Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot remove Win32:MalOb-EI


  • This topic is locked This topic is locked
26 replies to this topic

#1 Filip Morávek

Filip Morávek

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 14 June 2012 - 07:37 AM

Hello,

I find Trojan Win32:MalOb-EI (log attachment) and I cannot remove it from my PC.

I try Avast PRO, aswMBR, Spybot S&D 2, Malwarebytes´ Anti-Malware and no success.

Can you help me please?

Thanks a lot!

Attached File  aswMBR.txt   2.06KB   3 downloads

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 12:41:17
-----------------------------
12:41:17.406 OS Version: Windows 5.1.2600 Service Pack 3
12:41:17.406 Number of processors: 2 586 0xF06
12:41:17.406 ComputerName: HAFIK UserName: Filip
12:41:19.921 Initialize success
12:41:20.156 AVAST engine defs: 12052500
12:42:29.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:42:29.593 Disk 0 Vendor: Kingston B090 Size: 61057MB BusType: 3
12:42:29.593 Disk 0 MBR read successfully
12:42:29.593 Disk 0 MBR scan
12:42:29.609 Disk 0 Windows XP default MBR code
12:42:29.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61051 MB offset 63
12:42:29.625 Disk 0 scanning sectors +125033895
12:42:29.625 Disk 0 scanning C:\WINDOWS\system32\drivers
12:42:32.937 Service scanning
12:42:36.781 Modules scanning
12:42:39.546 Disk 0 trace - called modules:
12:42:39.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
12:42:39.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a633ab8]
12:42:39.562 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a64f290]
12:42:39.562 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a60b030]
12:42:39.921 AVAST engine scan C:\WINDOWS
12:42:41.937 AVAST engine scan C:\WINDOWS\system32
12:43:39.859 AVAST engine scan C:\WINDOWS\system32\drivers
12:43:49.437 AVAST engine scan C:\Documents and Settings\Filip
12:51:35.937 AVAST engine scan C:\Documents and Settings\All Users
12:51:46.406 File: C:\Documents and Settings\All Users\Data aplikací\Installations\{653A52D8-127C-476D-BAD9-27117A3A4959}\Installer\CommonCustomActions\closeapp.exe **INFECTED** Win32:MalOb-EI [Cryp]
12:52:31.296 Scan finished successfully
13:00:06.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\MBR.dat"
13:00:06.437 The log file has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\aswMBR.txt"

Edited by SweetTech, 15 June 2012 - 01:49 AM.
expanded aswMBR.exe log.-ST


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 16 June 2012 - 12:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 19 June 2012 - 12:31 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 22 June 2012 - 01:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 02 July 2012 - 11:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 02 July 2012 - 11:45 AM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Filip Morávek

Filip Morávek
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 02 July 2012 - 11:50 AM

Thanks for your sugestions. Below is logs from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Filip at 18:49:44 on 2012-07-02
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.512 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skynergy\HotKeyz\HotKeyz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RMClock\RMClock.exe
C:\Documents and Settings\Filip\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PhotoFiltre\PhotoFiltre.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeyz.exe Startup] c:\program files\skynergy\hotkeyz\HotKeyz.exe Startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\filip\nabdka~1\programy\posput~1\dropbox.lnk - c:\documents and settings\filip\data aplikací\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\filip\nabdka~1\programy\posput~1\miranda.lnk - c:\program files\miranda im\miranda32.exe
StartupFolder: c:\docume~1\filip\nabdka~1\programy\posput~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\filip\nabdka~1\programy\posput~1\virtua~1.lnk - c:\program files\virtuawin\VirtuaWin.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{495D2A4F-B618-4F0D-9711-6BFA804BC889} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5DD613D4-CDFA-4675-A7A5-A332D09659E0} : DhcpNameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{FD0A0E0F-89F4-4E46-ABEB-15EC73FF5813} : DhcpNameServer = 10.0.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\filip\data aplikací\mozilla\firefox\profiles\ulcxuy6s.default\
FF - plugin: c:\documents and settings\filip\local settings\data aplikacă­\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\filip\local settings\data aplikacă­\spoon\3.20.0.8\npMozillaSpoonPlugin.dll
FF - plugin: c:\documents and settings\filip\local settings\data aplikacă­\spoon\3.21.0.17\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\software602\602xml\filler\npfiller.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-1 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-1 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-6-1 909728]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-25 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-25 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-25 337880]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-6-1 203088]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2010-4-14 84520]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\t-mobile\web'n'walk manager\ameisvc.exe [2011-6-24 123120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-25 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-25 44768]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-3-3 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2011-3-3 1125376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-25 654408]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-5-25 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-5-25 838136]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2010-1-22 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2010-1-22 4864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-25 22344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2011-1-12 4608]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2012-5-14 45288]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-3 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-4 100480]
S3 Installer Service;Installer Service;c:\documents and settings\all users\data aplikací\nokiainstallercache\productcache\{d5878294-c113-43c5-a24f-fc333c52015a}\{3fc42713-b6e7-49aa-a553-a224fe9828a8}\installer\InstallerService.exe [2011-3-8 119296]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-10-31 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-21 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-06-27 12:59:38 -------- d-----w- c:\program files\Dropbox
2012-06-25 13:37:52 -------- d-----w- c:\documents and settings\all users\data aplikací\Battle.net
.
==================== Find3M ====================
.
2012-06-02 13:19:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:44 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:34 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:02 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22:06 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 09:14:20 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-23 10:36:50 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-23 10:36:48 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-11 13:55:27 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55:17 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55:05 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:50:05,00 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22.1.2010 16:16:07
System Uptime: 2.7.2012 8:59:44 (10 hours ago)
.
Motherboard: FUJITSU | | FJNB1B5
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | Onboard | 1662/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 6,338 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3B5AA5E0E10
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3B5AA5E0E10
Service: NIC1394
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia E51
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: E72-1
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: E72-1
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 25.5.2012 16:29:06 - Kontrolní bod systému
RP2: 28.5.2012 14:12:12 - Kontrolní bod systému
RP3: 31.5.2012 12:02:59 - Kontrolní bod systému
RP4: 4.6.2012 13:18:19 - Kontrolní bod systému
RP5: 5.6.2012 17:28:36 - Kontrolní bod systému
RP6: 6.6.2012 17:45:16 - Kontrolní bod systému
RP7: 11.6.2012 13:14:40 - Kontrolní bod systému
RP8: 12.6.2012 9:41:01 - Software Distribution Service 3.0
RP9: 13.6.2012 10:26:26 - Kontrolní bod systému
RP10: 14.6.2012 14:55:08 - Kontrolní bod systému
RP11: 15.6.2012 19:37:24 - Kontrolní bod systému
RP12: 18.6.2012 13:33:53 - Kontrolní bod systému
RP13: 19.6.2012 17:18:42 - Kontrolní bod systému
RP14: 25.6.2012 13:14:24 - Kontrolní bod systému
RP15: 26.6.2012 13:40:01 - Kontrolní bod systému
RP16: 28.6.2012 16:40:59 - Kontrolní bod systému
RP17: 2.7.2012 13:22:08 - Kontrolní bod systému
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 - Czech
Agere Systems HDA Modem
Aktualizace systému Windows Internet Explorer 8 (KB975364)
Aktualizace systému Windows Internet Explorer 8 (KB976662)
Aktualizace systému Windows Internet Explorer 8 (KB980182)
Aktualizace systému Windows XP (KB2141007)
Aktualizace systému Windows XP (KB2345886)
Aktualizace systému Windows XP (KB2467659)
Aktualizace systému Windows XP (KB2541763)
Aktualizace systému Windows XP (KB2607712)
Aktualizace systému Windows XP (KB2616676)
Aktualizace systému Windows XP (KB2641690)
Aktualizace systému Windows XP (KB2718704)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955759)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971029)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB2378111)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player (KB975558)
Aktualizace zabezpečení aplikace Windows Media Player (KB978695)
Aktualizace zabezpečení aplikace Windows Media Player (KB979402)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB911565)
Aktualizace zabezpečení pro Microsoft Windows (KB2564958)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2360131)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2416400)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2530548)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2647516)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2675157)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)
Aktualizace zabezpečení systému Windows XP (KB2079403)
Aktualizace zabezpečení systému Windows XP (KB2115168)
Aktualizace zabezpečení systému Windows XP (KB2121546)
Aktualizace zabezpečení systému Windows XP (KB2160329)
Aktualizace zabezpečení systému Windows XP (KB2229593)
Aktualizace zabezpečení systému Windows XP (KB2259922)
Aktualizace zabezpečení systému Windows XP (KB2279986)
Aktualizace zabezpečení systému Windows XP (KB2286198)
Aktualizace zabezpečení systému Windows XP (KB2296011)
Aktualizace zabezpečení systému Windows XP (KB2296199)
Aktualizace zabezpečení systému Windows XP (KB2347290)
Aktualizace zabezpečení systému Windows XP (KB2360937)
Aktualizace zabezpečení systému Windows XP (KB2387149)
Aktualizace zabezpečení systému Windows XP (KB2393802)
Aktualizace zabezpečení systému Windows XP (KB2412687)
Aktualizace zabezpečení systému Windows XP (KB2419632)
Aktualizace zabezpečení systému Windows XP (KB2423089)
Aktualizace zabezpečení systému Windows XP (KB2436673)
Aktualizace zabezpečení systému Windows XP (KB2440591)
Aktualizace zabezpečení systému Windows XP (KB2443105)
Aktualizace zabezpečení systému Windows XP (KB2476490)
Aktualizace zabezpečení systému Windows XP (KB2476687)
Aktualizace zabezpečení systému Windows XP (KB2478960)
Aktualizace zabezpečení systému Windows XP (KB2478971)
Aktualizace zabezpečení systému Windows XP (KB2479628)
Aktualizace zabezpečení systému Windows XP (KB2479943)
Aktualizace zabezpečení systému Windows XP (KB2481109)
Aktualizace zabezpečení systému Windows XP (KB2483185)
Aktualizace zabezpečení systému Windows XP (KB2485376)
Aktualizace zabezpečení systému Windows XP (KB2485663)
Aktualizace zabezpečení systému Windows XP (KB2503658)
Aktualizace zabezpečení systému Windows XP (KB2503665)
Aktualizace zabezpečení systému Windows XP (KB2506212)
Aktualizace zabezpečení systému Windows XP (KB2506223)
Aktualizace zabezpečení systému Windows XP (KB2507618)
Aktualizace zabezpečení systému Windows XP (KB2507938)
Aktualizace zabezpečení systému Windows XP (KB2508272)
Aktualizace zabezpečení systému Windows XP (KB2508429)
Aktualizace zabezpečení systému Windows XP (KB2509553)
Aktualizace zabezpečení systému Windows XP (KB2511455)
Aktualizace zabezpečení systému Windows XP (KB2524375)
Aktualizace zabezpečení systému Windows XP (KB2535512)
Aktualizace zabezpečení systému Windows XP (KB2536276-v2)
Aktualizace zabezpečení systému Windows XP (KB2536276)
Aktualizace zabezpečení systému Windows XP (KB2544893-v2)
Aktualizace zabezpečení systému Windows XP (KB2544893)
Aktualizace zabezpečení systému Windows XP (KB2555917)
Aktualizace zabezpečení systému Windows XP (KB2562937)
Aktualizace zabezpečení systému Windows XP (KB2566454)
Aktualizace zabezpečení systému Windows XP (KB2567053)
Aktualizace zabezpečení systému Windows XP (KB2567680)
Aktualizace zabezpečení systému Windows XP (KB2570222)
Aktualizace zabezpečení systému Windows XP (KB2570947)
Aktualizace zabezpečení systému Windows XP (KB2584146)
Aktualizace zabezpečení systému Windows XP (KB2585542)
Aktualizace zabezpečení systému Windows XP (KB2592799)
Aktualizace zabezpečení systému Windows XP (KB2598479)
Aktualizace zabezpečení systému Windows XP (KB2603381)
Aktualizace zabezpečení systému Windows XP (KB2618451)
Aktualizace zabezpečení systému Windows XP (KB2619339)
Aktualizace zabezpečení systému Windows XP (KB2620712)
Aktualizace zabezpečení systému Windows XP (KB2621440)
Aktualizace zabezpečení systému Windows XP (KB2624667)
Aktualizace zabezpečení systému Windows XP (KB2631813)
Aktualizace zabezpečení systému Windows XP (KB2633171)
Aktualizace zabezpečení systému Windows XP (KB2639417)
Aktualizace zabezpečení systému Windows XP (KB2641653)
Aktualizace zabezpečení systému Windows XP (KB2646524)
Aktualizace zabezpečení systému Windows XP (KB2647518)
Aktualizace zabezpečení systému Windows XP (KB2653956)
Aktualizace zabezpečení systému Windows XP (KB2659262)
Aktualizace zabezpečení systému Windows XP (KB2660465)
Aktualizace zabezpečení systému Windows XP (KB2661637)
Aktualizace zabezpečení systému Windows XP (KB2676562)
Aktualizace zabezpečení systému Windows XP (KB2686509)
Aktualizace zabezpečení systému Windows XP (KB2695962)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB923789)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971468)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972270)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Aktualizace zabezpečení systému Windows XP (KB975560)
Aktualizace zabezpečení systému Windows XP (KB975561)
Aktualizace zabezpečení systému Windows XP (KB975562)
Aktualizace zabezpečení systému Windows XP (KB975713)
Aktualizace zabezpečení systému Windows XP (KB977165)
Aktualizace zabezpečení systému Windows XP (KB977816)
Aktualizace zabezpečení systému Windows XP (KB977914)
Aktualizace zabezpečení systému Windows XP (KB978037)
Aktualizace zabezpečení systému Windows XP (KB978251)
Aktualizace zabezpečení systému Windows XP (KB978262)
Aktualizace zabezpečení systému Windows XP (KB978338)
Aktualizace zabezpečení systému Windows XP (KB978542)
Aktualizace zabezpečení systému Windows XP (KB978601)
Aktualizace zabezpečení systému Windows XP (KB978706)
Aktualizace zabezpečení systému Windows XP (KB979309)
Aktualizace zabezpečení systému Windows XP (KB979482)
Aktualizace zabezpečení systému Windows XP (KB979559)
Aktualizace zabezpečení systému Windows XP (KB979683)
Aktualizace zabezpečení systému Windows XP (KB979687)
Aktualizace zabezpečení systému Windows XP (KB980195)
Aktualizace zabezpečení systému Windows XP (KB980218)
Aktualizace zabezpečení systému Windows XP (KB980232)
Aktualizace zabezpečení systému Windows XP (KB980436)
Aktualizace zabezpečení systému Windows XP (KB981322)
Aktualizace zabezpečení systému Windows XP (KB981852)
Aktualizace zabezpečení systému Windows XP (KB981957)
Aktualizace zabezpečení systému Windows XP (KB981997)
Aktualizace zabezpečení systému Windows XP (KB982132)
Aktualizace zabezpečení systému Windows XP (KB982214)
Aktualizace zabezpečení systému Windows XP (KB982665)
Aktualizace zabezpečení systému Windows XP (KB982802)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Pro Antivirus
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)
Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
BitTorrent
Bluetooth Stack for Windows by Toshiba
Bonjour
BS.Player FREE
CCleaner
Cobian Backup 10
DirectVobSub (remove only)
Dropbox
Fingerprint Sensor Minimum Install
Foxit Reader
FreeMind
Google AdWords Editor
Google Chrome
High Definition Audio - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
HotKeyz 2.8.3
Intel® Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 17
K-Lite Codec Pack 5.6.1 (Standard)
Malwarebytes Anti-Malware verze 1.61.0.1400
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft English TTS Engine
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Software Update for Web Folders (Czech) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miranda IM 0.9.48
MozBackup 1.4.10
Mozilla Firefox 12.0 (x86 cs)
Mozilla Maintenance Service
Mozilla Thunderbird 9.0.1 (x86 cs)
MSVC80_x86_v2
MSVC90_x86
Nokia Connectivity Cable Driver
Nokia PC Internet Access
Nokia PC Suite
Notepad++
O2Micro Smartcard Driver
OpenOffice.org 3.2
OpenVPN 2.1.1
Oprava Hotfix systému Windows XP (KB2158563)
Oprava Hotfix systému Windows XP (KB2443685)
Oprava Hotfix systému Windows XP (KB2570791)
Oprava Hotfix systému Windows XP (KB2633952)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB976098-v2)
Oprava Hotfix systému Windows XP (KB979306)
Oprava Hotfix systému Windows XP (KB981793)
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PhotoFiltre
Realtek High Definition Audio Driver
SAPI Wrapper
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Step By Step Interactive Training (KB898458)
SES Driver
Skype™ 5.5
Software602 Form Filler rozšíření pro internetové prohlížeče
Spybot - Search & Destroy
STORMWARE POHODA CZ Start
STORMWARE POHODA SQL Klient CZ Komplet
Synaptics Pointing Device Driver
TrueCrypt
TTS Wrapper
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
VirtuaWin v4.3
Web'n'walk Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinSCP 4.2.5
XnView 1.97
Základní software zařízení HP Officejet Pro 8500 A910
ZTE Drivers
.
==== End Of File ===========================

Thank you for your help!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 02 July 2012 - 09:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 05 July 2012 - 08:20 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 07 July 2012 - 11:30 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Filip Morávek

Filip Morávek
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 08 July 2012 - 06:25 AM

Hello,

below is log from ComboFix. Now no visible problems, but I couldn´t notice any unusual problem even before - I´m afraid of stealing my passwords or hijacking browser or something similar.

Thank you very much for your help.


ComboFix 12-07-07.04 - Filip 08.07.2012 13:12:00.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1404 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-08 do 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-06-27 12:59 . 2012-06-27 12:59 -------- d-----w- c:\program files\Dropbox
2012-06-25 13:37 . 2012-06-25 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Battle.net
2012-06-14 13:13 . 2012-06-14 13:13 -------- d-----w- c:\documents and settings\Kryštof\Data aplikací\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-01-22 15:06 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-01-22 15:06 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-01-22 15:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-01-22 15:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-01-22 15:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-18 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-01-22 15:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-01-22 15:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-04-16 08:29 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-04-16 08:29 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-04-16 08:29 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 09:14 . 2012-06-01 12:05 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-23 10:36 . 2012-06-01 12:05 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-23 10:36 . 2012-06-01 12:05 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-11 13:55 . 2004-08-17 15:45 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2005-10-06 03:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-21 09:41 . 2012-01-26 15:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_11.49.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-07-08 11:08 . 2012-07-08 11:08 16384 c:\windows\Temp\Perflib_Perfdata_c4c.dat
+ 2012-06-25 07:13 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-25 07:13 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-18 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2718704\update\spcustom.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2718704\spmsg.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2012-06-01 12:06 . 2012-02-28 09:43 909728 c:\windows\system32\drivers\pctEFA.sys
+ 2012-06-01 12:06 . 2012-02-28 09:43 342168 c:\windows\system32\drivers\pctDS.sys
+ 2010-01-22 15:06 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
- 2011-09-03 10:17 . 2011-09-28 07:06 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2012-06-18 18:27 . 2011-07-22 13:20 183288 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2012-06-01 12:13 . 2012-06-01 12:13 228352 c:\windows\Installer\1243a866.msi
+ 2012-06-12 07:41 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2718704\update\updspapi.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2718704\update\update.exe
+ 2012-06-12 07:41 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2718704\spuninst.exe
+ 2012-05-31 13:19 . 2012-05-31 13:19 602624 c:\windows\$hf_mig$\KB2718704\SP3QFE\crypt32.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 761946]
"HotKeyz.exe Startup"="c:\program files\Skynergy\HotKeyz\HotKeyz.exe" [2010-06-10 2719232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Kryštof\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Filip\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Miranda.lnk - c:\program files\Miranda IM\miranda32.exe [2012-4-24 822357]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2011-8-21 135680]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Filip^Nabídka Start^Programy^Po spuštění^Spoon Sandbox Manager 3.20.lnk]
path=c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\Spoon Sandbox Manager 3.20.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.20.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Filip^Nabídka Start^Programy^Po spuštění^Spoon Sandbox Manager 3.21.lnk]
path=c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\Spoon Sandbox Manager 3.21.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.21.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATSwpNav]
c:\program files\Fingerprint Sensor\ATSwpNav -run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-01-17 12:26 88365 -c--a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2006-03-07 23:00 69632 -c----w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-22 17:23 135664 ----atw- c:\documents and settings\Filip\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 10:13 114688 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 10:10 94208 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMClock]
2008-02-29 17:26 61440 ----a-w- c:\program files\RMClock\RMClockLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-07 23:00 16010240 -c----w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-22 16:07 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2011-06-30 11:35 1363984 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Filip\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1.6.2012 14:05 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1.6.2012 14:06 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1.6.2012 14:06 909728]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.5.2012 12:07 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.5.2012 12:07 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.5.2012 12:07 337880]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [1.6.2012 14:05 203088]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [24.6.2011 21:17 123120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.5.2012 12:07 20696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [3.3.2011 13:19 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [3.3.2011 13:19 1125376]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [22.1.2010 17:24 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [22.1.2010 17:24 4864]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [14.5.2012 10:39 45288]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [3.1.2011 12:46 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [4.1.2011 12:40 100480]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [8.3.2011 17:03 119296]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [31.10.2011 14:09 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21.5.2012 11:41 129976]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - RTCore32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{495D2A4F-B618-4F0D-9711-6BFA804BC889}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\ulcxuy6s.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-07-08 13:18:22
ComboFix-quarantined-files.txt 2012-07-08 11:18
ComboFix2.txt 2012-05-25 15:33
ComboFix3.txt 2012-05-25 11:51
.
Před spuštěním: 6 978 867 200
Po spuštění: 7 041 388 544
.
- - End Of File - - 20EBC4286E212EB5B03364E1C306594C

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 08 July 2012 - 02:53 PM

Greetings

I will give it a good working over - but so far things look pretty good

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Filip Morávek

Filip Morávek
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 10 July 2012 - 03:49 AM

Logs from TDSS and aswMBR:

Thanks.

10:04:59.0921 1020 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:05:00.0781 1020 ============================================================
10:05:00.0781 1020 Current date / time: 2012/07/09 10:05:00.0781
10:05:00.0781 1020 SystemInfo:
10:05:00.0781 1020
10:05:00.0781 1020 OS Version: 5.1.2600 ServicePack: 3.0
10:05:00.0781 1020 Product type: Workstation
10:05:00.0781 1020 ComputerName: HAFIK
10:05:00.0781 1020 UserName: Filip
10:05:00.0781 1020 Windows directory: C:\WINDOWS
10:05:00.0781 1020 System windows directory: C:\WINDOWS
10:05:00.0781 1020 Processor architecture: Intel x86
10:05:00.0781 1020 Number of processors: 2
10:05:00.0781 1020 Page size: 0x1000
10:05:00.0781 1020 Boot type: Normal boot
10:05:00.0781 1020 ============================================================
10:05:01.0890 1020 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:05:01.0906 1020 ============================================================
10:05:01.0906 1020 \Device\Harddisk0\DR0:
10:05:01.0906 1020 MBR partitions:
10:05:01.0906 1020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x773DD68
10:05:01.0906 1020 ============================================================
10:05:01.0906 1020 C: <-> \Device\Harddisk0\DR0\Partition0
10:05:01.0906 1020 ============================================================
10:05:01.0906 1020 Initialize success
10:05:01.0906 1020 ============================================================
10:05:03.0859 3976 ============================================================
10:05:03.0859 3976 Scan started
10:05:03.0859 3976 Mode: Manual;
10:05:03.0859 3976 ============================================================
10:05:05.0578 3976 602XML Updater (42faeef297d64c132862266418dbef7f) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
10:05:05.0578 3976 602XML Updater - ok
10:05:05.0625 3976 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:05:05.0625 3976 Aavmker4 - ok
10:05:05.0625 3976 Abiosdsk - ok
10:05:05.0640 3976 abp480n5 - ok
10:05:05.0656 3976 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:05:05.0656 3976 ACPI - ok
10:05:05.0671 3976 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:05:05.0671 3976 ACPIEC - ok
10:05:05.0671 3976 adpu160m - ok
10:05:05.0687 3976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:05:05.0687 3976 aec - ok
10:05:05.0703 3976 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:05:05.0703 3976 AFD - ok
10:05:05.0718 3976 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
10:05:05.0718 3976 AgereModemAudio - ok
10:05:05.0812 3976 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:05:05.0828 3976 AgereSoftModem - ok
10:05:05.0828 3976 Aha154x - ok
10:05:05.0843 3976 aic78u2 - ok
10:05:05.0843 3976 aic78xx - ok
10:05:05.0859 3976 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
10:05:05.0859 3976 Alerter - ok
10:05:05.0859 3976 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
10:05:05.0859 3976 ALG - ok
10:05:05.0875 3976 AliIde - ok
10:05:05.0890 3976 ameisvc (9b9a81b298410c4388d8e41de5f5386b) C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
10:05:05.0890 3976 ameisvc - ok
10:05:05.0890 3976 amsint - ok
10:05:05.0906 3976 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:05:05.0906 3976 Apple Mobile Device - ok
10:05:05.0937 3976 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
10:05:05.0937 3976 AppMgmt - ok
10:05:05.0953 3976 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:05:05.0953 3976 Arp1394 - ok
10:05:05.0953 3976 asc - ok
10:05:05.0968 3976 asc3350p - ok
10:05:05.0968 3976 asc3550 - ok
10:05:06.0000 3976 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:05:06.0000 3976 aspnet_state - ok
10:05:06.0015 3976 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:05:06.0015 3976 aswFsBlk - ok
10:05:06.0015 3976 aswKbd (088be3ec42010310fe867f874b6fedf2) C:\WINDOWS\system32\drivers\aswKbd.sys
10:05:06.0031 3976 aswKbd - ok
10:05:06.0046 3976 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
10:05:06.0046 3976 aswMon2 - ok
10:05:06.0046 3976 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
10:05:06.0062 3976 AswRdr - ok
10:05:06.0093 3976 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
10:05:06.0109 3976 aswSnx - ok
10:05:06.0140 3976 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
10:05:06.0140 3976 aswSP - ok
10:05:06.0156 3976 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
10:05:06.0156 3976 aswTdi - ok
10:05:06.0156 3976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:05:06.0156 3976 AsyncMac - ok
10:05:06.0171 3976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:05:06.0171 3976 atapi - ok
10:05:06.0171 3976 Atdisk - ok
10:05:06.0187 3976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:05:06.0187 3976 Atmarpc - ok
10:05:06.0203 3976 ATSWPDRV (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
10:05:06.0203 3976 ATSWPDRV - ok
10:05:06.0203 3976 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
10:05:06.0218 3976 AudioSrv - ok
10:05:06.0218 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:05:06.0218 3976 audstub - ok
10:05:06.0234 3976 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:05:06.0234 3976 avast! Antivirus - ok
10:05:06.0234 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:05:06.0234 3976 Beep - ok
10:05:06.0265 3976 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
10:05:06.0265 3976 BITS - ok
10:05:06.0296 3976 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:05:06.0312 3976 Bonjour Service - ok
10:05:06.0312 3976 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
10:05:06.0312 3976 Browser - ok
10:05:06.0328 3976 catchme - ok
10:05:06.0328 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:05:06.0328 3976 cbidf2k - ok
10:05:06.0328 3976 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
10:05:06.0343 3976 cbVSCService - ok
10:05:06.0343 3976 cd20xrnt - ok
10:05:06.0343 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:05:06.0343 3976 Cdaudio - ok
10:05:06.0359 3976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:05:06.0359 3976 Cdfs - ok
10:05:06.0375 3976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:05:06.0375 3976 Cdrom - ok
10:05:06.0375 3976 Changer - ok
10:05:06.0375 3976 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
10:05:06.0375 3976 CiSvc - ok
10:05:06.0390 3976 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
10:05:06.0406 3976 ClipSrv - ok
10:05:06.0406 3976 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:05:06.0421 3976 clr_optimization_v2.0.50727_32 - ok
10:05:06.0421 3976 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:05:06.0421 3976 CmBatt - ok
10:05:06.0437 3976 CmdIde - ok
10:05:06.0500 3976 CobianBackup10 (06302ea7eda9dcdd7f82cec2a03d2015) C:\Program Files\Cobian Backup 10\cbService.exe
10:05:06.0515 3976 CobianBackup10 - ok
10:05:06.0515 3976 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:05:06.0515 3976 Compbatt - ok
10:05:06.0531 3976 COMSysApp - ok
10:05:06.0531 3976 Cpqarray - ok
10:05:06.0546 3976 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
10:05:06.0546 3976 CryptSvc - ok
10:05:06.0546 3976 dac2w2k - ok
10:05:06.0546 3976 dac960nt - ok
10:05:06.0562 3976 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\WINDOWS\system32\DRIVERS\dc3d.sys
10:05:06.0562 3976 dc3d - ok
10:05:06.0593 3976 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
10:05:06.0593 3976 DcomLaunch - ok
10:05:06.0609 3976 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
10:05:06.0609 3976 Dhcp - ok
10:05:06.0625 3976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:05:06.0625 3976 Disk - ok
10:05:06.0625 3976 dmadmin - ok
10:05:06.0671 3976 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
10:05:06.0687 3976 dmboot - ok
10:05:06.0703 3976 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
10:05:06.0703 3976 dmio - ok
10:05:06.0703 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:05:06.0703 3976 dmload - ok
10:05:06.0718 3976 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
10:05:06.0718 3976 dmserver - ok
10:05:06.0718 3976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:05:06.0718 3976 DMusic - ok
10:05:06.0734 3976 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
10:05:06.0734 3976 Dnscache - ok
10:05:06.0750 3976 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
10:05:06.0750 3976 Dot3svc - ok
10:05:06.0765 3976 dpti2o - ok
10:05:06.0765 3976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:05:06.0765 3976 drmkaud - ok
10:05:06.0781 3976 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
10:05:06.0781 3976 EapHost - ok
10:05:06.0781 3976 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
10:05:06.0781 3976 ERSvc - ok
10:05:06.0796 3976 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
10:05:06.0796 3976 Eventlog - ok
10:05:06.0812 3976 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
10:05:06.0828 3976 EventSystem - ok
10:05:06.0828 3976 ewusbnet (9032405f762f1afa92dfef99cb078306) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
10:05:06.0828 3976 ewusbnet - ok
10:05:06.0843 3976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:05:06.0843 3976 Fastfat - ok
10:05:06.0859 3976 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
10:05:06.0859 3976 FastUserSwitchingCompatibility - ok
10:05:06.0875 3976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:05:06.0875 3976 Fdc - ok
10:05:06.0875 3976 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
10:05:06.0875 3976 Fips - ok
10:05:06.0890 3976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:05:06.0890 3976 Flpydisk - ok
10:05:06.0906 3976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:05:06.0906 3976 FltMgr - ok
10:05:06.0906 3976 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:05:06.0906 3976 FontCache3.0.0.0 - ok
10:05:06.0921 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:05:06.0921 3976 Fs_Rec - ok
10:05:06.0921 3976 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:05:06.0937 3976 Ftdisk - ok
10:05:06.0937 3976 FUJ02B1 (00845dcd64fe6348ddf7890c310c17b9) C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
10:05:06.0937 3976 FUJ02B1 - ok
10:05:06.0937 3976 FUJ02E1 (c4942669fde5abd7bbe70027c9de1247) C:\WINDOWS\system32\Drivers\FUJ02E1.sys
10:05:06.0937 3976 FUJ02E1 - ok
10:05:06.0953 3976 FUJ02E3 (ef9f310f86fd504afcdcedf8280091fb) C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
10:05:06.0953 3976 FUJ02E3 - ok
10:05:06.0953 3976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:05:06.0953 3976 GEARAspiWDM - ok
10:05:06.0968 3976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:05:06.0968 3976 Gpc - ok
10:05:06.0968 3976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:05:06.0984 3976 HDAudBus - ok
10:05:06.0984 3976 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:05:06.0984 3976 helpsvc - ok
10:05:06.0984 3976 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
10:05:07.0000 3976 HidServ - ok
10:05:07.0000 3976 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:05:07.0000 3976 hidusb - ok
10:05:07.0015 3976 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
10:05:07.0015 3976 hkmsvc - ok
10:05:07.0015 3976 hpn - ok
10:05:07.0031 3976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:05:07.0046 3976 HTTP - ok
10:05:07.0046 3976 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
10:05:07.0046 3976 HTTPFilter - ok
10:05:07.0062 3976 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:05:07.0062 3976 hwdatacard - ok
10:05:07.0078 3976 hwusbfake (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
10:05:07.0078 3976 hwusbfake - ok
10:05:07.0078 3976 i2omgmt - ok
10:05:07.0078 3976 i2omp - ok
10:05:07.0093 3976 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:05:07.0093 3976 i8042prt - ok
10:05:07.0156 3976 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:05:07.0187 3976 ialm - ok
10:05:07.0234 3976 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:05:07.0234 3976 iaStor - ok
10:05:07.0296 3976 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:05:07.0312 3976 idsvc - ok
10:05:07.0343 3976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:05:07.0343 3976 Imapi - ok
10:05:07.0359 3976 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
10:05:07.0375 3976 ImapiService - ok
10:05:07.0375 3976 ini910u - ok
10:05:07.0421 3976 Installer Service (9bccc92e3dbdd539704b79e53d384ca2) C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe
10:05:07.0437 3976 Installer Service - ok
10:05:07.0656 3976 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:05:07.0734 3976 IntcAzAudAddService - ok
10:05:07.0781 3976 IntelIde - ok
10:05:07.0781 3976 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:05:07.0781 3976 intelppm - ok
10:05:07.0796 3976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:05:07.0796 3976 Ip6Fw - ok
10:05:07.0796 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:05:07.0796 3976 IpFilterDriver - ok
10:05:07.0812 3976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:05:07.0812 3976 IpInIp - ok
10:05:07.0812 3976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:05:07.0828 3976 IpNat - ok
10:05:07.0875 3976 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:05:07.0890 3976 iPod Service - ok
10:05:07.0890 3976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:05:07.0906 3976 IPSec - ok
10:05:07.0906 3976 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
10:05:07.0906 3976 irda - ok
10:05:07.0921 3976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:05:07.0921 3976 IRENUM - ok
10:05:07.0921 3976 Irmon (8024ea8c5b2d2a4d201f418b0aadb804) C:\WINDOWS\System32\irmon.dll
10:05:07.0921 3976 Irmon - ok
10:05:07.0937 3976 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:05:07.0937 3976 isapnp - ok
10:05:07.0953 3976 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
10:05:07.0953 3976 JavaQuickStarterService - ok
10:05:07.0953 3976 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:05:07.0968 3976 Kbdclass - ok
10:05:07.0968 3976 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:05:07.0968 3976 kbdhid - ok
10:05:07.0984 3976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:05:07.0984 3976 kmixer - ok
10:05:08.0000 3976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:05:08.0000 3976 KSecDD - ok
10:05:08.0000 3976 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
10:05:08.0015 3976 lanmanserver - ok
10:05:08.0031 3976 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
10:05:08.0031 3976 lanmanworkstation - ok
10:05:08.0031 3976 lbrtfdc - ok
10:05:08.0046 3976 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
10:05:08.0046 3976 LmHosts - ok
10:05:08.0046 3976 massfilter (0b058116d3d4ecca7ded38f16e0581b2) C:\WINDOWS\system32\drivers\massfilter.sys
10:05:08.0062 3976 massfilter - ok
10:05:08.0062 3976 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
10:05:08.0062 3976 Messenger - ok
10:05:08.0078 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:05:08.0078 3976 mnmdd - ok
10:05:08.0078 3976 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
10:05:08.0078 3976 mnmsrvc - ok
10:05:08.0093 3976 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
10:05:08.0093 3976 Modem - ok
10:05:08.0109 3976 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:05:08.0109 3976 Mouclass - ok
10:05:08.0125 3976 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:05:08.0125 3976 mouhid - ok
10:05:08.0140 3976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:05:08.0140 3976 MountMgr - ok
10:05:08.0171 3976 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:05:08.0171 3976 MozillaMaintenance - ok
10:05:08.0171 3976 mraid35x - ok
10:05:08.0218 3976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:05:08.0218 3976 MRxDAV - ok
10:05:08.0312 3976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:05:08.0328 3976 MRxSmb - ok
10:05:08.0328 3976 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
10:05:08.0328 3976 MSDTC - ok
10:05:08.0343 3976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:05:08.0343 3976 Msfs - ok
10:05:08.0343 3976 MSIServer - ok
10:05:08.0359 3976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:05:08.0359 3976 MSKSSRV - ok
10:05:08.0375 3976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:05:08.0375 3976 MSPCLOCK - ok
10:05:08.0375 3976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:05:08.0375 3976 MSPQM - ok
10:05:08.0406 3976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:05:08.0421 3976 mssmbios - ok
10:05:08.0453 3976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:05:08.0484 3976 Mup - ok
10:05:08.0531 3976 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
10:05:08.0546 3976 napagent - ok
10:05:08.0578 3976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:05:08.0578 3976 NDIS - ok
10:05:08.0593 3976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:05:08.0593 3976 NdisTapi - ok
10:05:08.0593 3976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:05:08.0593 3976 Ndisuio - ok
10:05:08.0625 3976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:05:08.0625 3976 NdisWan - ok
10:05:08.0640 3976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:05:08.0640 3976 NDProxy - ok
10:05:08.0656 3976 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
10:05:08.0656 3976 Net Driver HPZ12 - ok
10:05:08.0656 3976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:05:08.0671 3976 NetBIOS - ok
10:05:08.0703 3976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:05:08.0703 3976 NetBT - ok
10:05:08.0718 3976 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
10:05:08.0734 3976 NetDDE - ok
10:05:08.0750 3976 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
10:05:08.0750 3976 NetDDEdsdm - ok
10:05:08.0750 3976 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
10:05:08.0750 3976 Netlogon - ok
10:05:08.0796 3976 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
10:05:08.0812 3976 Netman - ok
10:05:08.0828 3976 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:05:08.0843 3976 NetTcpPortSharing - ok
10:05:09.0140 3976 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
10:05:09.0203 3976 NETw3x32 - ok
10:05:09.0312 3976 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:05:09.0312 3976 NIC1394 - ok
10:05:09.0359 3976 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
10:05:09.0375 3976 Nla - ok
10:05:09.0375 3976 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
10:05:09.0375 3976 nmwcd - ok
10:05:09.0406 3976 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
10:05:09.0406 3976 nmwcdc - ok
10:05:09.0421 3976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:05:09.0421 3976 Npfs - ok
10:05:09.0515 3976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:05:09.0546 3976 Ntfs - ok
10:05:09.0546 3976 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
10:05:09.0546 3976 NtLmSsp - ok
10:05:09.0625 3976 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
10:05:09.0640 3976 NtmsSvc - ok
10:05:09.0656 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:05:09.0656 3976 Null - ok
10:05:09.0656 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:05:09.0656 3976 NwlnkFlt - ok
10:05:09.0671 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:05:09.0671 3976 NwlnkFwd - ok
10:05:09.0765 3976 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:05:09.0781 3976 odserv - ok
10:05:09.0781 3976 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:05:09.0796 3976 ohci1394 - ok
10:05:09.0796 3976 OpenVPNService (ccaf7108859b6b1698a4223e2760b578) C:\Program Files\OpenVPN\bin\openvpnserv.exe
10:05:09.0796 3976 OpenVPNService - ok
10:05:09.0828 3976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:05:09.0828 3976 ose - ok
10:05:09.0859 3976 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
10:05:09.0859 3976 Parport - ok
10:05:09.0875 3976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:05:09.0875 3976 PartMgr - ok
10:05:09.0875 3976 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
10:05:09.0890 3976 ParVdm - ok
10:05:09.0890 3976 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:05:09.0890 3976 pccsmcfd - ok
10:05:09.0906 3976 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
10:05:09.0906 3976 PCI - ok
10:05:09.0906 3976 PCIDump - ok
10:05:09.0921 3976 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:05:09.0921 3976 PCIIde - ok
10:05:09.0937 3976 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:05:09.0953 3976 Pcmcia - ok
10:05:10.0000 3976 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys
10:05:10.0015 3976 PCTCore - ok
10:05:10.0062 3976 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
10:05:10.0062 3976 pctDS - ok
10:05:10.0125 3976 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
10:05:10.0140 3976 pctEFA - ok
10:05:10.0156 3976 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys
10:05:10.0156 3976 PCTSD - ok
10:05:10.0171 3976 PDCOMP - ok
10:05:10.0171 3976 PDFRAME - ok
10:05:10.0187 3976 PDRELI - ok
10:05:10.0187 3976 PDRFRAME - ok
10:05:10.0203 3976 perc2 - ok
10:05:10.0203 3976 perc2hib - ok
10:05:10.0234 3976 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
10:05:10.0234 3976 PlugPlay - ok
10:05:10.0250 3976 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
10:05:10.0250 3976 Pml Driver HPZ12 - ok
10:05:10.0265 3976 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
10:05:10.0265 3976 Point32 - ok
10:05:10.0265 3976 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
10:05:10.0281 3976 PolicyAgent - ok
10:05:10.0281 3976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:05:10.0281 3976 PptpMiniport - ok
10:05:10.0296 3976 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
10:05:10.0296 3976 ProtectedStorage - ok
10:05:10.0312 3976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:05:10.0312 3976 PSched - ok
10:05:10.0312 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:05:10.0312 3976 Ptilink - ok
10:05:10.0328 3976 ql1080 - ok
10:05:10.0328 3976 Ql10wnt - ok
10:05:10.0328 3976 ql12160 - ok
10:05:10.0343 3976 ql1240 - ok
10:05:10.0343 3976 ql1280 - ok
10:05:10.0359 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:05:10.0359 3976 RasAcd - ok
10:05:10.0375 3976 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
10:05:10.0375 3976 RasAuto - ok
10:05:10.0390 3976 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:05:10.0390 3976 Rasirda - ok
10:05:10.0421 3976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:05:10.0421 3976 Rasl2tp - ok
10:05:10.0453 3976 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
10:05:10.0468 3976 RasMan - ok
10:05:10.0468 3976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:05:10.0484 3976 RasPppoe - ok
10:05:10.0484 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:05:10.0484 3976 Raspti - ok
10:05:10.0515 3976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:05:10.0515 3976 Rdbss - ok
10:05:10.0515 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:05:10.0531 3976 RDPCDD - ok
10:05:10.0562 3976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:05:10.0562 3976 rdpdr - ok
10:05:10.0578 3976 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:05:10.0593 3976 RDPWD - ok
10:05:10.0609 3976 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
10:05:10.0609 3976 RDSessMgr - ok
10:05:10.0625 3976 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:05:10.0625 3976 redbook - ok
10:05:10.0640 3976 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
10:05:10.0640 3976 RemoteAccess - ok
10:05:10.0656 3976 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
10:05:10.0656 3976 RemoteRegistry - ok
10:05:10.0671 3976 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:05:10.0671 3976 ROOTMODEM - ok
10:05:10.0671 3976 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
10:05:10.0687 3976 RpcLocator - ok
10:05:10.0718 3976 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
10:05:10.0718 3976 RpcSs - ok
10:05:10.0765 3976 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
10:05:10.0781 3976 RSVP - ok
10:05:10.0781 3976 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\RMClock\RTCore32.sys
10:05:10.0796 3976 RTCore32 - ok
10:05:10.0796 3976 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
10:05:10.0796 3976 SamSs - ok
10:05:10.0843 3976 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
10:05:10.0859 3976 SCardSvr - ok
10:05:10.0890 3976 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
10:05:10.0906 3976 Schedule - ok
10:05:10.0953 3976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:05:10.0968 3976 Secdrv - ok
10:05:10.0968 3976 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
10:05:10.0984 3976 seclogon - ok
10:05:10.0984 3976 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
10:05:10.0984 3976 SENS - ok
10:05:11.0000 3976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:05:11.0000 3976 serenum - ok
10:05:11.0015 3976 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
10:05:11.0031 3976 Serial - ok
10:05:11.0171 3976 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:05:11.0203 3976 ServiceLayer - ok
10:05:11.0218 3976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:05:11.0218 3976 Sfloppy - ok
10:05:11.0250 3976 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
10:05:11.0484 3976 SharedAccess - ok
10:05:11.0515 3976 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
10:05:11.0515 3976 ShellHWDetection - ok
10:05:11.0531 3976 Simbad - ok
10:05:11.0546 3976 SMCIRDA (12224ac3a6fd3577036f038a0c03f2f5) C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:05:11.0546 3976 SMCIRDA - ok
10:05:11.0546 3976 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:05:11.0562 3976 SONYPVU1 - ok
10:05:11.0562 3976 Sparrow - ok
10:05:11.0578 3976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:05:11.0578 3976 splitter - ok
10:05:11.0593 3976 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:05:11.0593 3976 Spooler - ok
10:05:11.0609 3976 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
10:05:11.0625 3976 sr - ok
10:05:11.0640 3976 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
10:05:11.0656 3976 srservice - ok
10:05:11.0703 3976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:05:11.0703 3976 Srv - ok
10:05:11.0718 3976 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
10:05:11.0718 3976 SSDPSRV - ok
10:05:11.0750 3976 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:05:11.0750 3976 StillCam - ok
10:05:11.0781 3976 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
10:05:11.0796 3976 stisvc - ok
10:05:11.0812 3976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:05:11.0812 3976 swenum - ok
10:05:11.0812 3976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:05:11.0828 3976 swmidi - ok
10:05:11.0828 3976 SwPrv - ok
10:05:11.0828 3976 symc810 - ok
10:05:11.0843 3976 symc8xx - ok
10:05:11.0843 3976 sym_hi - ok
10:05:11.0859 3976 sym_u3 - ok
10:05:11.0875 3976 SynTP (f8393bdfb6726a0f97dd23aa54f3087d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:05:11.0875 3976 SynTP - ok
10:05:11.0890 3976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:05:11.0890 3976 sysaudio - ok
10:05:11.0890 3976 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
10:05:11.0906 3976 SysmonLog - ok
10:05:11.0906 3976 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\WINDOWS\system32\DRIVERS\tap0901.sys
10:05:11.0921 3976 tap0901 - ok
10:05:11.0937 3976 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
10:05:11.0937 3976 TapiSrv - ok
10:05:11.0968 3976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:05:11.0968 3976 Tcpip - ok
10:05:11.0984 3976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:05:11.0984 3976 TDPIPE - ok
10:05:11.0984 3976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:05:12.0000 3976 TDTCP - ok
10:05:12.0000 3976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:05:12.0000 3976 TermDD - ok
10:05:12.0031 3976 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
10:05:12.0031 3976 TermService - ok
10:05:12.0046 3976 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
10:05:12.0046 3976 Themes - ok
10:05:12.0062 3976 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
10:05:12.0078 3976 TlntSvr - ok
10:05:12.0078 3976 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
10:05:12.0093 3976 TOSHIBA Bluetooth Service - ok
10:05:12.0109 3976 TosIde - ok
10:05:12.0125 3976 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
10:05:12.0125 3976 tosporte - ok
10:05:12.0140 3976 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
10:05:12.0140 3976 tosrfbd - ok
10:05:12.0140 3976 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
10:05:12.0140 3976 tosrfbnp - ok
10:05:12.0156 3976 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
10:05:12.0156 3976 Tosrfcom - ok
10:05:12.0171 3976 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
10:05:12.0171 3976 Tosrfhid - ok
10:05:12.0171 3976 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
10:05:12.0171 3976 tosrfnds - ok
10:05:12.0187 3976 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys
10:05:12.0187 3976 TosRfSnd - ok
10:05:12.0203 3976 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
10:05:12.0203 3976 tosrfusb - ok
10:05:12.0203 3976 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
10:05:12.0218 3976 TrkWks - ok
10:05:12.0234 3976 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
10:05:12.0234 3976 truecrypt - ok
10:05:12.0250 3976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:05:12.0250 3976 Udfs - ok
10:05:12.0265 3976 ultra - ok
10:05:12.0296 3976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:05:12.0296 3976 Update - ok
10:05:12.0312 3976 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
10:05:12.0328 3976 upnphost - ok
10:05:12.0328 3976 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
10:05:12.0328 3976 upperdev - ok
10:05:12.0328 3976 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
10:05:12.0343 3976 UPS - ok
10:05:12.0343 3976 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:05:12.0343 3976 usbaudio - ok
10:05:12.0359 3976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:05:12.0359 3976 usbccgp - ok
10:05:12.0359 3976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:05:12.0375 3976 usbehci - ok
10:05:12.0375 3976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:05:12.0375 3976 usbhub - ok
10:05:12.0390 3976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:05:12.0390 3976 usbprint - ok
10:05:12.0406 3976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:05:12.0406 3976 usbscan - ok
10:05:12.0421 3976 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
10:05:12.0421 3976 usbser - ok
10:05:12.0421 3976 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
10:05:12.0421 3976 UsbserFilt - ok
10:05:12.0437 3976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:05:12.0437 3976 USBSTOR - ok
10:05:12.0437 3976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:05:12.0437 3976 usbuhci - ok
10:05:12.0453 3976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:05:12.0453 3976 VgaSave - ok
10:05:12.0453 3976 ViaIde - ok
10:05:12.0468 3976 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
10:05:12.0468 3976 VolSnap - ok
10:05:12.0484 3976 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
10:05:12.0500 3976 VSS - ok
10:05:12.0515 3976 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
10:05:12.0515 3976 W32Time - ok
10:05:12.0531 3976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:05:12.0531 3976 Wanarp - ok
10:05:12.0562 3976 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:05:12.0562 3976 Wdf01000 - ok
10:05:12.0562 3976 WDICA - ok
10:05:12.0593 3976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:05:12.0593 3976 wdmaud - ok
10:05:12.0593 3976 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
10:05:12.0609 3976 WebClient - ok
10:05:12.0625 3976 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:05:12.0625 3976 winmgmt - ok
10:05:12.0640 3976 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:05:12.0640 3976 WmdmPmSN - ok
10:05:12.0687 3976 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
10:05:12.0703 3976 Wmi - ok
10:05:12.0718 3976 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:05:12.0718 3976 WmiApSrv - ok
10:05:12.0718 3976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:05:12.0718 3976 WpdUsb - ok
10:05:12.0750 3976 WPFFontCache_v0400 - ok
10:05:12.0750 3976 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:05:12.0750 3976 WS2IFSL - ok
10:05:12.0765 3976 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
10:05:12.0765 3976 wscsvc - ok
10:05:12.0781 3976 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
10:05:12.0781 3976 wuauserv - ok
10:05:12.0796 3976 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:05:12.0796 3976 WudfPf - ok
10:05:12.0796 3976 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:05:12.0812 3976 WudfRd - ok
10:05:12.0812 3976 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
10:05:12.0828 3976 WudfSvc - ok
10:05:12.0843 3976 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
10:05:12.0859 3976 WZCSVC - ok
10:05:12.0875 3976 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
10:05:12.0890 3976 xmlprov - ok
10:05:12.0906 3976 yukonwxp (05d48e56ea2612d39a4e7f0ecc17b917) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
10:05:12.0906 3976 yukonwxp - ok
10:05:12.0921 3976 ZTEusbmdm6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
10:05:12.0921 3976 ZTEusbmdm6k - ok
10:05:12.0937 3976 ZTEusbnmea (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
10:05:12.0937 3976 ZTEusbnmea - ok
10:05:12.0937 3976 ZTEusbser6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
10:05:12.0953 3976 ZTEusbser6k - ok
10:05:12.0968 3976 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
10:05:13.0312 3976 \Device\Harddisk0\DR0 - ok
10:05:13.0312 3976 Boot (0x1200) (fa72858dd9f33c90fb3879f5dce16fde) \Device\Harddisk0\DR0\Partition0
10:05:13.0328 3976 \Device\Harddisk0\DR0\Partition0 - ok
10:05:13.0328 3976 ============================================================
10:05:13.0328 3976 Scan finished
10:05:13.0328 3976 ============================================================
10:05:13.0328 2388 Detected object count: 0
10:05:13.0328 2388 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 10:07:10
-----------------------------
10:07:10.203 OS Version: Windows 5.1.2600 Service Pack 3
10:07:10.203 Number of processors: 2 586 0xF06
10:07:10.203 ComputerName: HAFIK UserName: Filip
10:07:10.468 Initialize success
10:07:10.609 AVAST engine defs: 12070900
10:08:02.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:08:02.750 Disk 0 Vendor: Kingston B090 Size: 61057MB BusType: 3
10:08:02.765 Disk 0 MBR read successfully
10:08:02.765 Disk 0 MBR scan
10:08:02.781 Disk 0 Windows XP default MBR code
10:08:02.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61051 MB offset 63
10:08:02.781 Disk 0 scanning sectors +125033895
10:08:02.796 Disk 0 scanning C:\WINDOWS\system32\drivers
10:08:06.046 Service scanning
10:08:09.968 Modules scanning
10:08:12.484 Disk 0 trace - called modules:
10:08:12.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll iaStor.sys
10:08:12.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a65a030]
10:08:12.500 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a6768f8]
10:08:12.500 5 PCTCore.sys[b9d6b82d] -> nt!IofCallDriver -> \Device\0000008f[0x8a676030]
10:08:12.515 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a65b030]
10:08:12.781 AVAST engine scan C:\WINDOWS
10:08:14.890 AVAST engine scan C:\WINDOWS\system32
10:09:09.890 AVAST engine scan C:\WINDOWS\system32\drivers
10:09:17.078 AVAST engine scan C:\Documents and Settings\Filip
10:10:31.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\MBR.dat"
10:10:31.750 The log file has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\aswMBR.txt"

-------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 10:21:22
-----------------------------
10:21:22.515 OS Version: Windows 5.1.2600 Service Pack 3
10:21:22.515 Number of processors: 2 586 0xF06
10:21:22.515 ComputerName: HAFIK UserName: Filip
10:21:23.546 Initialize success
10:21:23.703 AVAST engine defs: 12071000
10:21:25.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:21:25.484 Disk 0 Vendor: Kingston B090 Size: 61057MB BusType: 3
10:21:25.500 Disk 0 MBR read successfully
10:21:25.500 Disk 0 MBR scan
10:21:25.500 Disk 0 Windows XP default MBR code
10:21:25.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61051 MB offset 63
10:21:25.531 Disk 0 scanning sectors +125033895
10:21:25.578 Disk 0 scanning C:\WINDOWS\system32\drivers
10:21:38.937 Service scanning
10:21:44.562 Modules scanning
10:21:58.828 Disk 0 trace - called modules:
10:21:58.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll iaStor.sys
10:21:58.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a65a030]
10:21:58.828 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a6768f8]
10:21:58.828 5 PCTCore.sys[b9d6b82d] -> nt!IofCallDriver -> \Device\0000008f[0x8a676030]
10:21:58.828 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a65b030]
10:21:59.562 AVAST engine scan C:\WINDOWS
10:22:06.265 AVAST engine scan C:\WINDOWS\system32
10:24:19.906 AVAST engine scan C:\WINDOWS\system32\drivers
10:24:37.859 AVAST engine scan C:\Documents and Settings\Filip
10:36:22.734 AVAST engine scan C:\Documents and Settings\All Users
10:36:42.359 File: C:\Documents and Settings\All Users\Data aplikací\Installations\{653A52D8-127C-476D-BAD9-27117A3A4959}\Installer\CommonCustomActions\closeapp.exe **INFECTED** Win32:MalOb-EI [Cryp]
10:38:05.250 Scan finished successfully
10:47:20.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\MBR.dat"
10:47:20.234 The log file has been saved successfully to "C:\Documents and Settings\Filip\Dokumenty\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 10 July 2012 - 07:32 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Filip Morávek

Filip Morávek
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 11 July 2012 - 05:49 AM

New log from Combofix:


ComboFix 12-07-11.02 - Filip 11.07.2012 12:40:25.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.834 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Filip\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-11 do 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-06-27 12:59 . 2012-06-27 12:59 -------- d-----w- c:\program files\Dropbox
2012-06-25 13:37 . 2012-06-25 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Battle.net
2012-06-14 13:13 . 2012-06-14 13:13 -------- d-----w- c:\documents and settings\Kryštof\Data aplikací\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-05-25 10:07 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-05-25 10:07 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-05-25 10:07 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-05-25 10:07 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-05-25 10:07 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2012-05-25 10:07 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2012-05-25 10:07 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-05-25 10:07 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-03 16:21 . 2012-05-25 10:07 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2012-05-25 10:05 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-05-25 10:05 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-01-22 15:06 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-01-22 15:06 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-01-22 15:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-01-22 15:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-01-22 15:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-18 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-01-22 15:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-01-22 15:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-04-16 08:29 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-04-16 08:29 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-04-16 08:29 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 09:14 . 2012-06-01 12:05 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-23 10:36 . 2012-06-01 12:05 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-23 10:36 . 2012-06-01 12:05 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-05-21 09:41 . 2012-01-26 15:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_11.49.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-07-08 19:22 . 2012-07-08 19:22 16384 c:\windows\Temp\Perflib_Perfdata_a6c.dat
+ 2012-06-25 07:13 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-25 07:13 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-18 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2718704\update\spcustom.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2718704\spmsg.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2012-06-01 12:06 . 2012-02-28 09:43 909728 c:\windows\system32\drivers\pctEFA.sys
+ 2012-06-01 12:06 . 2012-02-28 09:43 342168 c:\windows\system32\drivers\pctDS.sys
+ 2010-01-22 15:06 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
- 2011-09-03 10:17 . 2011-09-28 07:06 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2012-06-18 18:27 . 2011-07-22 13:20 183288 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2012-06-01 12:13 . 2012-06-01 12:13 228352 c:\windows\Installer\1243a866.msi
+ 2012-06-12 07:41 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2718704\update\updspapi.dll
+ 2012-06-12 07:41 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2718704\update\update.exe
+ 2012-06-12 07:41 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2718704\spuninst.exe
+ 2012-05-31 13:19 . 2012-05-31 13:19 602624 c:\windows\$hf_mig$\KB2718704\SP3QFE\crypt32.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-01-22 15:06 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 761946]
"HotKeyz.exe Startup"="c:\program files\Skynergy\HotKeyz\HotKeyz.exe" [2010-06-10 2719232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Kryštof\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Filip\Data aplikací\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Miranda.lnk - c:\program files\Miranda IM\miranda32.exe [2012-4-24 822357]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2011-8-21 135680]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Filip^Nabídka Start^Programy^Po spuštění^Spoon Sandbox Manager 3.20.lnk]
path=c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\Spoon Sandbox Manager 3.20.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.20.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Filip^Nabídka Start^Programy^Po spuštění^Spoon Sandbox Manager 3.21.lnk]
path=c:\documents and settings\Filip\Nabídka Start\Programy\Po spuštění\Spoon Sandbox Manager 3.21.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.21.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATSwpNav]
c:\program files\Fingerprint Sensor\ATSwpNav -run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-01-17 12:26 88365 -c--a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2006-03-07 23:00 69632 -c----w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-22 17:23 135664 ----atw- c:\documents and settings\Filip\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 10:13 114688 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 10:10 94208 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMClock]
2008-02-29 17:26 61440 ----a-w- c:\program files\RMClock\RMClockLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-07 23:00 16010240 -c----w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-22 16:07 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2011-06-30 11:35 1363984 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Filip\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1.6.2012 14:05 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1.6.2012 14:06 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1.6.2012 14:06 909728]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.5.2012 12:07 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.5.2012 12:07 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.5.2012 12:07 353688]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [1.6.2012 14:05 203088]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [24.6.2011 21:17 123120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.5.2012 12:07 21256]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [3.3.2011 13:19 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [3.3.2011 13:19 1125376]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [22.1.2010 17:24 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [22.1.2010 17:24 4864]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [14.5.2012 10:39 45288]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [3.1.2011 12:46 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [4.1.2011 12:40 100480]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [8.3.2011 17:03 119296]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [31.10.2011 14:09 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21.5.2012 11:41 129976]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 99943551
*Deregistered* - 99943551
*Deregistered* - aswMBR
*Deregistered* - RTCore32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-08 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{495D2A4F-B618-4F0D-9711-6BFA804BC889}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FD0A0E0F-89F4-4E46-ABEB-15EC73FF5813}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\ulcxuy6s.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(4232)
c:\documents and settings\Filip\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-07-11 12:47:31
ComboFix-quarantined-files.txt 2012-07-11 10:47
ComboFix2.txt 2012-07-08 11:18
ComboFix3.txt 2012-05-25 15:33
ComboFix4.txt 2012-05-25 11:51
.
Před spuštěním: 6 462 775 296
Po spuštění: 6 454 075 392
.
- - End Of File - - 34C4CB40194A4EC4C7598A9BAC1A85E2


Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users