Logi - Objaw - brak pamieci

Mam taki problem iz w trakcie pracy na komputerze dostaje informacje iz zaczyna brakować pamieci, jest to malo prawdopodobne, gdyz nie wykonuje zadnych operacji ktore mogly by wykorzystac w takim stopniu pamiec. Skanowalem kompa juz roznymi programami kazdy cos znalazl ale problem w dalszym ciagu sie pojawia, prosze o sprawdzenie i ewentualne sugestie.


plik.OTL.txt

OTL logfile created on: 2012-03-12 23:17:37 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\deos\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,94 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 29,55% Memory free
2,36 Gb Paging File | 1,14 Gb Available in Paging File | 48,53% Paging File free
Paging file location(s): c:\pagefile.sys 512 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,33 Gb Total Space | 66,00 Gb Free Space | 44,79% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 332,52 Gb Free Space | 85,13% Space Free | Partition Type: NTFS
Drive E: | 393,55 Gb Total Space | 388,80 Gb Free Space | 98,79% Space Free | Partition Type: NTFS
Drive F: | 74,52 Gb Total Space | 33,22 Gb Free Space | 44,58% Space Free | Partition Type: NTFS
Drive G: | 304,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 74,53 Gb Total Space | 4,72 Gb Free Space | 6,33% Space Free | Partition Type: NTFS

Computer Name: DEOS-PC | User Name: deos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-12 23:03:52 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\deos\Downloads\OTL.exe
PRC - [2011-12-21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011-11-23 11:27:04 | 001,145,144 | ---- | M] (Comodo Security Solutions) -- C:\Program Files\Comodo\COMODO GeekBuddy\Cpa_VA.exe
PRC - [2011-11-23 11:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011-11-23 11:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe
PRC - [2011-11-16 03:24:48 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-07-04 18:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2011-01-17 19:50:30 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 19:50:30 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010-02-09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012-01-08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011-11-14 19:31:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011-07-04 18:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 18:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 18:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 18:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 18:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 09:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 09:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 09:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 09:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 09:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 09:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2009-02-27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-11-23 11:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011-11-21 22:39:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-11-16 03:44:32 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a6c3fh7e)
DRV - [2011-12-19 18:59:04 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011-12-19 18:59:04 | 000,019,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2011-11-14 16:29:00 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-12-10 14:27:34 | 000,085,248 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvidx.sys -- (TridVid)
DRV - [2006-11-02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006-10-14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=make
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-18 11:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-14 18:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011-11-14 18:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deos\AppData\Roaming\mozilla\Extensions
[2012-02-05 15:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deos\AppData\Roaming\mozilla\Firefox\Profiles\w0f5h6z3.default\extensions
[2012-02-05 15:09:26 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\deos\AppData\Roaming\mozilla\Firefox\Profiles\w0f5h6z3.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012-02-05 15:24:01 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\deos\AppData\Roaming\mozilla\Firefox\Profiles\w0f5h6z3.default\extensions\ffxtlbr@funmoods.com
[2012-02-05 15:23:57 | 000,001,798 | ---- | M] () -- C:\Users\deos\AppData\Roaming\Mozilla\Firefox\Profiles\w0f5h6z3.default\searchplugins\funmoods.xml
[2012-01-11 09:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DEOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W0F5H6Z3.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\DEOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W0F5H6Z3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DEOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W0F5H6Z3.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\DEOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W0F5H6Z3.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012-02-18 11:30:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-11-05 04:41:38 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-11-05 04:41:38 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-11-05 04:41:38 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-11-05 04:41:38 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-11-05 04:41:38 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-11-05 04:41:39 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-03-12 16:36:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [QuickDTV] C:\Program Files\Trident 5600 Device\6000RMT.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\deos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3DD4C2-ADD0-4CC1-B2AA-C2AED9F1DF2D}: DhcpNameServer = 62.179.1.62 62.179.1.63
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999-09-02 16:48:08 | 000,000,914 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4c6eee45-3493-11e1-88b1-001fd0b0836e}\Shell - "" = AutoRun
O33 - MountPoints2\{4c6eee45-3493-11e1-88b1-001fd0b0836e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\aoesetup.exe -- [1999-09-14 15:47:34 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\directx\command - "" = G:\DIRECTX\DXSETUP.EXE -- [1999-01-08 18:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\dplay\command - "" = G:\DIRECTX\DPLAY61A.EXE -- [1999-06-18 15:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\dxdiag\command - "" = G:\GOODIES\AR40ENG.EXE -- [1999-05-27 18:01:48 | 005,455,526 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\dxinfo\command - "" = G:\GOODIES\DIRECTX\DXINFO.EXE -- [1997-07-15 00:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\dxtest\command - "" = G:\DIRECTX\DXDIAG.EXE -- [1999-01-08 18:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\dxtool\command - "" = G:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997-07-15 00:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\log\command - "" = G:\goodies\machine\machine.exe -- [1999-08-17 13:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\machine\command - "" = G:\GOODIES\MACHINE\MACHINE.EXE -- [1999-08-17 13:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\setup\command - "" = G:\aoesetup.exe -- [1999-09-14 15:47:34 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{766551c0-0ed5-11e1-ace8-806e6f6e6963}\Shell\zone\command - "" = G:\GOODIES\MSZONE\ZONEA600.EXE -- [1999-09-01 15:16:04 | 006,753,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-12 23:11:42 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012-03-12 22:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-03-12 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-03-12 22:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-03-12 20:05:48 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\1
[2012-03-12 16:54:09 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\kopia od linux
[2012-03-12 12:18:32 | 000,000,000 | ---D | C] -- C:\Users\deos\AppData\Roaming\Malwarebytes
[2012-03-12 12:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-12 12:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-12 12:17:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-03-12 12:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-03-12 09:55:17 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\orginal reflekt
[2012-03-12 09:35:29 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\Nowy folder (5)
[2012-03-12 09:02:08 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\Nowy folder (4)
[2012-03-12 08:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-03-11 20:28:23 | 000,000,000 | -HSD | C] -- C:\Users\deos\AppData\Local\f8f69855
[2012-03-11 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\deos\AppData\Roaming\EurekaLog
[2012-03-10 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-03-10 13:42:12 | 000,000,000 | ---D | C] -- C:\Users\deos\AppData\Local\Comodo
[2012-03-09 22:27:46 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\ja_community_plus
[2012-03-09 19:15:31 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\Nowy folder (2)
[2012-03-08 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\templates
[2012-03-08 21:59:26 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\ulotka reflektory
[2012-03-05 13:08:12 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\dokumenty outlaw
[2012-02-29 14:03:37 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\Nowy folder
[2012-02-29 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Asystent4
[2012-02-22 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\feedback
[2012-02-20 10:11:24 | 000,000,000 | ---D | C] -- C:\Users\deos\Desktop\gil
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-12 23:16:48 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-12 23:16:48 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-12 23:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-12 23:16:40 | 2079,895,552 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-12 23:16:06 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012-03-12 22:11:50 | 000,001,055 | ---- | M] () -- C:\Users\deos\Desktop\Spybot - Search & Destroy.lnk
[2012-03-12 22:04:41 | 000,012,349 | ---- | M] () -- C:\Users\deos\Documents\Bez tytułu 1.ods
[2012-03-12 16:36:45 | 000,618,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-03-12 16:36:45 | 000,545,414 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-03-12 16:36:45 | 000,106,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-12 16:36:45 | 000,089,818 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-03-12 16:36:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-03-12 12:36:35 | 000,000,134 | ---- | M] () -- C:\Users\deos\Desktop\hosts-perm.bat
[2012-03-12 12:17:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-12 08:35:17 | 000,869,376 | ---- | M] () -- C:\ProgramData\isecurity
[2012-03-11 17:14:47 | 000,224,814 | ---- | M] () -- C:\Users\deos\Desktop\refl.jpg
[2012-03-10 09:28:59 | 002,740,268 | ---- | M] () -- C:\Users\deos\Desktop\CENNIK-WARSZTATOWY.psd
[2012-03-08 12:15:12 | 000,297,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-03-08 12:06:32 | 000,029,616 | ---- | M] () -- C:\Users\deos\Documents\cc_20120308_120628.reg
[2012-03-08 12:05:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-03-04 21:18:55 | 000,019,755 | ---- | M] () -- C:\Users\deos\Desktop\got pkd.odt
[2012-02-29 14:39:27 | 000,128,692 | ---- | M] () -- C:\Users\deos\Desktop\1.jpg
[2012-02-29 14:37:08 | 000,147,063 | ---- | M] () -- C:\Users\deos\Desktop\2.jpg
[2012-02-29 14:35:37 | 000,185,267 | ---- | M] () -- C:\Users\deos\Desktop\3.jpg
[2012-02-26 15:47:14 | 000,023,040 | ---- | M] () -- C:\Users\deos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-12 22:11:50 | 000,001,055 | ---- | C] () -- C:\Users\deos\Desktop\Spybot - Search & Destroy.lnk
[2012-03-12 22:04:39 | 000,012,349 | ---- | C] () -- C:\Users\deos\Documents\Bez tytułu 1.ods
[2012-03-12 16:36:18 | 000,000,761 | ---- | C] () -- C:\Users\deos\Desktop\hostsssssssssssssssssss
[2012-03-12 12:36:56 | 000,000,134 | ---- | C] () -- C:\Users\deos\Desktop\hosts-perm.bat
[2012-03-12 12:17:59 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-11 15:51:43 | 000,224,814 | ---- | C] () -- C:\Users\deos\Desktop\refl.jpg
[2012-03-11 15:13:55 | 000,869,376 | ---- | C] () -- C:\ProgramData\isecurity
[2012-03-10 09:23:19 | 002,740,268 | ---- | C] () -- C:\Users\deos\Desktop\CENNIK-WARSZTATOWY.psd
[2012-03-09 17:24:02 | 000,185,267 | ---- | C] () -- C:\Users\deos\Desktop\3.jpg
[2012-03-09 17:24:02 | 000,147,063 | ---- | C] () -- C:\Users\deos\Desktop\2.jpg
[2012-03-09 17:24:02 | 000,128,692 | ---- | C] () -- C:\Users\deos\Desktop\1.jpg
[2012-03-08 12:06:30 | 000,029,616 | ---- | C] () -- C:\Users\deos\Documents\cc_20120308_120628.reg
[2012-03-04 21:18:52 | 000,019,755 | ---- | C] () -- C:\Users\deos\Desktop\got pkd.odt
[2012-01-31 12:26:54 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012-01-31 12:26:54 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012-01-31 12:26:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-12-24 00:02:00 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011-11-22 21:32:20 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011-11-14 19:30:12 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011-11-14 18:18:27 | 000,023,040 | ---- | C] () -- C:\Users\deos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-14 16:52:35 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2011-11-14 16:28:35 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-07-15 13:18:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 981 bytes -> C:\Users\deos\Desktop\Everlast - Odzież męska Promocja!.eml:OECustomProperty

< End of report >

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
[2012-03-11 20:28:23 | 000,000,000 | -HSD | C] -- C:UsersdeosAppDataLocalf8f69855

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

.

już nawet OTL nie moge odpalic mimo iz odpalam `jako administrator` - otrzymuje komunikat `program OTL przestał działac`. Udalo mi sie i dziala z trybu awaryjnego ale po zresetowaniu nie otrzymuje raportu. Wiec nie wiem juz jak poradzic z dziadem..

Skoro nie masz żadnej infekcji, a sytuacja, wg Ciebie, jest zła, to niewiele ryzykujesz: daj log z ComboFix >/Archiwalny-Combofix-t35201/
Może on coś wykryje (o ile to w ogóle wina infekcji)

.

Takie cudo otrzymalem. Cos zniego wynika?

ComboFix 12-03-14.01 - deos 2012-03-14 20:28:53.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.1983.1496 [GMT 1:00]
Uruchomiony z: c:usersdeosDownloadsComboFix.exe
AV: COMODO Antivirus *Disabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 19:34 . 2012-03-14 19:34 -------- d-----w- c:usersdeosAppDataLocaltemp
2012-03-14 19:34 . 2012-03-14 19:34 -------- d-----w- c:usersDefaultAppDataLocaltemp
2012-03-14 18:41 . 2012-03-14 18:41 592824 ----a-w- c:program filesMozilla Firefoxgkmedias.dll
2012-03-14 18:41 . 2012-03-14 18:41 44472 ----a-w- c:program filesMozilla Firefoxmozglue.dll
2012-03-14 18:40 . 2012-03-14 18:40 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-03-14 03:12 . 2010-09-10 16:35 168960 ----a-w- c:program filesWindows Media Playerwmplayer.exe
2012-03-14 03:12 . 2010-09-10 16:37 8147456 ----a-w- c:windowssystem32wmploc.DLL
2012-03-14 03:12 . 2010-09-06 16:24 125952 ----a-w- c:windowssystem32srvsvc.dll
2012-03-14 03:12 . 2010-09-06 16:23 17920 ----a-w- c:windowssystem32netevent.dll
2012-03-14 03:10 . 2010-06-28 16:15 1315840 ----a-w- c:windowssystem32ole32.dll
2012-03-14 03:09 . 2010-08-20 15:21 866816 ----a-w- c:windowssystem32wmpmde.dll
2012-03-14 03:08 . 2008-05-08 21:59 90112 ----a-w- c:windowssystem32wshext.dll
2012-03-13 21:50 . 2012-03-13 21:50 -------- d-----w- C:PerfLogs
2012-03-13 11:16 . 2012-03-13 11:16 -------- d-----w- c:usersdeos.gstreamer-0.10
2012-03-13 11:11 . 2012-03-14 19:19 -------- d-----w- c:programdataOpenFM
2012-03-13 11:11 . 2012-03-13 11:11 -------- d-----w- c:usersdeosAppDataRoamingOpenFM
2012-03-12 21:11 . 2012-03-13 21:03 -------- d-----w- c:program filesSpybot - Search & Destroy
2012-03-12 21:11 . 2012-03-13 20:59 -------- d-----w- c:programdataSpybot - Search & Destroy
2012-03-12 11:18 . 2012-03-12 11:18 -------- d-----w- c:usersdeosAppDataRoamingMalwarebytes
2012-03-12 11:17 . 2012-03-12 11:17 -------- d-----w- c:programdataMalwarebytes
2012-03-12 07:45 . 2012-03-12 07:45 -------- d-----w- c:program filesESET
2012-03-11 19:28 . 2012-03-12 15:28 -------- d-sh--w- c:usersdeosAppDataLocalf8f69855
2012-03-11 12:35 . 2012-03-11 12:35 -------- d-----w- c:usersdeosAppDataRoamingEurekaLog
2012-03-10 15:58 . 2012-03-10 16:05 -------- d-----w- c:program filesSkanerOnline
2012-03-10 12:42 . 2012-03-10 12:42 -------- d-----w- c:usersdeosAppDataLocalComodo
2012-02-29 11:22 . 2012-03-08 11:07 -------- d-----w- c:program filesAsystent4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 21:37 . 2006-11-02 10:32 101888 ----a-w- c:windowssystem32ifxcardm.dll
2012-03-13 21:37 . 2006-11-02 10:32 82432 ----a-w- c:windowssystem32axaltocm.dll
2012-02-08 23:01 . 2011-11-14 14:20 167861 ----a-w- c:windowsDUMP4365.tmp
2012-02-07 17:45 . 2011-11-14 14:20 167996418 ----a-w- c:windowsDUMP2efb.tmp
2012-02-02 16:43 . 2012-02-02 16:43 348256 ----a-w- c:programdataMicrosoftVSTAHostCorelPHOTOPAINT9.01033ResourceCache.dll
2012-02-02 16:42 . 2012-02-02 16:42 348256 ----a-w- c:programdataMicrosoftVSTAHostCorelDRAW9.01033ResourceCache.dll
2012-02-02 16:41 . 2012-02-02 16:41 416 ----a-w- c:programdataMicrosoftMSDN9.01033ResourceCache.dll
2012-01-25 18:00 . 2012-01-31 11:26 79360 ----a-w- c:windowssystem32ff_vfw.dll
2011-12-23 22:59 . 2011-12-23 22:59 1060864 ----a-w- c:windowssystem32mfc71.dll
2011-12-23 22:59 . 2011-12-23 22:59 348160 ----a-w- c:windowssystem32msvcr71.dll
2011-12-23 22:59 . 2011-12-23 22:59 1700352 ----a-w- c:windowssystem32gdiplus.dll
2011-12-21 18:14 . 2012-01-31 11:26 151552 ----a-w- c:windowssystem32ac3acm.acm
2011-12-19 17:59 . 2011-12-19 17:59 82400 ----a-w- c:windowssystem32driversinspect.sys
2011-12-19 17:59 . 2011-12-19 17:59 38616 ----a-w- c:windowssystem32driverscmdhlp.sys
2011-12-19 17:59 . 2011-12-19 17:59 491816 ----a-w- c:windowssystem32driverscmdGuard.sys
2011-12-19 17:59 . 2011-12-19 17:59 19600 ----a-w- c:windowssystem32driverscmderd.sys
2011-12-19 17:58 . 2011-12-19 17:58 33984 ----a-w- c:windowssystem32cmdcsr.dll
2011-12-19 17:58 . 2011-12-19 17:58 301224 ----a-w- c:windowssystem32guard32.dll
2012-03-14 18:41 . 2011-11-14 17:16 97208 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ALLUpdate"="c:program filesALLPlayerALLUpdate.exe" [2011-08-16 1379840]
"Gadu-Gadu 10"="c:program filesGadu-Gadu 10gg.exe" [2011-07-04 13374048]
"AlcoholAutomount"="c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe" [2010-08-20 33120]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ControlCenter3"="c:program filesBrotherControlCenter3brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:program filesBrowny02BrotherBrStMonW.exe" [2010-02-09 2621440]
"COMODO"="c:program filesCOMODOCOMODO GeekBuddyCLPSLA.exe" [2011-11-23 208184]
"CPA"="c:program filesCOMODOCOMODO GeekBuddyVALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:program filesCOMODOCOMODO Internet Securitycfp.exe" [2011-12-20 6676808]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]
.
c:usersdeosAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 3.3.lnk - c:program filesOpenOffice.org 3programquickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32guard32.dll
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCLPSLS]
@="Service"
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=make
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mks.com.plwww
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
FF - ProfilePath - c:usersdeosAppDataRoamingMozillaFirefoxProfilesw0f5h6z3.default
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - f87bd1da000000000000001fd0b0836e
FF - user.js: extensions.funmoods_i.instlDay - 15375
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1615:24
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-QuickDTV - c:program filesTrident 5600 Device6000RMT.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 20:34
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-03-14 20:36:19
ComboFix-quarantined-files.txt 2012-03-14 19:36
.
Przed: 86 962 745 344 bajtów wolnych
Po: 86 918 287 360 bajtów wolnych
.
- - End Of File - - 5267C0CC5C94EE0CF012A38DCF4A5073

Wklej do Notatnika:

Folder::
c:usersdeosAppDataLocalf8f69855

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-------->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

.

ComboFix 12-03-14.01 - deos 2012-03-14 21:22:48.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.1983.1591 [GMT 1:00]
Uruchomiony z: c:usersdeosDownloadsComboFix.exe
Użyto następujących komend :: c:usersdeosDownloadsCFScript.txt
AV: COMODO Antivirus *Enabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usersdeosAppDataLocalf8f69855
c:usersdeosAppDataLocalf8f69855@
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 20:28 . 2012-03-14 20:28 -------- d-----w- c:usersdeosAppDataLocaltemp
2012-03-14 20:28 . 2012-03-14 20:28 -------- d-----w- c:usersDefaultAppDataLocaltemp
2012-03-14 18:41 . 2012-03-14 18:41 592824 ----a-w- c:program filesMozilla Firefoxgkmedias.dll
2012-03-14 18:41 . 2012-03-14 18:41 44472 ----a-w- c:program filesMozilla Firefoxmozglue.dll
2012-03-14 18:40 . 2012-03-14 18:40 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-03-14 03:12 . 2010-09-10 16:35 168960 ----a-w- c:program filesWindows Media Playerwmplayer.exe
2012-03-14 03:12 . 2010-09-10 16:37 8147456 ----a-w- c:windowssystem32wmploc.DLL
2012-03-14 03:12 . 2010-09-06 16:24 125952 ----a-w- c:windowssystem32srvsvc.dll
2012-03-14 03:12 . 2010-09-06 16:23 17920 ----a-w- c:windowssystem32netevent.dll
2012-03-14 03:10 . 2010-06-28 16:15 1315840 ----a-w- c:windowssystem32ole32.dll
2012-03-14 03:09 . 2010-08-20 15:21 866816 ----a-w- c:windowssystem32wmpmde.dll
2012-03-14 03:08 . 2008-05-08 21:59 90112 ----a-w- c:windowssystem32wshext.dll
2012-03-13 21:50 . 2012-03-13 21:50 -------- d-----w- C:PerfLogs
2012-03-13 11:16 . 2012-03-13 11:16 -------- d-----w- c:usersdeos.gstreamer-0.10
2012-03-13 11:11 . 2012-03-14 19:50 -------- d-----w- c:programdataOpenFM
2012-03-13 11:11 . 2012-03-13 11:11 -------- d-----w- c:usersdeosAppDataRoamingOpenFM
2012-03-12 21:11 . 2012-03-13 21:03 -------- d-----w- c:program filesSpybot - Search & Destroy
2012-03-12 21:11 . 2012-03-13 20:59 -------- d-----w- c:programdataSpybot - Search & Destroy
2012-03-12 11:18 . 2012-03-12 11:18 -------- d-----w- c:usersdeosAppDataRoamingMalwarebytes
2012-03-12 11:17 . 2012-03-12 11:17 -------- d-----w- c:programdataMalwarebytes
2012-03-12 07:45 . 2012-03-12 07:45 -------- d-----w- c:program filesESET
2012-03-11 12:35 . 2012-03-11 12:35 -------- d-----w- c:usersdeosAppDataRoamingEurekaLog
2012-03-10 15:58 . 2012-03-10 16:05 -------- d-----w- c:program filesSkanerOnline
2012-03-10 12:42 . 2012-03-10 12:42 -------- d-----w- c:usersdeosAppDataLocalComodo
2012-02-29 11:22 . 2012-03-08 11:07 -------- d-----w- c:program filesAsystent4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 21:37 . 2006-11-02 10:32 101888 ----a-w- c:windowssystem32ifxcardm.dll
2012-03-13 21:37 . 2006-11-02 10:32 82432 ----a-w- c:windowssystem32axaltocm.dll
2012-02-08 23:01 . 2011-11-14 14:20 167861 ----a-w- c:windowsDUMP4365.tmp
2012-02-07 17:45 . 2011-11-14 14:20 167996418 ----a-w- c:windowsDUMP2efb.tmp
2012-02-02 16:43 . 2012-02-02 16:43 348256 ----a-w- c:programdataMicrosoftVSTAHostCorelPHOTOPAINT9.01033ResourceCache.dll
2012-02-02 16:42 . 2012-02-02 16:42 348256 ----a-w- c:programdataMicrosoftVSTAHostCorelDRAW9.01033ResourceCache.dll
2012-02-02 16:41 . 2012-02-02 16:41 416 ----a-w- c:programdataMicrosoftMSDN9.01033ResourceCache.dll
2012-01-25 18:00 . 2012-01-31 11:26 79360 ----a-w- c:windowssystem32ff_vfw.dll
2011-12-23 22:59 . 2011-12-23 22:59 1060864 ----a-w- c:windowssystem32mfc71.dll
2011-12-23 22:59 . 2011-12-23 22:59 348160 ----a-w- c:windowssystem32msvcr71.dll
2011-12-23 22:59 . 2011-12-23 22:59 1700352 ----a-w- c:windowssystem32gdiplus.dll
2011-12-21 18:14 . 2012-01-31 11:26 151552 ----a-w- c:windowssystem32ac3acm.acm
2011-12-19 17:59 . 2011-12-19 17:59 82400 ----a-w- c:windowssystem32driversinspect.sys
2011-12-19 17:59 . 2011-12-19 17:59 38616 ----a-w- c:windowssystem32driverscmdhlp.sys
2011-12-19 17:59 . 2011-12-19 17:59 491816 ----a-w- c:windowssystem32driverscmdGuard.sys
2011-12-19 17:59 . 2011-12-19 17:59 19600 ----a-w- c:windowssystem32driverscmderd.sys
2011-12-19 17:58 . 2011-12-19 17:58 33984 ----a-w- c:windowssystem32cmdcsr.dll
2011-12-19 17:58 . 2011-12-19 17:58 301224 ----a-w- c:windowssystem32guard32.dll
2012-03-14 18:41 . 2011-11-14 17:16 97208 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ALLUpdate"="c:program filesALLPlayerALLUpdate.exe" [2011-08-16 1379840]
"Gadu-Gadu 10"="c:program filesGadu-Gadu 10gg.exe" [2011-07-04 13374048]
"AlcoholAutomount"="c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe" [2010-08-20 33120]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ControlCenter3"="c:program filesBrotherControlCenter3brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:program filesBrowny02BrotherBrStMonW.exe" [2010-02-09 2621440]
"COMODO"="c:program filesCOMODOCOMODO GeekBuddyCLPSLA.exe" [2011-11-23 208184]
"CPA"="c:program filesCOMODOCOMODO GeekBuddyVALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:program filesCOMODOCOMODO Internet Securitycfp.exe" [2011-12-20 6676808]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]
.
c:usersdeosAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 3.3.lnk - c:program filesOpenOffice.org 3programquickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32guard32.dll
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCLPSLS]
@="Service"
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=make
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mks.com.plwww
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
FF - ProfilePath - c:usersdeosAppDataRoamingMozillaFirefoxProfilesw0f5h6z3.default
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - f87bd1da000000000000001fd0b0836e
FF - user.js: extensions.funmoods_i.instlDay - 15375
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1615:24
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 21:28
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-03-14 21:29:50
ComboFix-quarantined-files.txt 2012-03-14 20:29
ComboFix2.txt 2012-03-14 19:36
.
Przed: 86 818 734 080 bajtów wolnych
Po: 86 753 361 920 bajtów wolnych
.
- - End Of File - - C7518EFD2158C8FDD2F211D04BC372C6

OK, usunięte, i nic więcej do usuwania nie widzę.

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
Jednocześnie zniknie ComboFix.

.

dziekuje za cierpliwosc w mojej niewiedzy.
Jednak problem z pamiecia dalej wystepuje,

Być może to efekt pozostały po infekcji.
To, co usuwaliśmy, to element Rootkita ZeroAcces, w tej chwili najbardziej nowoczesnego techologicznie szkodnika.
W logach nie widzę innych obiektów tego ZeroAcces, więc pewnie już wcześniej go usunąłeś.
Ale szkody, jakie on wyrządza w Systemie, nie są naprawiane samoczynnie z chwilą usunięcia ZeroAcces - trzeba by było wykryć te szkody i je naprawić (to już ponad moje umiejętności).

C:ProgramDataisecurity

Niezbyt podoba mi się ten powyższy obiekt, bo kojarzy mi się z infekcją, która ostatnio występuje wspólnie z ZeroAcces'em.

Do >SystemLook wklej:

:dir
C:ProgramDataisecurity

Naciśnij Look i pokaż raport.

Daj log z >TDSSKiller
Daj log z >Webroot AntiZeroAccess

.

Użytkownik ordynat edytował ten post 15 03 2012 - 00:31

Antywirus wykryl u mnie Kryptiq, po zapoznaniu sie z dziadostwem w sieci okazalo sie iz powoduje on dokladnie ten problem ktory umnie wystepuje czyli brak pamieci. usunolem go zgodnie z zaleceniami i pozniej dopiero odpalilem combofixa, mimo wszystkich czynnosci problem wystepuje a format byl stosunkowo niedawno.
Ponizej log z System Looka i TDSSKillera

SystemLook 30.07.11 by jpshortstuff
Log created at 22:02 on 15/03/2012 by deos
Administrator - Elevation successful

========== dir ==========

C:ProgramDataisecurity - Unable to find folder.

-= EOF =-

22:15:36.0530 4316 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:15:36.0776 4316 ============================================================
22:15:36.0776 4316 Current date / time: 2012/03/15 22:15:36.0776
22:15:36.0776 4316 SystemInfo:
22:15:36.0776 4316
22:15:36.0776 4316 OS Version: 6.0.6001 ServicePack: 1.0
22:15:36.0776 4316 Product type: Workstation
22:15:36.0776 4316 ComputerName: DEOS-PC
22:15:36.0776 4316 UserName: deos
22:15:36.0776 4316 Windows directory: C:Windows
22:15:36.0776 4316 System windows directory: C:Windows
22:15:36.0776 4316 Processor architecture: Intel x86
22:15:36.0776 4316 Number of processors: 2
22:15:36.0776 4316 Page size: 0x1000
22:15:36.0777 4316 Boot type: Normal boot
22:15:36.0777 4316 ============================================================
22:15:45.0229 4316 Drive DeviceHarddisk0DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:15:45.0266 4316 Drive DeviceHarddisk1DR1 - Size: 0xE8E0DB0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:15:45.0421 4316 DeviceHarddisk0DR0:
22:15:45.0421 4316 MBR used
22:15:45.0421 4316 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
22:15:45.0421 4316 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x950A600, BlocksNum 0x950E4C1
22:15:45.0421 4316 DeviceHarddisk1DR1:
22:15:45.0426 4316 MBR used
22:15:45.0426 4316 DeviceHarddisk1DR1Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x126A9800
22:15:45.0426 4316 DeviceHarddisk1DR1Partition1: MBR, Type 0x7, StartLBA 0x126AA000, BlocksNum 0x30D40000
22:15:45.0426 4316 DeviceHarddisk1DR1Partition2: MBR, Type 0x7, StartLBA 0x433EA000, BlocksNum 0x3131C000
22:15:45.0884 4316 Initialize success
22:15:45.0884 4316 ============================================================
22:15:47.0701 4196 ============================================================
22:15:47.0702 4196 Scan started
22:15:47.0702 4196 Mode: Manual;
22:15:47.0702 4196 ============================================================
22:15:51.0742 4196 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:Windowssystem32driversacpi.sys
22:15:51.0874 4196 ACPI - ok
22:15:51.0942 4196 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:Windowssystem32driversadp94xx.sys
22:15:52.0190 4196 adp94xx - ok
22:15:52.0286 4196 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:Windowssystem32driversadpahci.sys
22:15:52.0385 4196 adpahci - ok
22:15:52.0489 4196 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:Windowssystem32driversadpu160m.sys
22:15:52.0530 4196 adpu160m - ok
22:15:52.0582 4196 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:Windowssystem32driversadpu320.sys
22:15:52.0668 4196 adpu320 - ok
22:15:52.0914 4196 AFD (48eb99503533c27ac6135648e5474457) C:Windowssystem32driversafd.sys
22:15:53.0170 4196 AFD - ok
22:15:53.0221 4196 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:Windowssystem32driversagp440.sys
22:15:53.0225 4196 agp440 - ok
22:15:53.0257 4196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:Windowssystem32driversdjsvs.sys
22:15:53.0277 4196 aic78xx - ok
22:15:53.0331 4196 aliide (90395b64600ebb4552e26e178c94b2e4) C:Windowssystem32driversaliide.sys
22:15:53.0334 4196 aliide - ok
22:15:53.0360 4196 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:Windowssystem32driversamdagp.sys
22:15:53.0372 4196 amdagp - ok
22:15:53.0423 4196 amdide (0577df1d323fe75a739c787893d300ea) C:Windowssystem32driversamdide.sys
22:15:53.0426 4196 amdide - ok
22:15:53.0447 4196 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:Windowssystem32driversamdk7.sys
22:15:53.0451 4196 AmdK7 - ok
22:15:53.0501 4196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:Windowssystem32DRIVERSamdk8.sys
22:15:53.0552 4196 AmdK8 - ok
22:15:53.0613 4196 arc (5f673180268bb1fdb69c99b6619fe379) C:Windowssystem32driversarc.sys
22:15:53.0631 4196 arc - ok
22:15:53.0659 4196 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:Windowssystem32driversarcsas.sys
22:15:53.0697 4196 arcsas - ok
22:15:53.0794 4196 AsyncMac (53b202abee6455406254444303e87be1) C:Windowssystem32DRIVERSasyncmac.sys
22:15:53.0798 4196 AsyncMac - ok
22:15:53.0815 4196 atapi (2d9c903dc76a66813d350a562de40ed9) C:Windowssystem32driversatapi.sys
22:15:53.0816 4196 atapi - ok
22:15:53.0886 4196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:Windowssystem32driversBeep.sys
22:15:53.0889 4196 Beep - ok
22:15:53.0929 4196 blbdrive - ok
22:15:53.0999 4196 bowser (8153396d5551276227fa146900f734e6) C:Windowssystem32DRIVERSbowser.sys
22:15:54.0157 4196 bowser - ok
22:15:54.0196 4196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:Windowssystem32driversbrfiltlo.sys
22:15:54.0212 4196 BrFiltLo - ok
22:15:54.0235 4196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:Windowssystem32driversbrfiltup.sys
22:15:54.0260 4196 BrFiltUp - ok
22:15:54.0307 4196 Brserid (b304e75cff293029eddf094246747113) C:Windowssystem32driversbrserid.sys
22:15:54.0314 4196 Brserid - ok
22:15:54.0336 4196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:Windowssystem32driversbrserwdm.sys
22:15:54.0339 4196 BrSerWdm - ok
22:15:54.0380 4196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:Windowssystem32driversbrusbmdm.sys
22:15:54.0396 4196 BrUsbMdm - ok
22:15:54.0418 4196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:Windowssystem32driversbrusbser.sys
22:15:54.0437 4196 BrUsbSer - ok
22:15:54.0473 4196 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:Windowssystem32driversbthmodem.sys
22:15:54.0486 4196 BTHMODEM - ok
22:15:54.0585 4196 catchme - ok
22:15:54.0639 4196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:Windowssystem32DRIVERScdfs.sys
22:15:54.0654 4196 cdfs - ok
22:15:54.0697 4196 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:Windowssystem32DRIVERScdrom.sys
22:15:54.0703 4196 cdrom - ok
22:15:54.0728 4196 circlass (da8e0afc7baa226c538ef53ac2f90897) C:Windowssystem32driverscirclass.sys
22:15:54.0773 4196 circlass - ok
22:15:54.0822 4196 CLFS (465745561c832b29f7c48b488aab3842) C:Windowssystem32CLFS.sys
22:15:54.0839 4196 CLFS - ok
22:15:54.0915 4196 cmderd (2dbe76de0ae9b60c2d497b8ea98d2c23) C:Windowssystem32DRIVERScmderd.sys
22:15:54.0926 4196 cmderd - ok
22:15:54.0966 4196 cmdGuard (9c46c7210367b7f5d1eacc6c29602bd6) C:Windowssystem32DRIVERScmdguard.sys
22:15:55.0016 4196 cmdGuard - ok
22:15:55.0039 4196 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:Windowssystem32driverscmdide.sys
22:15:55.0043 4196 cmdide - ok
22:15:55.0063 4196 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:Windowssystem32driverscompbatt.sys
22:15:55.0080 4196 Compbatt - ok
22:15:55.0100 4196 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:Windowssystem32driverscrcdisk.sys
22:15:55.0126 4196 crcdisk - ok
22:15:55.0169 4196 Crusoe (22a7f883508176489f559ee745b5bf5d) C:Windowssystem32driverscrusoe.sys
22:15:55.0186 4196 Crusoe - ok
22:15:55.0250 4196 DfsC (a3e9fa213f443ac77c7746119d13feec) C:Windowssystem32Driversdfsc.sys
22:15:55.0436 4196 DfsC - ok
22:15:55.0532 4196 disk (64109e623abd6955c8fb110b592e68b7) C:Windowssystem32driversdisk.sys
22:15:55.0535 4196 disk - ok
22:15:55.0723 4196 drmkaud (97fef831ab90bee128c9af390e243f80) C:Windowssystem32driversdrmkaud.sys
22:15:55.0747 4196 drmkaud - ok
22:15:55.0880 4196 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:WindowsSystem32driversdxgkrnl.sys
22:15:56.0186 4196 DXGKrnl - ok
22:15:56.0801 4196 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:Windowssystem32DRIVERSE1G60I32.sys
22:15:56.0975 4196 E1G60 - ok
22:15:57.0454 4196 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:Windowssystem32driversecache.sys
22:15:57.0787 4196 Ecache - ok
22:15:58.0284 4196 elxstor (e8f3f21a71720c84bcf423b80028359f) C:Windowssystem32driverselxstor.sys
22:15:58.0576 4196 elxstor - ok
22:15:59.0087 4196 exfat (0d858eb20589a34efb25695acaa6aa2d) C:Windowssystem32driversexfat.sys
22:15:59.0192 4196 exfat - ok
22:15:59.0578 4196 fastfat (3c489390c2e2064563727752af8eab9e) C:Windowssystem32driversfastfat.sys
22:15:59.0671 4196 fastfat - ok
22:16:00.0077 4196 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:Windowssystem32DRIVERSfdc.sys
22:16:00.0083 4196 fdc - ok
22:16:00.0351 4196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:Windowssystem32driversfileinfo.sys
22:16:00.0360 4196 FileInfo - ok
22:16:00.0778 4196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:Windowssystem32driversfiletrace.sys
22:16:00.0864 4196 Filetrace - ok
22:16:01.0344 4196 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:Windowssystem32DRIVERSflpydisk.sys
22:16:01.0409 4196 flpydisk - ok
22:16:01.0773 4196 FltMgr (05ea53afe985443011e36dab07343b46) C:Windowssystem32driversfltmgr.sys
22:16:02.0013 4196 FltMgr - ok
22:16:02.0519 4196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:Windowssystem32driversFs_Rec.sys
22:16:02.0563 4196 Fs_Rec - ok
22:16:02.0932 4196 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:Windowssystem32driversgagp30kx.sys
22:16:03.0127 4196 gagp30kx - ok
22:16:03.0473 4196 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:Windowssystem32driversHdAudio.sys
22:16:04.0134 4196 HdAudAddService - ok
22:16:04.0721 4196 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:Windowssystem32DRIVERSHDAudBus.sys
22:16:04.0810 4196 HDAudBus - ok
22:16:05.0240 4196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:Windowssystem32drivershidbth.sys
22:16:05.0301 4196 HidBth - ok
22:16:05.0623 4196 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:Windowssystem32drivershidir.sys
22:16:05.0799 4196 HidIr - ok
22:16:06.0112 4196 HidUsb (854ca287ab7faf949617a788306d967e) C:Windowssystem32DRIVERShidusb.sys
22:16:06.0223 4196 HidUsb - ok
22:16:06.0634 4196 HpCISSs (df353b401001246853763c4b7aaa6f50) C:Windowssystem32drivershpcisss.sys
22:16:06.0721 4196 HpCISSs - ok
22:16:07.0254 4196 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:Windowssystem32driversHTTP.sys
22:16:08.0006 4196 HTTP - ok
22:16:08.0120 4196 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:Windowssystem32driversi2omp.sys
22:16:08.0180 4196 i2omp - ok
22:16:08.0253 4196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:Windowssystem32DRIVERSi8042prt.sys
22:16:08.0258 4196 i8042prt - ok
22:16:08.0278 4196 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:Windowssystem32driversiastorv.sys
22:16:08.0321 4196 iaStorV - ok
22:16:08.0359 4196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:Windowssystem32driversiirsp.sys
22:16:08.0378 4196 iirsp - ok
22:16:08.0449 4196 intelide (97469037714070e45194ed318d636401) C:Windowssystem32driversintelide.sys
22:16:08.0527 4196 intelide - ok
22:16:08.0554 4196 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:Windowssystem32DRIVERSintelppm.sys
22:16:08.0577 4196 intelppm - ok
22:16:08.0643 4196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:Windowssystem32DRIVERSipfltdrv.sys
22:16:08.0711 4196 IpFilterDriver - ok
22:16:08.0725 4196 IpInIp - ok
22:16:08.0749 4196 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:Windowssystem32driversipmidrv.sys
22:16:08.0757 4196 IPMIDRV - ok
22:16:08.0818 4196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:Windowssystem32DRIVERSipnat.sys
22:16:08.0831 4196 IPNAT - ok
22:16:08.0862 4196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:Windowssystem32driversirenum.sys
22:16:08.0873 4196 IRENUM - ok
22:16:08.0891 4196 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:Windowssystem32driversisapnp.sys
22:16:08.0896 4196 isapnp - ok
22:16:08.0960 4196 iScsiPrt (f247eec28317f6c739c16de420097301) C:Windowssystem32DRIVERSmsiscsi.sys
22:16:08.0964 4196 iScsiPrt - ok
22:16:08.0987 4196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:Windowssystem32driversiteatapi.sys
22:16:08.0991 4196 iteatapi - ok
22:16:09.0038 4196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:Windowssystem32driversiteraid.sys
22:16:09.0042 4196 iteraid - ok
22:16:09.0077 4196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:Windowssystem32DRIVERSkbdclass.sys
22:16:09.0094 4196 kbdclass - ok
22:16:09.0132 4196 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:Windowssystem32driverskbdhid.sys
22:16:09.0136 4196 kbdhid - ok
22:16:09.0171 4196 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:Windowssystem32Driversksecdd.sys
22:16:09.0378 4196 KSecDD - ok
22:16:09.0452 4196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:Windowssystem32DRIVERSlltdio.sys
22:16:09.0474 4196 lltdio - ok
22:16:09.0508 4196 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:Windowssystem32driverslsi_fc.sys
22:16:09.0512 4196 LSI_FC - ok
22:16:09.0524 4196 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:Windowssystem32driverslsi_sas.sys
22:16:09.0528 4196 LSI_SAS - ok
22:16:09.0560 4196 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:Windowssystem32driverslsi_scsi.sys
22:16:09.0586 4196 LSI_SCSI - ok
22:16:09.0618 4196 luafv (8f5c7426567798e62a3b3614965d62cc) C:Windowssystem32driversluafv.sys
22:16:09.0622 4196 luafv - ok
22:16:09.0655 4196 megasas (d153b14fc6598eae8422a2037553adce) C:Windowssystem32driversmegasas.sys
22:16:09.0658 4196 megasas - ok
22:16:09.0688 4196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:Windowssystem32driversmodem.sys
22:16:09.0703 4196 Modem - ok
22:16:09.0730 4196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:Windowssystem32DRIVERSmonitor.sys
22:16:09.0807 4196 monitor - ok
22:16:09.0853 4196 mouclass (5bf6a1326a335c5298477754a506d263) C:Windowssystem32DRIVERSmouclass.sys
22:16:09.0867 4196 mouclass - ok
22:16:09.0894 4196 mouhid (93b8d4869e12cfbe663915502900876f) C:Windowssystem32DRIVERSmouhid.sys
22:16:09.0917 4196 mouhid - ok
22:16:09.0927 4196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:Windowssystem32driversmountmgr.sys
22:16:09.0936 4196 MountMgr - ok
22:16:09.0960 4196 mpio (583a41f26278d9e0ea548163d6139397) C:Windowssystem32driversmpio.sys
22:16:09.0963 4196 mpio - ok
22:16:09.0989 4196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:Windowssystem32driversmpsdrv.sys
22:16:09.0992 4196 mpsdrv - ok
22:16:10.0014 4196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:Windowssystem32driversmraid35x.sys
22:16:10.0046 4196 Mraid35x - ok
22:16:10.0076 4196 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:Windowssystem32driversmrxdav.sys
22:16:10.0093 4196 MRxDAV - ok
22:16:10.0126 4196 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:Windowssystem32DRIVERSmrxsmb.sys
22:16:10.0320 4196 mrxsmb - ok
22:16:10.0364 4196 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:Windowssystem32DRIVERSmrxsmb10.sys
22:16:10.0534 4196 mrxsmb10 - ok
22:16:10.0559 4196 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:Windowssystem32DRIVERSmrxsmb20.sys
22:16:10.0682 4196 mrxsmb20 - ok
22:16:10.0710 4196 msahci (742aed7939e734c36b7e8d6228ce26b7) C:Windowssystem32driversmsahci.sys
22:16:10.0724 4196 msahci - ok
22:16:10.0746 4196 msdsm (3fc82a2ae4cc149165a94699183d3028) C:Windowssystem32driversmsdsm.sys
22:16:10.0762 4196 msdsm - ok
22:16:10.0806 4196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:Windowssystem32driversMsfs.sys
22:16:10.0809 4196 Msfs - ok
22:16:10.0851 4196 msisadrv (0f400e306f385c56317357d6dea56f62) C:Windowssystem32driversmsisadrv.sys
22:16:10.0883 4196 msisadrv - ok
22:16:10.0930 4196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:Windowssystem32driversMSKSSRV.sys
22:16:10.0933 4196 MSKSSRV - ok
22:16:10.0995 4196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:Windowssystem32driversMSPCLOCK.sys
22:16:10.0999 4196 MSPCLOCK - ok
22:16:11.0027 4196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:Windowssystem32driversMSPQM.sys
22:16:11.0046 4196 MSPQM - ok
22:16:11.0060 4196 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:Windowssystem32driversMsRPC.sys
22:16:11.0066 4196 MsRPC - ok
22:16:11.0099 4196 mssmbios (e384487cb84be41d09711c30ca79646c) C:Windowssystem32DRIVERSmssmbios.sys
22:16:11.0140 4196 mssmbios - ok
22:16:11.0191 4196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:Windowssystem32driversMSTEE.sys
22:16:11.0218 4196 MSTEE - ok
22:16:11.0241 4196 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:Windowssystem32Driversmup.sys
22:16:11.0273 4196 Mup - ok
22:16:11.0336 4196 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:Windowssystem32DRIVERSnwifi.sys
22:16:11.0359 4196 NativeWifiP - ok
22:16:11.0432 4196 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:Windowssystem32driversndis.sys
22:16:11.0445 4196 NDIS - ok
22:16:11.0492 4196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:Windowssystem32DRIVERSndistapi.sys
22:16:11.0494 4196 NdisTapi - ok
22:16:11.0527 4196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:Windowssystem32DRIVERSndisuio.sys
22:16:11.0538 4196 Ndisuio - ok
22:16:11.0563 4196 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:Windowssystem32DRIVERSndiswan.sys
22:16:11.0568 4196 NdisWan - ok
22:16:11.0602 4196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:Windowssystem32driversNDProxy.sys
22:16:11.0606 4196 NDProxy - ok
22:16:11.0660 4196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:Windowssystem32DRIVERSnetbios.sys
22:16:11.0664 4196 NetBIOS - ok
22:16:11.0726 4196 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:Windowssystem32DRIVERSnetbt.sys
22:16:11.0732 4196 netbt - ok
22:16:11.0775 4196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:Windowssystem32driversnfrd960.sys
22:16:11.0778 4196 nfrd960 - ok
22:16:11.0804 4196 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:Windowssystem32driversNpfs.sys
22:16:11.0811 4196 Npfs - ok
22:16:11.0841 4196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:Windowssystem32driversnsiproxy.sys
22:16:11.0851 4196 nsiproxy - ok
22:16:11.0920 4196 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:Windowssystem32driversNtfs.sys
22:16:11.0954 4196 Ntfs - ok
22:16:11.0995 4196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:Windowssystem32driversntrigdigi.sys
22:16:12.0025 4196 ntrigdigi - ok
22:16:12.0050 4196 Null (c5dbbcda07d780bda9b685df333bb41e) C:Windowssystem32driversNull.sys
22:16:12.0066 4196 Null - ok
22:16:12.0166 4196 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:Windowssystem32DRIVERSnvm60x32.sys
22:16:12.0177 4196 NVENETFD - ok
22:16:12.0328 4196 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:Windowssystem32DRIVERSnvlddmkm.sys
22:16:12.0461 4196 nvlddmkm - ok
22:16:12.0534 4196 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:Windowssystem32driversnvraid.sys
22:16:12.0536 4196 nvraid - ok
22:16:12.0559 4196 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:Windowssystem32driversnvstor.sys
22:16:12.0770 4196 nvstor - ok
22:16:12.0807 4196 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:Windowssystem32driversnv_agp.sys
22:16:12.0811 4196 nv_agp - ok
22:16:12.0821 4196 NwlnkFlt - ok
22:16:12.0836 4196 NwlnkFwd - ok
22:16:12.0878 4196 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:Windowssystem32driversohci1394.sys
22:16:12.0882 4196 ohci1394 - ok
22:16:12.0946 4196 Parport (8a79fdf04a73428597e2caf9d0d67850) C:Windowssystem32DRIVERSparport.sys
22:16:12.0950 4196 Parport - ok
22:16:12.0970 4196 partmgr (3b38467e7c3daed009dfe359e17f139f) C:Windowssystem32driverspartmgr.sys
22:16:12.0988 4196 partmgr - ok
22:16:13.0017 4196 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:Windowssystem32DRIVERSparvdm.sys
22:16:13.0020 4196 Parvdm - ok
22:16:13.0044 4196 pci (01b94418deb235dff777cc80076354b4) C:Windowssystem32driverspci.sys
22:16:13.0049 4196 pci - ok
22:16:13.0064 4196 pciide (fc175f5ddab666d7f4d17449a547626f) C:Windowssystem32driverspciide.sys
22:16:13.0068 4196 pciide - ok
22:16:13.0112 4196 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:Windowssystem32driverspcmcia.sys
22:16:13.0118 4196 pcmcia - ok
22:16:13.0177 4196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:Windowssystem32driverspeauth.sys
22:16:13.0197 4196 PEAUTH - ok
22:16:13.0268 4196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:Windowssystem32DRIVERSraspptp.sys
22:16:13.0286 4196 PptpMiniport - ok
22:16:13.0313 4196 Processor (0e3cef5d28b40cf273281d620c50700a) C:Windowssystem32driversprocessr.sys
22:16:13.0339 4196 Processor - ok
22:16:13.0401 4196 PSched (bfef604508a0ed1eae2a73e872555ffb) C:Windowssystem32DRIVERSpacer.sys
22:16:13.0405 4196 PSched - ok
22:16:13.0539 4196 ql2300 (ccdac889326317792480c0a67156a1ec) C:Windowssystem32driversql2300.sys
22:16:13.0639 4196 ql2300 - ok
22:16:13.0673 4196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:Windowssystem32driversql40xx.sys
22:16:13.0681 4196 ql40xx - ok
22:16:13.0731 4196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:Windowssystem32driversqwavedrv.sys
22:16:13.0734 4196 QWAVEdrv - ok
22:16:13.0766 4196 RasAcd (147d7f9c556d259924351feb0de606c3) C:Windowssystem32DRIVERSrasacd.sys
22:16:13.0778 4196 RasAcd - ok
22:16:13.0821 4196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:Windowssystem32DRIVERSrasl2tp.sys
22:16:13.0826 4196 Rasl2tp - ok
22:16:13.0868 4196 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:Windowssystem32DRIVERSraspppoe.sys
22:16:13.0901 4196 RasPppoe - ok
22:16:13.0931 4196 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:Windowssystem32DRIVERSrassstp.sys
22:16:13.0954 4196 RasSstp - ok
22:16:13.0990 4196 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:Windowssystem32DRIVERSrdbss.sys
22:16:13.0997 4196 rdbss - ok
22:16:14.0034 4196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:Windowssystem32DRIVERSRDPCDD.sys
22:16:14.0036 4196 RDPCDD - ok
22:16:14.0063 4196 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:Windowssystem32driversrdpdr.sys
22:16:14.0070 4196 rdpdr - ok
22:16:14.0100 4196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:Windowssystem32driversrdpencdd.sys
22:16:14.0102 4196 RDPENCDD - ok
22:16:14.0140 4196 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:Windowssystem32driversRDPWD.sys
22:16:14.0146 4196 RDPWD - ok
22:16:14.0197 4196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:Windowssystem32DRIVERSrspndr.sys
22:16:14.0200 4196 rspndr - ok
22:16:14.0240 4196 sbp2port (3ce8f073a557e172b330109436984e30) C:Windowssystem32driverssbp2port.sys
22:16:14.0251 4196 sbp2port - ok
22:16:14.0318 4196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:Windowssystem32driverssecdrv.sys
22:16:14.0320 4196 secdrv - ok
22:16:14.0382 4196 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:Windowssystem32DRIVERSserenum.sys
22:16:14.0395 4196 Serenum - ok
22:16:14.0426 4196 Serial (6d663022db3e7058907784ae14b69898) C:Windowssystem32DRIVERSserial.sys
22:16:14.0429 4196 Serial - ok
22:16:14.0458 4196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:Windowssystem32driverssermouse.sys
22:16:14.0460 4196 sermouse - ok
22:16:14.0559 4196 sffdisk (103b79418da647736ee95645f305f68a) C:Windowssystem32driverssffdisk.sys
22:16:14.0561 4196 sffdisk - ok
22:16:14.0574 4196 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:Windowssystem32driverssffp_mmc.sys
22:16:14.0577 4196 sffp_mmc - ok
22:16:14.0595 4196 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:Windowssystem32driverssffp_sd.sys
22:16:14.0607 4196 sffp_sd - ok
22:16:14.0627 4196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:Windowssystem32driverssfloppy.sys
22:16:14.0643 4196 sfloppy - ok
22:16:14.0673 4196 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:Windowssystem32driverssisagp.sys
22:16:14.0676 4196 sisagp - ok
22:16:14.0693 4196 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:Windowssystem32driverssisraid2.sys
22:16:14.0696 4196 SiSRaid2 - ok
22:16:14.0715 4196 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:Windowssystem32driverssisraid4.sys
22:16:14.0732 4196 SiSRaid4 - ok
22:16:14.0786 4196 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:Windowssystem32DRIVERSsmb.sys
22:16:14.0802 4196 Smb - ok
22:16:14.0865 4196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:Windowssystem32driversspldr.sys
22:16:14.0869 4196 spldr - ok
22:16:14.0933 4196 sptd (a199171385be17973fd800fa91f8f78a) C:Windowssystem32Driverssptd.sys
22:16:14.0934 4196 Suspicious file (NoAccess): C:Windowssystem32Driverssptd.sys. md5: a199171385be17973fd800fa91f8f78a
22:16:14.0937 4196 sptd ( LockedFile.Multi.Generic ) - warning
22:16:14.0937 4196 sptd - detected LockedFile.Multi.Generic (1)
22:16:14.0973 4196 srv (2252aef839b1093d16761189f45af885) C:Windowssystem32DRIVERSsrv.sys
22:16:15.0152 4196 srv - ok
22:16:15.0258 4196 srv2 (b7ff59408034119476b00a81bb53d5d1) C:Windowssystem32DRIVERSsrv2.sys
22:16:15.0432 4196 srv2 - ok
22:16:15.0465 4196 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:Windowssystem32DRIVERSsrvnet.sys
22:16:15.0572 4196 srvnet - ok
22:16:15.0630 4196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:Windowssystem32DRIVERSswenum.sys
22:16:15.0650 4196 swenum - ok
22:16:15.0698 4196 Symc8xx (192aa3ac01df071b541094f251deed10) C:Windowssystem32driverssymc8xx.sys
22:16:15.0701 4196 Symc8xx - ok
22:16:15.0728 4196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:Windowssystem32driverssym_hi.sys
22:16:15.0739 4196 Sym_hi - ok
22:16:15.0764 4196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:Windowssystem32driverssym_u3.sys
22:16:15.0779 4196 Sym_u3 - ok
22:16:15.0838 4196 Tcpip (782568ab6a43160a159b6215b70bcce9) C:Windowssystem32driverstcpip.sys
22:16:16.0023 4196 Tcpip - ok
22:16:16.0055 4196 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:Windowssystem32DRIVERStcpip.sys
22:16:16.0061 4196 Tcpip6 - ok
22:16:16.0092 4196 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:Windowssystem32driverstcpipreg.sys
22:16:16.0119 4196 tcpipreg - ok
22:16:16.0198 4196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:Windowssystem32driverstdpipe.sys
22:16:16.0201 4196 TDPIPE - ok
22:16:16.0214 4196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:Windowssystem32driverstdtcp.sys
22:16:16.0241 4196 TDTCP - ok
22:16:16.0275 4196 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:Windowssystem32DRIVERStdx.sys
22:16:16.0315 4196 tdx - ok
22:16:16.0341 4196 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:Windowssystem32DRIVERStermdd.sys
22:16:16.0350 4196 TermDD - ok
22:16:16.0415 4196 TridVid (7d58597d525ab742ad23c2eceb7fea2a) C:Windowssystem32DRIVERStridvidx.sys
22:16:16.0577 4196 TridVid - ok
22:16:16.0632 4196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:Windowssystem32DRIVERStssecsrv.sys
22:16:16.0635 4196 tssecsrv - ok
22:16:16.0695 4196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:Windowssystem32DRIVERStunmp.sys
22:16:16.0705 4196 tunmp - ok
22:16:16.0753 4196 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:Windowssystem32DRIVERStunnel.sys
22:16:16.0907 4196 tunnel - ok
22:16:16.0956 4196 uagp35 (c3ade15414120033a36c0f293d4a4121) C:Windowssystem32driversuagp35.sys
22:16:16.0960 4196 uagp35 - ok
22:16:17.0001 4196 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:Windowssystem32DRIVERSudfs.sys
22:16:17.0007 4196 udfs - ok
22:16:17.0035 4196 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:Windowssystem32driversuliagpkx.sys
22:16:17.0045 4196 uliagpkx - ok
22:16:17.0072 4196 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:Windowssystem32driversuliahci.sys
22:16:17.0099 4196 uliahci - ok
22:16:17.0119 4196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:Windowssystem32driversulsata.sys
22:16:17.0146 4196 UlSata - ok
22:16:17.0183 4196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:Windowssystem32driversulsata2.sys
22:16:17.0189 4196 ulsata2 - ok
22:16:17.0234 4196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:Windowssystem32DRIVERSumbus.sys
22:16:17.0238 4196 umbus - ok
22:16:17.0325 4196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:Windowssystem32DRIVERSusbccgp.sys
22:16:17.0329 4196 usbccgp - ok
22:16:17.0354 4196 usbcir (e9476e6c486e76bc4898074768fb7131) C:Windowssystem32driversusbcir.sys
22:16:17.0367 4196 usbcir - ok
22:16:17.0412 4196 usbehci (cebe90821810e76320155beba722fcf9) C:Windowssystem32DRIVERSusbehci.sys
22:16:17.0471 4196 usbehci - ok
22:16:17.0507 4196 usbhub (cc6b28e4ce39951357963119ce47b143) C:Windowssystem32DRIVERSusbhub.sys
22:16:17.0513 4196 usbhub - ok
22:16:17.0534 4196 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:Windowssystem32DRIVERSusbohci.sys
22:16:17.0538 4196 usbohci - ok
22:16:17.0579 4196 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:Windowssystem32DRIVERSusbprint.sys
22:16:17.0581 4196 usbprint - ok
22:16:17.0616 4196 usbscan (a508c9bd8724980512136b039bba65e9) C:Windowssystem32DRIVERSusbscan.sys
22:16:17.0619 4196 usbscan - ok
22:16:17.0660 4196 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:Windowssystem32DRIVERSUSBSTOR.SYS
22:16:17.0700 4196 USBSTOR - ok
22:16:17.0754 4196 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:Windowssystem32DRIVERSusbuhci.sys
22:16:17.0771 4196 usbuhci - ok
22:16:17.0863 4196 vga (7d92be0028ecdedec74617009084b5ef) C:Windowssystem32DRIVERSvgapnp.sys
22:16:17.0882 4196 vga - ok
22:16:17.0920 4196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:WindowsSystem32driversvga.sys
22:16:17.0938 4196 VgaSave - ok
22:16:17.0974 4196 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:Windowssystem32driversviaagp.sys
22:16:17.0978 4196 viaagp - ok
22:16:18.0003 4196 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:Windowssystem32driversviac7.sys
22:16:18.0006 4196 ViaC7 - ok
22:16:18.0022 4196 viaide (fd2e3175fcada350c7ab4521dca187ec) C:Windowssystem32driversviaide.sys
22:16:18.0025 4196 viaide - ok
22:16:18.0065 4196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:Windowssystem32driversvolmgr.sys
22:16:18.0068 4196 volmgr - ok
22:16:18.0128 4196 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:Windowssystem32driversvolmgrx.sys
22:16:18.0137 4196 volmgrx - ok
22:16:18.0199 4196 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:Windowssystem32driversvolsnap.sys
22:16:18.0263 4196 volsnap - ok
22:16:18.0323 4196 vsmraid (d984439746d42b30fc65a4c3546c6829) C:Windowssystem32driversvsmraid.sys
22:16:18.0341 4196 vsmraid - ok
22:16:18.0380 4196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:Windowssystem32driverswacompen.sys
22:16:18.0403 4196 WacomPen - ok
22:16:18.0454 4196 Wanarp (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys
22:16:18.0479 4196 Wanarp - ok
22:16:18.0489 4196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys
22:16:18.0490 4196 Wanarpv6 - ok
22:16:18.0529 4196 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:Windowssystem32driverswd.sys
22:16:18.0542 4196 Wd - ok
22:16:18.0592 4196 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:Windowssystem32driversWdf01000.sys
22:16:18.0605 4196 Wdf01000 - ok
22:16:18.0694 4196 WmiAcpi (701a9f884a294327e9141d73746ee279) C:Windowssystem32driverswmiacpi.sys
22:16:18.0697 4196 WmiAcpi - ok
22:16:19.0206 4196 WpdUsb (0cec23084b51b8288099eb710224e955) C:Windowssystem32DRIVERSwpdusb.sys
22:16:19.0213 4196 WpdUsb - ok
22:16:19.0274 4196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:Windowssystem32driversws2ifsl.sys
22:16:19.0294 4196 ws2ifsl - ok
22:16:19.0390 4196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:Windowssystem32DRIVERSWUDFRd.sys
22:16:19.0394 4196 WUDFRd - ok
22:16:19.0424 4196 MBR (0x1B8) (a69cd1cafe139d9a2b6c0067838fb3b2) DeviceHarddisk0DR0
22:16:19.0427 4196 DeviceHarddisk0DR0 - ok
22:16:19.0433 4196 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) DeviceHarddisk1DR1
22:16:19.0484 4196 DeviceHarddisk1DR1 - ok
22:16:19.0488 4196 Boot (0x1200) (5d59bb4dda70de33f8cdb97ecafa2db6) DeviceHarddisk0DR0Partition0
22:16:19.0489 4196 DeviceHarddisk0DR0Partition0 - ok
22:16:19.0509 4196 Boot (0x1200) (f709c2c1e42936210722cc7cebd8cc7a) DeviceHarddisk0DR0Partition1
22:16:19.0510 4196 DeviceHarddisk0DR0Partition1 - ok
22:16:19.0531 4196 Boot (0x1200) (826b9b61fe82197a7cf2046f79ce0627) DeviceHarddisk1DR1Partition0
22:16:19.0547 4196 DeviceHarddisk1DR1Partition0 - ok
22:16:19.0551 4196 Boot (0x1200) (aa3e33f9ef34f6c491bb5eaa4d508f0c) DeviceHarddisk1DR1Partition1
22:16:19.0552 4196 DeviceHarddisk1DR1Partition1 - ok
22:16:19.0584 4196 Boot (0x1200) (f1393d93c50e64c6245667f76ba99a5b) DeviceHarddisk1DR1Partition2
22:16:19.0608 4196 DeviceHarddisk1DR1Partition2 - ok
22:16:19.0608 4196 ============================================================
22:16:19.0608 4196 Scan finished
22:16:19.0608 4196 ============================================================
22:16:19.0632 6068 Detected object count: 1
22:16:19.0632 6068 Actual detected object count: 1
22:17:37.0693 6068 C:Windowssystem32Driverssptd.sys - copied to quarantine
22:17:37.0693 6068 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

System Look nie znalazł tego obiektu - być może już go usunąłeś czymś innym.

TDSSKiller nic nie wykrył (sptd.sys - to legalny sterownik Daemon Tools; skanery zawsze go uważają za infekcję).

Tak więc nie masz infekcji.

Jeśli problem nie zniknie w ciągu kilku dni, to chyba konieczne będzie sformatowanie dysku, bo na dłuższą metę nie da się korzystać z komputera nie mającego pamięci.

.