bit) WMV9/VC-1 Video Playback . ==== Event Viewer Messages From Past Week ======== . 22.2.2012 г. 15:41:00, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 22.2.2012 г. 08:09:22, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 21.2.2012 г. 16:05:30, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 21.2.2012 г. 08:15:13, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 21.2.2012 г. 08:15:02, Error: Service Control Manager [7031] - Услуга Windows Search беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Рестартиране на услугата. 21.2.2012 г. 08:14:59, Error: Service Control Manager [7024] - Услуга Windows Search прекъсна със следната специфична за услугите грешка %%-1073473535. 20.2.2012 г. 16:02:26, Error: Microsoft-Windows-WMPNSS-Service [14332] - Услугата "WMPNetworkSvc" не е стартирана правилно, понеже CoCreateInstance(CLSID_UPnPDeviceFinder) откри грешка "0x80004005". Уверете се, че се изпълнява услугата UPnPHost и че компонентът UPnPHost на Windows е инсталиран правилно. 20.2.2012 г. 16:02:21, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 20.2.2012 г. 08:17:54, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 20.2.2012 г. 08:17:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 20.2.2012 г. 08:17:03, Error: Service Control Manager [7009] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Search да се свърже. 20.2.2012 г. 08:17:03, Error: Service Control Manager [7000] - Услуга Windows Search не може да бъде стартирана поради следната грешка: Услугата не отговори навреме на искане за стартиране или управление. 19.2.2012 г. 15:29:00, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 19.2.2012 г. 08:22:54, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 19.2.2012 г. 08:22:20, Error: Service Control Manager [7009] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Search да се свърже. 19.2.2012 г. 08:22:20, Error: Service Control Manager [7000] - Услуга Windows Search не може да бъде стартирана поради следната грешка: Услугата не отговори навреме на искане за стартиране или управление. 19.2.2012 г. 08:22:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 18.2.2012 г. 15:49:40, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 18.2.2012 г. 08:18:55, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 18.2.2012 г. 08:18:54, Error: Microsoft-Windows-WMPNSS-Service [14332] - Услугата "WMPNetworkSvc" не е стартирана правилно, понеже CoCreateInstance(CLSID_UPnPDeviceFinder) откри грешка "0x80004005". Уверете се, че се изпълнява услугата UPnPHost и че компонентът UPnPHost на Windows е инсталиран правилно. 18.2.2012 г. 08:18:28, Error: Service Control Manager [7000] - Услуга Windows Search не може да бъде стартирана поради следната грешка: Услугата не отговори навреме на искане за стартиране или управление. 18.2.2012 г. 08:18:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 18.2.2012 г. 08:18:27, Error: Service Control Manager [7009] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Search да се свърже. 17.2.2012 г. 14:20:03, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 17.2.2012 г. 12:55:45, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 16.2.2012 г. 15:48:22, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. 16.2.2012 г. 08:28:07, Error: Microsoft Antimalware [3002] - Функцията за защита в реално време на Microsoft Antimalware откри грешка и е неуспешна. Функция: Следене на поведението Код на грешката: 0x80004005 Описание на грешката: Неопределена грешка Причина: Системата на драйвера на филтъра трябва да е актуална, за да работи драйверът. Необходимо е да инсталирате най-новите актуализации на дефиниции, за да разрешите защитата в реално време. . ==== End Of File ===========================

С какъв лаптоп си и какви драйвъри?

ACER 5740G

Здравейте,

Не пръв поглед не се виждат зловредни неща, но да направим една по-дълбока проверка.

Ако няма зловреден код, ще ви насоча към раздела на Windows.

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. Ако получите предупреждение от UAC, съгласете се.

5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

По време на сканирането не използвайте компютъра си !

Аз ще пиша утре, защото заминавам на рожден ден.

Поздрави !

мога ли да сканирам утре сега не е при мен?

Разбира се !

ComboFix 12-02-22.01 - monkata 02.2012 г. 8:31.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.3959.2825 [GMT 2:00] Running from: c:\users\monkata\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ESET\MiNODLogin c:\program files (x86)\ESET\MiNODLogin\Images\ESET orange.ico c:\program files (x86)\ESET\MiNODLogin\Images\MiNODLogin.bmp c:\program files (x86)\ESET\MiNODLogin\Images\MiNODLogin.ico c:\program files (x86)\ESET\MiNODLogin\Images\ReadMe.ico c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.jar c:\program files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll c:\program files (x86)\ESET\MiNODLogin\ReadMe.txt c:\program files (x86)\ESET\MiNODLogin\servidores.xml . . ((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 ))))))))))))))))))))))))))))))) . . 2012-02-23 06:42 . 2012-02-23 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-22 13:51 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0E9E6B1-2182-4509-812D-73FEA2816C44}\mpengine.dll 2012-02-20 16:00 . 2012-02-20 16:00 -------- d-----w- c:\program files\CCleaner 2012-02-20 14:59 . 2012-02-20 15:29 -------- d-----w- c:\users\monkata\AppData\Roaming\vlc 2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-20 14:10 . 2012-02-20 15:00 -------- d-----w- c:\users\monkata\AppData\Local\K-Meleon 2012-02-19 14:56 . 2012-02-19 14:56 -------- d-----w- c:\users\monkata\AppData\Local\VS Revo Group 2012-02-19 14:56 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-02-19 14:56 . 2012-02-19 14:56 -------- d-----w- c:\program files\VS Revo Group 2012-02-19 14:32 . 2012-02-19 14:32 -------- d-----w- c:\users\monkata\AppData\Roaming\IrfanView 2012-02-19 14:32 . 2012-02-19 14:32 -------- d-----w- c:\program files (x86)\IrfanView 2012-02-19 14:28 . 2012-02-19 14:28 -------- d-----w- c:\windows\Profiles 2012-02-19 13:30 . 2012-02-21 06:15 -------- d-----w- c:\program files (x86)\SpeedFan 2012-02-15 06:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 06:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 06:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 06:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 06:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 06:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 06:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 06:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-12 13:57 . 2012-02-12 13:57 -------- d-----w- c:\windows\system32\SPReview 2012-02-12 13:56 . 2012-02-12 13:56 -------- d-----w- c:\windows\system32\EventProviders 2012-02-11 13:56 . 2012-02-21 16:02 -------- d-----w- c:\users\monkata\AppData\Roaming\SPlayer 2012-02-11 13:56 . 2012-02-21 16:02 -------- d-----w- c:\program files (x86)\SPlayer 2012-02-11 13:44 . 2012-02-20 16:12 -------- d-----w- c:\users\monkata\AppData\Roaming\AIMP3 2012-02-11 13:44 . 2012-02-20 15:51 -------- d-----w- c:\program files (x86)\AIMP3 2012-02-11 13:17 . 2012-02-11 13:17 -------- d-----w- c:\users\monkata\AppData\Local\TechSmith 2012-02-11 13:16 . 2012-02-11 13:16 -------- d-----w- c:\windows\SysWow64\QuickTime 2012-02-11 13:16 . 2012-02-11 13:16 -------- d-----w- c:\program files (x86)\QuickTime 2012-02-11 13:15 . 2012-02-11 13:15 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-02-11 13:15 . 2012-02-11 13:16 -------- d-----w- c:\programdata\TechSmith 2012-02-11 13:15 . 2012-02-11 13:15 -------- d-----w- c:\program files (x86)\TechSmith 2012-02-11 13:08 . 2012-02-11 13:08 -------- d-----w- C:\Fraps 2012-02-10 14:41 . 2012-02-10 14:42 -------- d-----w- c:\users\monkata\AppData\Roaming\Google Chrome Backup 2012-02-10 14:39 . 2012-02-10 14:40 -------- d-----w- c:\users\monkata\AppData\Local\Google 2012-02-10 07:13 . 2010-11-20 12:21 2146304 ----a-w- c:\windows\SysWow64\SyncCenter.dll 2012-02-10 07:12 . 2010-11-20 12:21 2202624 ----a-w- c:\windows\SysWow64\SensorsCpl.dll 2012-02-10 07:10 . 2010-11-20 13:34 46464 ----a-w- c:\windows\system32\drivers\vmstorfl.sys 2012-02-10 07:09 . 2010-11-20 13:27 92672 ----a-w- c:\windows\system32\TabSvc.dll 2012-02-10 07:08 . 2010-11-20 13:02 8192 ----a-w- c:\windows\system32\kbdlk41a.dll 2012-02-10 07:07 . 2010-11-20 13:27 36352 ----a-w- c:\windows\system32\wdiasqmmodule.dll 2012-02-10 06:52 . 2012-02-07 15:06 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-10 06:52 . 2012-02-10 06:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B3420-E326-4B55-8312-7B8457AE6877}\gapaengine.dll 2012-02-10 06:52 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-09 14:49 . 2012-02-09 14:49 -------- d-----w- c:\windows\system32\Macromed 2012-02-09 14:35 . 2012-02-11 15:38 -------- d-----w- c:\program files (x86)\TeamViewer 2012-02-09 13:23 . 2012-02-09 13:23 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-02-08 13:50 . 2012-02-08 13:50 -------- d-----w- c:\users\monkata\AppData\Roaming\Malwarebytes 2012-02-08 13:50 . 2012-02-08 13:50 -------- d-----w- c:\programdata\Malwarebytes 2012-02-08 13:50 . 2012-02-09 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-08 13:50 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-08 13:31 . 2012-02-13 13:32 -------- d-----w- c:\users\monkata\AppData\Local\ElevatedDiagnostics 2012-02-08 13:20 . 2012-02-11 15:39 -------- d-----w- c:\users\monkata\AppData\Roaming\TeamViewer 2012-02-08 12:44 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-02-08 12:43 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-02-08 12:43 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-02-08 12:43 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-02-08 12:43 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-02-08 12:43 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-02-08 12:43 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-02-08 12:43 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-02-08 12:38 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-02-08 12:38 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-02-08 06:37 . 2012-02-08 22:28 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2012-02-08 06:37 . 2012-02-08 06:37 -------- d-----w- c:\program files (x86)\Acronis 2012-02-08 06:26 . 2012-02-08 22:28 -------- d-----w- c:\program files (x86)\Core Temp 2012-02-07 15:05 . 2012-02-20 16:12 -------- d-----w- c:\users\monkata\AppData\Roaming\Media Player Classic 2012-02-07 15:04 . 2012-02-07 15:04 -------- d-----w- c:\program files (x86)\PANDORA.TV 2012-02-07 15:03 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2012-02-07 15:03 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll 2012-02-07 15:03 . 2006-10-18 19:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm 2012-02-07 15:03 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2012-02-07 15:03 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-02-07 15:03 . 2012-02-06 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-02-07 15:03 . 2012-02-07 15:04 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-02-07 15:02 . 2012-02-07 15:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-02-07 14:39 . 2012-02-23 06:44 -------- d-----w- c:\users\monkata\AppData\Local\LogMeIn Hamachi 2012-02-07 14:06 . 2012-02-19 14:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-06 19:02 . 2012-02-06 19:02 -------- d-----w- c:\users\monkata\AppData\Roaming\URSoft 2012-02-06 19:02 . 2012-02-06 19:02 -------- d-----w- c:\users\monkata\AppData\Roaming\Babylon 2012-02-06 19:02 . 2012-02-06 19:02 -------- d-----w- c:\users\monkata\AppData\Local\Babylon 2012-02-06 19:02 . 2012-02-06 19:02 -------- d-----w- c:\programdata\Babylon 2012-02-06 13:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-02-06 13:20 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-02-06 13:19 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-02-06 13:19 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll 2012-02-06 13:19 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll 2012-02-06 13:19 . 2011-06-24 05:34 214528 ----a-w- c:\windows\system32\winsrv.dll 2012-02-06 13:19 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe 2012-02-06 13:17 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-02-06 13:17 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-02-06 13:15 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-02-06 13:15 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-02-06 13:15 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-02-06 13:13 . 2012-02-06 13:13 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-02-06 13:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-02-06 13:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-02-06 13:12 . 2012-02-06 13:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-06 13:11 . 2012-01-17 02:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1AE8295-F748-4898-9003-111C7052E7FB}\mpengine.dll 2012-02-06 13:07 . 2009-03-18 14:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-02-06 13:00 . 2012-02-10 14:59 -------- d-----w- c:\program files (x86)\Yu-Gi-Oh! Power Chaos common 2012-02-06 07:28 . 2010-01-22 01:01 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-02-06 07:21 . 2012-02-06 07:21 -------- d-----w- c:\program files (x86)\Acer 2012-02-06 07:19 . 2012-02-06 07:19 -------- d-----w- c:\program files (x86)\Cisco 2012-02-06 07:18 . 2012-02-06 07:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-02-06 07:18 . 2012-02-06 07:18 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll 2012-02-06 07:18 . 2012-02-06 07:18 -------- d-----w- c:\program files\Broadcom 2012-02-06 07:18 . 2012-02-06 07:18 2978296 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2012-02-06 07:18 . 2012-02-06 07:18 3552768 ----a-w- c:\windows\system32\bcmihvui64.dll 2012-02-06 07:18 . 2012-02-06 07:18 3888128 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\program files (x86)\Atheros 2012-02-06 07:16 . 2010-01-04 14:55 1580584 ----a-w- c:\windows\system32\athrx.sys 2012-02-06 07:16 . 2012-02-06 07:21 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\programdata\Atheros 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\users\monkata\AppData\Roaming\InstallShield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 06:44 . 2011-02-25 04:48 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-02-23 06:43 . 2011-02-25 05:15 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-02-16 06:30 . 2011-02-25 05:15 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe 2012-02-16 06:30 . 2011-02-25 05:15 58288 ------w- c:\windows\SysWow64\rpcnet.exe 2012-02-16 06:27 . 2011-02-25 04:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll 2012-02-16 06:26 . 2011-02-25 04:48 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe 2012-02-12 14:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-02-12 14:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-01-29 03:10 . 2011-02-25 05:14 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 20:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-23 740216] "Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-02-10 1867480] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Проверка на мрежата на Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563389395-2866449132-3769846864-1000Core.job - c:\users\monkata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 14:39] . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563389395-2866449132-3769846864-1000UA.job - c:\users\monkata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 14:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\monkata\AppData\Roaming\Mozilla\Firefox\Profiles\e39felqk.default\ FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service] "ImagePath"="c:\program files (x86)\Winstep\WsxService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command] @="c:\\Program Files\\CCleaner\\ccleaner.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rpcnet.exe c:\program files (x86)\Winstep\WsxService.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe . ************************************************************************** . Completion time: 2012-02-23 08:54:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-23 06:54 . Pre-Run: 50 491 072 512 bytes free Post-Run: 50 135 494 656 bytes free . - - End Of File - - F48932942B9DCD0DF8786937D72FDC53

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

• Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

  

• Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

  

• Натиснете бутона Start Scan.

  

• Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

  

• Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.

  Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

  

  Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

• Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

утре

Няма проблеми !

08:19:06.0087 4512 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 08:19:06.0242 4512 ============================================================ 08:19:06.0242 4512 Current date / time: 2012/02/24 08:19:06.0242 08:19:06.0242 4512 SystemInfo: 08:19:06.0242 4512 08:19:06.0243 4512 OS Version: 6.1.7601 ServicePack: 1.0 08:19:06.0243 4512 Product type: Workstation 08:19:06.0243 4512 ComputerName: MONKATA-PC 08:19:06.0243 4512 UserName: monkata 08:19:06.0243 4512 Windows directory: C:\Windows 08:19:06.0243 4512 System windows directory: C:\Windows 08:19:06.0243 4512 Running under WOW64 08:19:06.0243 4512 Processor architecture: Intel x64 08:19:06.0243 4512 Number of processors: 4 08:19:06.0243 4512 Page size: 0x1000 08:19:06.0243 4512 Boot type: Normal boot 08:19:06.0243 4512 ============================================================ 08:19:08.0511 4512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:19:08.0520 4512 \Device\Harddisk0\DR0: 08:19:08.0520 4512 MBR used 08:19:08.0520 4512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9644211 08:19:08.0535 4512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x965BB15, BlocksNum 0x30D2912C 08:19:08.0608 4512 Initialize success 08:19:08.0608 4512 ============================================================ 08:19:36.0995 3160 ============================================================ 08:19:36.0995 3160 Scan started 08:19:36.0995 3160 Mode: Manual; SigCheck; TDLFS; 08:19:36.0995 3160 ============================================================ 08:19:38.0193 3160 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:19:38.0340 3160 1394ohci - ok 08:19:38.0609 3160 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:19:38.0675 3160 ACPI - ok 08:19:38.0799 3160 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:19:38.0911 3160 AcpiPmi - ok 08:19:39.0058 3160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:19:39.0123 3160 adp94xx - ok 08:19:39.0174 3160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:19:39.0226 3160 adpahci - ok 08:19:39.0260 3160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:19:39.0302 3160 adpu320 - ok 08:19:39.0481 3160 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:19:39.0586 3160 AFD - ok 08:19:39.0721 3160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:19:39.0759 3160 agp440 - ok 08:19:39.0913 3160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:19:39.0944 3160 aliide - ok 08:19:39.0979 3160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:19:40.0011 3160 amdide - ok 08:19:40.0139 3160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:19:40.0230 3160 AmdK8 - ok 08:19:40.0522 3160 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 08:19:40.0865 3160 amdkmdag - ok 08:19:41.0015 3160 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 08:19:41.0082 3160 amdkmdap - ok 08:19:41.0218 3160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:19:41.0276 3160 AmdPPM - ok 08:19:41.0430 3160 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:19:41.0466 3160 amdsata - ok 08:19:41.0581 3160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:19:41.0623 3160 amdsbs - ok 08:19:41.0655 3160 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:19:41.0691 3160 amdxata - ok 08:19:41.0812 3160 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:19:42.0046 3160 AppID - ok 08:19:42.0198 3160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:19:42.0234 3160 arc - ok 08:19:42.0257 3160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:19:42.0313 3160 arcsas - ok 08:19:42.0429 3160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:19:42.0624 3160 AsyncMac - ok 08:19:42.0749 3160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:19:42.0782 3160 atapi - ok 08:19:42.0935 3160 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 08:19:43.0073 3160 AtiHDAudioService - ok 08:19:43.0372 3160 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys 08:19:43.0465 3160 AtiHdmiService - ok 08:19:43.0663 3160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:19:43.0757 3160 b06bdrv - ok 08:19:43.0903 3160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:19:43.0973 3160 b57nd60a - ok 08:19:44.0199 3160 BCM43XX (ea906bd79e0c2644be399c0ce4e55e05) C:\Windows\system32\DRIVERS\bcmwl564.sys 08:19:44.0395 3160 BCM43XX - ok 08:19:44.0880 3160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:19:45.0028 3160 Beep - ok 08:19:45.0084 3160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:19:45.0134 3160 blbdrive - ok 08:19:45.0180 3160 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:19:45.0261 3160 bowser - ok 08:19:45.0313 3160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:19:45.0421 3160 BrFiltLo - ok 08:19:45.0535 3160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:19:45.0592 3160 BrFiltUp - ok 08:19:45.0961 3160 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 08:19:46.0114 3160 BridgeMP - ok 08:19:46.0258 3160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:19:46.0343 3160 Brserid - ok 08:19:46.0468 3160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:19:46.0536 3160 BrSerWdm - ok 08:19:46.0637 3160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:19:46.0699 3160 BrUsbMdm - ok 08:19:46.0824 3160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:19:46.0872 3160 BrUsbSer - ok 08:19:47.0004 3160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:19:47.0071 3160 BTHMODEM - ok 08:19:47.0126 3160 catchme - ok 08:19:47.0269 3160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:19:47.0396 3160 cdfs - ok 08:19:47.0535 3160 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 08:19:47.0606 3160 cdrom - ok 08:19:47.0751 3160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:19:47.0817 3160 circlass - ok 08:19:47.0956 3160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:19:48.0014 3160 CLFS - ok 08:19:48.0357 3160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:19:48.0425 3160 CmBatt - ok 08:19:48.0632 3160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:19:48.0676 3160 cmdide - ok 08:19:48.0819 3160 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:19:48.0943 3160 CNG - ok 08:19:49.0082 3160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:19:49.0116 3160 Compbatt - ok 08:19:49.0252 3160 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:19:49.0315 3160 CompositeBus - ok 08:19:49.0448 3160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:19:49.0489 3160 crcdisk - ok 08:19:49.0653 3160 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 08:19:49.0758 3160 CSC - ok 08:19:49.0920 3160 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:19:50.0037 3160 DfsC - ok 08:19:50.0082 3160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:19:50.0200 3160 discache - ok 08:19:50.0334 3160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:19:50.0370 3160 Disk - ok 08:19:50.0508 3160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:19:50.0560 3160 drmkaud - ok 08:19:50.0611 3160 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:19:50.0705 3160 DXGKrnl - ok 08:19:51.0171 3160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:19:51.0374 3160 ebdrv - ok 08:19:51.0552 3160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:19:51.0610 3160 elxstor - ok 08:19:51.0724 3160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:19:51.0780 3160 ErrDev - ok 08:19:51.0945 3160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:19:52.0082 3160 exfat - ok 08:19:52.0206 3160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:19:52.0332 3160 fastfat - ok 08:19:52.0469 3160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:19:52.0535 3160 fdc - ok 08:19:52.0656 3160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:19:52.0698 3160 FileInfo - ok 08:19:52.0721 3160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:19:52.0844 3160 Filetrace - ok 08:19:52.0882 3160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:19:52.0921 3160 flpydisk - ok 08:19:52.0962 3160 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:19:53.0014 3160 FltMgr - ok 08:19:53.0061 3160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:19:53.0096 3160 FsDepends - ok 08:19:53.0224 3160 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 08:19:53.0257 3160 Fs_Rec - ok 08:19:53.0403 3160 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:19:53.0455 3160 fvevol - ok 08:19:53.0654 3160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:19:53.0702 3160 gagp30kx - ok 08:19:53.0893 3160 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 08:19:53.0939 3160 hamachi - ok 08:19:54.0199 3160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:19:54.0266 3160 hcw85cir - ok 08:19:54.0414 3160 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:19:54.0509 3160 HdAudAddService - ok 08:19:54.0659 3160 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:19:54.0726 3160 HDAudBus - ok 08:19:54.0758 3160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:19:54.0822 3160 HidBatt - ok 08:19:54.0835 3160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:19:54.0890 3160 HidBth - ok 08:19:54.0902 3160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:19:54.0963 3160 HidIr - ok 08:19:55.0007 3160 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:19:55.0050 3160 HidUsb - ok 08:19:55.0088 3160 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:19:55.0120 3160 HpSAMD - ok 08:19:55.0166 3160 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:19:55.0311 3160 HTTP - ok 08:19:55.0458 3160 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:19:55.0488 3160 hwpolicy - ok 08:19:55.0533 3160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:19:55.0579 3160 i8042prt - ok 08:19:55.0643 3160 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:19:55.0705 3160 iaStorV - ok 08:19:55.0749 3160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:19:55.0784 3160 iirsp - ok 08:19:55.0835 3160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:19:55.0872 3160 intelide - ok 08:19:56.0006 3160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:19:56.0057 3160 intelppm - ok 08:19:56.0276 3160 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:19:56.0428 3160 IpFilterDriver - ok 08:19:56.0608 3160 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:19:56.0698 3160 IPMIDRV - ok 08:19:56.0836 3160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:19:56.0965 3160 IPNAT - ok 08:19:57.0103 3160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:19:57.0186 3160 IRENUM - ok 08:19:57.0308 3160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:19:57.0344 3160 isapnp - ok 08:19:57.0385 3160 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:19:57.0437 3160 iScsiPrt - ok 08:19:57.0495 3160 k57nd (899145f684a0857003c2b9dbed006304) C:\Windows\system32\DRIVERS\k57amd64.sys 08:19:57.0555 3160 k57nd - ok 08:19:57.0692 3160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 08:19:57.0730 3160 kbdclass - ok 08:19:57.0765 3160 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:19:57.0820 3160 kbdhid - ok 08:19:57.0862 3160 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:19:57.0903 3160 KSecDD - ok 08:19:57.0934 3160 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:19:57.0985 3160 KSecPkg - ok 08:19:58.0037 3160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:19:58.0146 3160 ksthunk - ok 08:19:58.0291 3160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:19:58.0414 3160 lltdio - ok 08:19:58.0577 3160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:19:58.0617 3160 LSI_FC - ok 08:19:58.0643 3160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:19:58.0681 3160 LSI_SAS - ok 08:19:58.0890 3160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:19:58.0966 3160 LSI_SAS2 - ok 08:19:59.0515 3160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:19:59.0572 3160 LSI_SCSI - ok 08:19:59.0961 3160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:20:00.0126 3160 luafv - ok 08:20:00.0436 3160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:20:00.0484 3160 megasas - ok 08:20:00.0857 3160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:20:00.0919 3160 MegaSR - ok 08:20:00.0949 3160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:20:01.0080 3160 Modem - ok 08:20:01.0283 3160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:20:01.0461 3160 monitor - ok 08:20:01.0759 3160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:20:01.0804 3160 mouclass - ok 08:20:02.0059 3160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:20:02.0147 3160 mouhid - ok 08:20:02.0449 3160 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:20:02.0502 3160 mountmgr - ok 08:20:02.0725 3160 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 08:20:02.0779 3160 MpFilter - ok 08:20:02.0898 3160 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:20:02.0942 3160 mpio - ok 08:20:03.0004 3160 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 08:20:03.0039 3160 MpNWMon - ok 08:20:03.0083 3160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:20:03.0202 3160 mpsdrv - ok 08:20:03.0240 3160 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:20:03.0359 3160 MRxDAV - ok 08:20:03.0488 3160 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:20:03.0560 3160 mrxsmb - ok 08:20:03.0698 3160 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:20:03.0762 3160 mrxsmb10 - ok 08:20:03.0799 3160 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:20:03.0863 3160 mrxsmb20 - ok 08:20:03.0996 3160 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:20:04.0030 3160 msahci - ok 08:20:04.0067 3160 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:20:04.0106 3160 msdsm - ok 08:20:04.0146 3160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:20:04.0251 3160 Msfs - ok 08:20:04.0295 3160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:20:04.0411 3160 mshidkmdf - ok 08:20:04.0536 3160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:20:04.0575 3160 msisadrv - ok 08:20:04.0705 3160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:20:04.0822 3160 MSKSSRV - ok 08:20:05.0027 3160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:20:05.0151 3160 MSPCLOCK - ok 08:20:05.0316 3160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:20:05.0432 3160 MSPQM - ok 08:20:05.0560 3160 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:20:05.0618 3160 MsRPC - ok 08:20:05.0672 3160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:20:05.0709 3160 mssmbios - ok 08:20:05.0776 3160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:20:05.0888 3160 MSTEE - ok 08:20:06.0010 3160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:20:06.0068 3160 MTConfig - ok 08:20:06.0187 3160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:20:06.0226 3160 Mup - ok 08:20:06.0380 3160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:20:06.0462 3160 NativeWifiP - ok 08:20:06.0625 3160 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:20:06.0739 3160 NDIS - ok 08:20:06.0871 3160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:20:06.0994 3160 NdisCap - ok 08:20:07.0144 3160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:20:07.0276 3160 NdisTapi - ok 08:20:07.0549 3160 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:20:07.0680 3160 Ndisuio - ok 08:20:07.0883 3160 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:20:07.0998 3160 NdisWan - ok 08:20:08.0143 3160 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:20:08.0263 3160 NDProxy - ok 08:20:08.0399 3160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:20:08.0503 3160 NetBIOS - ok 08:20:08.0560 3160 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:20:08.0690 3160 NetBT - ok 08:20:08.0855 3160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:20:08.0889 3160 nfrd960 - ok 08:20:08.0918 3160 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 08:20:08.0952 3160 NisDrv - ok 08:20:09.0012 3160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:20:09.0128 3160 Npfs - ok 08:20:09.0250 3160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:20:09.0372 3160 nsiproxy - ok 08:20:09.0547 3160 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:20:09.0684 3160 Ntfs - ok 08:20:09.0808 3160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:20:09.0933 3160 Null - ok 08:20:10.0259 3160 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:20:10.0326 3160 nvraid - ok 08:20:10.0506 3160 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:20:10.0555 3160 nvstor - ok 08:20:10.0580 3160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:20:10.0627 3160 nv_agp - ok 08:20:10.0661 3160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:20:10.0720 3160 ohci1394 - ok 08:20:10.0768 3160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:20:10.0814 3160 Parport - ok 08:20:10.0854 3160 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 08:20:10.0890 3160 partmgr - ok 08:20:10.0925 3160 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:20:10.0969 3160 pci - ok 08:20:10.0990 3160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:20:11.0018 3160 pciide - ok 08:20:11.0056 3160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:20:11.0100 3160 pcmcia - ok 08:20:11.0124 3160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:20:11.0158 3160 pcw - ok 08:20:11.0191 3160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:20:11.0324 3160 PEAUTH - ok 08:20:11.0541 3160 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:20:11.0654 3160 PptpMiniport - ok 08:20:11.0779 3160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:20:11.0842 3160 Processor - ok 08:20:11.0991 3160 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:20:12.0113 3160 Psched - ok 08:20:12.0280 3160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:20:12.0408 3160 ql2300 - ok 08:20:12.0616 3160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:20:12.0656 3160 ql40xx - ok 08:20:12.0801 3160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:20:12.0882 3160 QWAVEdrv - ok 08:20:13.0045 3160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:20:13.0174 3160 RasAcd - ok 08:20:13.0299 3160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:20:13.0397 3160 RasAgileVpn - ok 08:20:13.0530 3160 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:20:13.0650 3160 Rasl2tp - ok 08:20:13.0795 3160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:20:13.0921 3160 RasPppoe - ok 08:20:14.0055 3160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:20:14.0172 3160 RasSstp - ok 08:20:14.0293 3160 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:20:14.0408 3160 rdbss - ok 08:20:14.0449 3160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:20:14.0507 3160 rdpbus - ok 08:20:14.0526 3160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:20:14.0648 3160 RDPCDD - ok 08:20:14.0690 3160 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 08:20:14.0767 3160 RDPDR - ok 08:20:14.0936 3160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:20:15.0063 3160 RDPENCDD - ok 08:20:15.0221 3160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:20:15.0325 3160 RDPREFMP - ok 08:20:15.0486 3160 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 08:20:15.0550 3160 RdpVideoMiniport - ok 08:20:15.0729 3160 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 08:20:15.0874 3160 RDPWD - ok 08:20:16.0005 3160 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:20:16.0056 3160 rdyboost - ok 08:20:16.0240 3160 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys 08:20:16.0290 3160 Revoflt - ok 08:20:16.0457 3160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:20:16.0580 3160 rspndr - ok 08:20:16.0700 3160 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 08:20:16.0757 3160 s3cap - ok 08:20:16.0829 3160 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:20:16.0893 3160 sbp2port - ok 08:20:17.0092 3160 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:20:17.0206 3160 scfilter - ok 08:20:17.0474 3160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:20:17.0595 3160 secdrv - ok 08:20:17.0730 3160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:20:17.0776 3160 Serenum - ok 08:20:17.0892 3160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:20:17.0949 3160 Serial - ok 08:20:18.0095 3160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:20:18.0153 3160 sermouse - ok 08:20:18.0210 3160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:20:18.0263 3160 sffdisk - ok 08:20:18.0289 3160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:20:18.0357 3160 sffp_mmc - ok 08:20:18.0381 3160 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:20:18.0444 3160 sffp_sd - ok 08:20:18.0479 3160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:20:18.0531 3160 sfloppy - ok 08:20:18.0687 3160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:20:18.0721 3160 SiSRaid2 - ok 08:20:18.0842 3160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:20:18.0881 3160 SiSRaid4 - ok 08:20:19.0138 3160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:20:19.0262 3160 Smb - ok 08:20:19.0315 3160 speedfan - ok 08:20:19.0717 3160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:20:19.0750 3160 spldr - ok 08:20:20.0275 3160 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:20:20.0397 3160 srv - ok 08:20:20.0984 3160 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:20:21.0077 3160 srv2 - ok 08:20:21.0412 3160 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:20:21.0480 3160 srvnet - ok 08:20:21.0733 3160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 08:20:21.0785 3160 stexstor - ok 08:20:21.0929 3160 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 08:20:21.0969 3160 storflt - ok 08:20:22.0107 3160 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 08:20:22.0143 3160 storvsc - ok 08:20:22.0241 3160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:20:22.0303 3160 swenum - ok 08:20:22.0527 3160 Synth3dVsc - ok 08:20:22.0657 3160 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 08:20:22.0838 3160 Tcpip - ok 08:20:23.0164 3160 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 08:20:23.0309 3160 TCPIP6 - ok 08:20:23.0433 3160 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:20:23.0560 3160 tcpipreg - ok 08:20:23.0709 3160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:20:23.0827 3160 TDPIPE - ok 08:20:23.0988 3160 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 08:20:24.0092 3160 TDTCP - ok 08:20:24.0327 3160 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:20:24.0485 3160 tdx - ok 08:20:24.0756 3160 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:20:24.0793 3160 TermDD - ok 08:20:24.0976 3160 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:20:25.0099 3160 tssecsrv - ok 08:20:25.0352 3160 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:20:25.0441 3160 TsUsbFlt - ok 08:20:25.0671 3160 tsusbhub - ok 08:20:25.0741 3160 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:20:25.0898 3160 tunnel - ok 08:20:26.0128 3160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 08:20:26.0205 3160 uagp35 - ok 08:20:26.0400 3160 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:20:26.0546 3160 udfs - ok 08:20:26.0833 3160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:20:26.0888 3160 uliagpkx - ok 08:20:27.0265 3160 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 08:20:27.0315 3160 umbus - ok 08:20:27.0867 3160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 08:20:27.0949 3160 UmPass - ok 08:20:28.0181 3160 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:20:28.0251 3160 usbccgp - ok 08:20:28.0476 3160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:20:28.0541 3160 usbcir - ok 08:20:29.0319 3160 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:20:29.0398 3160 usbehci - ok 08:20:29.0601 3160 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:20:29.0658 3160 usbhub - ok 08:20:29.0891 3160 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 08:20:29.0974 3160 usbohci - ok 08:20:30.0207 3160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:20:30.0347 3160 usbprint - ok 08:20:30.0568 3160 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 08:20:30.0646 3160 USBSTOR - ok 08:20:30.0828 3160 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:20:30.0896 3160 usbuhci - ok 08:20:31.0199 3160 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 08:20:31.0266 3160 usbvideo - ok 08:20:31.0572 3160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:20:31.0605 3160 vdrvroot - ok 08:20:31.0768 3160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:20:31.0817 3160 vga - ok 08:20:32.0044 3160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:20:32.0181 3160 VgaSave - ok 08:20:32.0294 3160 VGPU - ok 08:20:32.0449 3160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:20:32.0502 3160 vhdmp - ok 08:20:32.0782 3160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:20:32.0815 3160 viaide - ok 08:20:33.0244 3160 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 08:20:33.0312 3160 vmbus - ok 08:20:33.0515 3160 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 08:20:33.0566 3160 VMBusHID - ok 08:20:33.0887 3160 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:20:33.0934 3160 volmgr - ok 08:20:34.0187 3160 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:20:34.0259 3160 volmgrx - ok 08:20:34.0521 3160 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:20:34.0577 3160 volsnap - ok 08:20:34.0780 3160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 08:20:34.0820 3160 vsmraid - ok 08:20:35.0018 3160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:20:35.0095 3160 vwifibus - ok 08:20:35.0262 3160 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:20:35.0354 3160 vwififlt - ok 08:20:35.0680 3160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 08:20:35.0722 3160 WacomPen - ok 08:20:35.0968 3160 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:20:36.0104 3160 WANARP - ok 08:20:36.0140 3160 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:20:36.0253 3160 Wanarpv6 - ok 08:20:36.0626 3160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 08:20:36.0666 3160 Wd - ok 08:20:36.0900 3160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:20:36.0967 3160 Wdf01000 - ok 08:20:37.0356 3160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:20:37.0462 3160 WfpLwf - ok 08:20:37.0860 3160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:20:37.0902 3160 WIMMount - ok 08:20:38.0123 3160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:20:38.0164 3160 WmiAcpi - ok 08:20:38.0326 3160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:20:38.0429 3160 ws2ifsl - ok 08:20:38.0639 3160 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:20:38.0794 3160 WudfPf - ok 08:20:38.0977 3160 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:20:39.0155 3160 WUDFRd - ok 08:20:39.0232 3160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 08:20:40.0106 3160 \Device\Harddisk0\DR0 - ok 08:20:40.0111 3160 Boot (0x1200) (07e3d8bf3947db0e4315d12929fe6fcc) \Device\Harddisk0\DR0\Partition0 08:20:40.0113 3160 \Device\Harddisk0\DR0\Partition0 - ok 08:20:40.0146 3160 Boot (0x1200) (896ea5036f7ddf60f18f8018ced68b4c) \Device\Harddisk0\DR0\Partition1 08:20:40.0147 3160 \Device\Harddisk0\DR0\Partition1 - ok 08:20:40.0148 3160 ============================================================ 08:20:40.0148 3160 Scan finished 08:20:40.0148 3160 ============================================================ 08:20:40.0173 2956 Detected object count: 0 08:20:40.0173 2956 Actual detected object count: 0 08:21:22.0118 4556 Deinitialize success

Активни зарази не се виждат.

Можем да почистим малко боклуци, но само това:

• Отворете notepad и с copy/paste въведете следната информация:

  Folder::
  c:usersmonkataAppDataRoamingBabylon
  c:usersmonkataAppDataLocalBabylon
  c:programdataBabylon
  c:program files (x86)Ask.com
  Registry::
  [-HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
  

• Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

  

• По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
• Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Деинсталирайте:

TeamViewer 5 (защото имате инсталиран и TeamViewer 7)

Winstep Xtreme => е програма за смяна на облика на Windows и понякога натежава...Ако сте я инсталирали само заради Nexus-a, можете да опитате да замените програмата с Rocket Dock или Stardock ObjectDock.

Поздрави !

ComboFix 12-02-22.01 - monkata 02.2012 г. 13:44:02.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.3959.2751 [GMT 2:00] Running from: c:\users\monkata\Desktop\ComboFix.exe Command switches used :: c:\users\monkata\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_8a7.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\UpdateTask.exe c:\programdata\Babylon c:\users\monkata\AppData\Local\Babylon c:\users\monkata\AppData\Local\Babylon\Setup\bab033.tbinst.dat c:\users\monkata\AppData\Local\Babylon\Setup\Babylon.dat c:\users\monkata\AppData\Local\Babylon\Setup\BExternal.dll c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\common.js c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\eula.html c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\page2.css c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\page2.html c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\page2.js c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\page9.html c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\title2.png c:\users\monkata\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg c:\users\monkata\AppData\Local\Babylon\Setup\IECookieLow.dll c:\users\monkata\AppData\Local\Babylon\Setup\Setup.exe c:\users\monkata\AppData\Local\Babylon\Setup\SetupStrings.dat c:\users\monkata\AppData\Local\Babylon\Setup\sqlite3.dll c:\users\monkata\AppData\Roaming\Babylon c:\users\monkata\AppData\Roaming\Babylon\log_file.txt . . ((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))) . . 2012-02-24 11:51 . 2012-02-24 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-24 06:28 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5ED3BE2D-5D28-44D4-8AF1-A307F6107546}\mpengine.dll 2012-02-20 16:00 . 2012-02-20 16:00 -------- d-----w- c:\program files\CCleaner 2012-02-20 14:59 . 2012-02-20 15:29 -------- d-----w- c:\users\monkata\AppData\Roaming\vlc 2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-20 14:10 . 2012-02-20 15:00 -------- d-----w- c:\users\monkata\AppData\Local\K-Meleon 2012-02-19 14:56 . 2012-02-19 14:56 -------- d-----w- c:\users\monkata\AppData\Local\VS Revo Group 2012-02-19 14:56 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-02-19 14:56 . 2012-02-19 14:56 -------- d-----w- c:\program files\VS Revo Group 2012-02-19 14:32 . 2012-02-19 14:32 -------- d-----w- c:\users\monkata\AppData\Roaming\IrfanView 2012-02-19 14:32 . 2012-02-19 14:32 -------- d-----w- c:\program files (x86)\IrfanView 2012-02-19 14:28 . 2012-02-19 14:28 -------- d-----w- c:\windows\Profiles 2012-02-19 13:30 . 2012-02-21 06:15 -------- d-----w- c:\program files (x86)\SpeedFan 2012-02-15 06:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 06:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 06:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 06:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 06:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 06:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 06:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 06:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-12 13:57 . 2012-02-12 13:57 -------- d-----w- c:\windows\system32\SPReview 2012-02-12 13:56 . 2012-02-12 13:56 -------- d-----w- c:\windows\system32\EventProviders 2012-02-11 13:56 . 2012-02-24 06:59 -------- d-----w- c:\users\monkata\AppData\Roaming\SPlayer 2012-02-11 13:56 . 2012-02-24 06:59 -------- d-----w- c:\program files (x86)\SPlayer 2012-02-11 13:44 . 2012-02-20 16:12 -------- d-----w- c:\users\monkata\AppData\Roaming\AIMP3 2012-02-11 13:44 . 2012-02-20 15:51 -------- d-----w- c:\program files (x86)\AIMP3 2012-02-11 13:17 . 2012-02-11 13:17 -------- d-----w- c:\users\monkata\AppData\Local\TechSmith 2012-02-11 13:16 . 2012-02-11 13:16 -------- d-----w- c:\windows\SysWow64\QuickTime 2012-02-11 13:16 . 2012-02-11 13:16 -------- d-----w- c:\program files (x86)\QuickTime 2012-02-11 13:15 . 2012-02-11 13:15 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-02-11 13:15 . 2012-02-11 13:16 -------- d-----w- c:\programdata\TechSmith 2012-02-11 13:15 . 2012-02-11 13:15 -------- d-----w- c:\program files (x86)\TechSmith 2012-02-11 13:08 . 2012-02-11 13:08 -------- d-----w- C:\Fraps 2012-02-10 14:41 . 2012-02-10 14:42 -------- d-----w- c:\users\monkata\AppData\Roaming\Google Chrome Backup 2012-02-10 14:39 . 2012-02-10 14:40 -------- d-----w- c:\users\monkata\AppData\Local\Google 2012-02-10 07:13 . 2010-11-20 12:21 2146304 ----a-w- c:\windows\SysWow64\SyncCenter.dll 2012-02-10 07:12 . 2010-11-20 12:21 2202624 ----a-w- c:\windows\SysWow64\SensorsCpl.dll 2012-02-10 07:10 . 2010-11-20 13:34 46464 ----a-w- c:\windows\system32\drivers\vmstorfl.sys 2012-02-10 07:09 . 2010-11-20 13:27 92672 ----a-w- c:\windows\system32\TabSvc.dll 2012-02-10 07:08 . 2010-11-20 13:02 8192 ----a-w- c:\windows\system32\kbdlk41a.dll 2012-02-10 07:07 . 2010-11-20 13:27 36352 ----a-w- c:\windows\system32\wdiasqmmodule.dll 2012-02-10 06:52 . 2012-02-07 15:06 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-10 06:52 . 2012-02-10 06:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B3420-E326-4B55-8312-7B8457AE6877}\gapaengine.dll 2012-02-10 06:52 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-09 14:49 . 2012-02-09 14:49 -------- d-----w- c:\windows\system32\Macromed 2012-02-09 14:35 . 2012-02-11 15:38 -------- d-----w- c:\program files (x86)\TeamViewer 2012-02-09 13:23 . 2012-02-09 13:23 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-02-08 13:50 . 2012-02-08 13:50 -------- d-----w- c:\users\monkata\AppData\Roaming\Malwarebytes 2012-02-08 13:50 . 2012-02-08 13:50 -------- d-----w- c:\programdata\Malwarebytes 2012-02-08 13:50 . 2012-02-09 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-08 13:50 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-08 13:31 . 2012-02-13 13:32 -------- d-----w- c:\users\monkata\AppData\Local\ElevatedDiagnostics 2012-02-08 13:20 . 2012-02-11 15:39 -------- d-----w- c:\users\monkata\AppData\Roaming\TeamViewer 2012-02-08 12:44 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-02-08 12:43 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-02-08 12:43 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-02-08 12:43 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-02-08 12:43 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-02-08 12:43 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-02-08 12:43 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-02-08 12:43 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-02-08 12:38 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-02-08 12:38 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-02-08 06:37 . 2012-02-08 22:28 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2012-02-08 06:37 . 2012-02-08 06:37 -------- d-----w- c:\program files (x86)\Acronis 2012-02-08 06:26 . 2012-02-08 22:28 -------- d-----w- c:\program files (x86)\Core Temp 2012-02-07 15:05 . 2012-02-20 16:12 -------- d-----w- c:\users\monkata\AppData\Roaming\Media Player Classic 2012-02-07 15:04 . 2012-02-07 15:04 -------- d-----w- c:\program files (x86)\PANDORA.TV 2012-02-07 15:03 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2012-02-07 15:03 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll 2012-02-07 15:03 . 2006-10-18 19:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm 2012-02-07 15:03 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2012-02-07 15:03 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-02-07 15:03 . 2012-02-06 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-02-07 15:03 . 2012-02-07 15:04 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-02-07 15:02 . 2012-02-07 15:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-02-07 14:39 . 2012-02-24 11:37 -------- d-----w- c:\users\monkata\AppData\Local\LogMeIn Hamachi 2012-02-07 14:06 . 2012-02-19 14:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-06 19:02 . 2012-02-06 19:02 -------- d-----w- c:\users\monkata\AppData\Roaming\URSoft 2012-02-06 13:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-02-06 13:20 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-02-06 13:19 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-02-06 13:19 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll 2012-02-06 13:19 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll 2012-02-06 13:19 . 2011-06-24 05:34 214528 ----a-w- c:\windows\system32\winsrv.dll 2012-02-06 13:19 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe 2012-02-06 13:17 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-02-06 13:17 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-02-06 13:15 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-02-06 13:15 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-02-06 13:15 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-02-06 13:13 . 2012-02-06 13:13 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-02-06 13:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-02-06 13:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-02-06 13:12 . 2012-02-06 13:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-06 13:11 . 2012-01-17 02:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1AE8295-F748-4898-9003-111C7052E7FB}\mpengine.dll 2012-02-06 13:07 . 2009-03-18 14:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-02-06 13:00 . 2012-02-10 14:59 -------- d-----w- c:\program files (x86)\Yu-Gi-Oh! Power Chaos common 2012-02-06 07:28 . 2010-01-22 01:01 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-02-06 07:21 . 2012-02-06 07:21 -------- d-----w- c:\program files (x86)\Acer 2012-02-06 07:19 . 2012-02-06 07:19 -------- d-----w- c:\program files (x86)\Cisco 2012-02-06 07:18 . 2012-02-06 07:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-02-06 07:18 . 2012-02-06 07:18 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll 2012-02-06 07:18 . 2012-02-06 07:18 -------- d-----w- c:\program files\Broadcom 2012-02-06 07:18 . 2012-02-06 07:18 2978296 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2012-02-06 07:18 . 2012-02-06 07:18 3552768 ----a-w- c:\windows\system32\bcmihvui64.dll 2012-02-06 07:18 . 2012-02-06 07:18 3888128 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\program files (x86)\Atheros 2012-02-06 07:16 . 2010-01-04 14:55 1580584 ----a-w- c:\windows\system32\athrx.sys 2012-02-06 07:16 . 2012-02-06 07:21 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\programdata\Atheros 2012-02-06 07:16 . 2012-02-06 07:16 -------- d-----w- c:\users\monkata\AppData\Roaming\InstallShield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:52 . 2011-02-25 04:48 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-02-24 11:52 . 2011-02-25 05:15 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-02-16 06:30 . 2011-02-25 05:15 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe 2012-02-16 06:30 . 2011-02-25 05:15 58288 ------w- c:\windows\SysWow64\rpcnet.exe 2012-02-16 06:27 . 2011-02-25 04:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll 2012-02-16 06:26 . 2011-02-25 04:48 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe 2012-02-12 14:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-02-12 14:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-01-29 03:10 . 2011-02-25 05:14 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-02-23_06.43.56 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-25 05:35 . 2012-02-24 11:38 33420 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-24 11:38 30288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-25 04:53 . 2012-02-24 07:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-25 04:53 . 2012-02-21 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-25 04:53 . 2012-02-24 07:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-25 04:53 . 2012-02-21 06:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-02-21 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-02-24 07:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-11-02 23:51 . 2009-11-03 00:51 9728 c:\windows\SysWOW64\wceprv.dll + 2011-02-25 04:58 . 2012-02-24 11:38 9026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1563389395-2866449132-3769846864-1000_UserData.bin - 2012-02-23 06:43 . 2012-02-23 06:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-24 11:52 . 2012-02-24 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-24 11:52 . 2012-02-24 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-02-23 06:43 . 2012-02-23 06:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-23 06:42 234748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-24 11:51 234748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-28 07:57 . 2012-02-24 11:51 1089896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-02-28 07:57 . 2012-02-23 06:42 1089896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-02-07 14:03 . 2012-02-23 06:42 1964792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1563389395-2866449132-3769846864-1000-12288.dat + 2012-02-07 14:03 . 2012-02-24 11:51 1964792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1563389395-2866449132-3769846864-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-23 740216] "Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-02-10 1867480] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Проверка на мрежата на Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] . . Contents of the 'Scheduled Tasks' folder . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563389395-2866449132-3769846864-1000Core.job - c:\users\monkata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 14:39] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563389395-2866449132-3769846864-1000UA.job - c:\users\monkata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 14:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm FF - ProfilePath - c:\users\monkata\AppData\Roaming\Mozilla\Firefox\Profiles\e39felqk.default\ FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service] "ImagePath"="c:\program files (x86)\Winstep\WsxService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command] @="c:\\Program Files\\CCleaner\\ccleaner.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rpcnet.exe c:\program files (x86)\Winstep\WsxService.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe . ************************************************************************** . Completion time: 2012-02-24 13:58:42 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-24 11:58 ComboFix2.txt 2012-02-23 06:54 . Pre-Run: 51 321 352 192 bytes free Post-Run: 51 111 473 152 bytes free . - - End Of File - - 9CBB38BE9953B4B8390E68BBF6EE5C07 TeamViewer 5 премахнат. Nexus премахнат. за сега е по добре стартирасе по добре а тази програма лесно ли се инсталира Stardock ObjectDock

Лесно се инсталира, но при наличието на този нов и голям TASKBAR в Windows 7, считам подобни програми за излишно пилеене на системни ресурси и повече за г*зарлък.

Деинсталирайте Combofix:

Натиснете Start => в полето за търсене въведете командата Combofix /Uninstall (има празно място между Combofix и /Uninstall) и натиснете Enter.

Изтрийте ръчно всички инструменти и логове, които не са се изтрили при гореспоменатите процедури.

Обновете и всички програми със Secunia Personal Inspector

Обновете дефинициите на Microsoft Security Essentials и Malwarebytes' Anti-Malware и направете по една бърза проверка за всеки случай.

Ако не бъдат открити зарази, няма нужда да публикувате резултатите от проверката.

Поздрави и приятен ден !

рун го няма ??

рун го няма ??

Може и без Run (в полето за търсене пак става).

Иначе за да извикате RUN натиснете клавишната комбинация Windows key + R

тази програма как работи Secunia Personal Inspector

тази програма как работи Secunia Personal Inspector

Сканира програмите за стари версии и предлага да ги обновите.

немога да упдате WindowsUpdate_800703FA дава този ерор има нова версиа кклеар пак програмата показва 4е е упдате

Редактирано 24 февруари 201214 г. от Jason222 (преглед на промените)

Явно не можете да се оправите с програмата.

Оставете тогава и я деинсталирайте.

Следете за ъпдейти в каталога на kaldata и обновявайте програмите при наличие на актуализации ръчно.

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Версия на базата от данни: v2012.02.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 monkata :: MONKATA-PC [администратор] 24.2.2012 г. 16:19:23 ч. mbam-log-2012-02-24 (16-19-23).txt Тип сканиране: Пълно сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 281457 Изминало време: 45 минута(и), 5 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 0 (Не бяха открити зловредни обекти) Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 2 C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> Поставен под карантина и изтрит успешно. C:\Windows\Setup\SCRIPTS\data\bootinst.exe (Malware.Packer.Gen) -> Поставен под карантина и изтрит успешно. (край)

Няма нищо притеснително в намерените резултати. Просто стойте настрана от всички пачове, кракове, кейгенератори, защото често в тях има вграден зловреден софтуер. А и има толкова много безплатни алтернативи на платените програми, че разнообразието е много голямо и напълно достатъчно (за ежедневни цели).