PC-HELP.CZ

Dobrý den,
Avast mi hlásí win32 malware gen, nalezené infikované soubory mažu, ale za chvíli hlásí rezidenční štít virus opět.
Co s tím mohu dělat?
Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:20, on 14.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OvisLink WL-5480USB WLAN USB Utility.lnk = C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{18A9664D-FDBB-4E6F-BC3E-BE0FA61F91A3}: NameServer = 10.1.2.10,10.1.20.10
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5737 bytes

Příště do sekce Hijackthis!!
Windows XP SP2--pak si doinstaluj SP3!

Odinstaluj:
uTorrentBar , uTorrentBar Toolbar


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Vse proslo hladce, jen si nejsem jistý jestli jsem vložil správný log.
Avast uz nic nehlásí, tak doufám že je pc opravdu čistý a ne tak prolezlý virem, ze uz ho nenajde.
Dekuji za Vas cas a cenne rady.
Vojtech Tomasek

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
a :: A-B47928693AE64 [administrátor]

Ochrana: Povolena

15.8.2012 7:44:38
mbam-log-2012-08-15 (07-44-38).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 172918
Uplynulý čas: 8 minut, 50 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Ještě něco zkusíme.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

log z TDSSkiller prikladam, ale pri testovani PC v Combofix mi spadne system do modry obrazovky, dal jsem posledni znamou konfiguraci, log z nej se neulozil

11:09:02.0078 2852 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
11:09:04.0093 2852 ============================================================
11:09:04.0093 2852 Current date / time: 2012/08/16 11:09:04.0093
11:09:04.0093 2852 SystemInfo:
11:09:04.0093 2852
11:09:04.0093 2852 OS Version: 5.1.2600 ServicePack: 3.0
11:09:04.0093 2852 Product type: Workstation
11:09:04.0093 2852 ComputerName: A-B47928693AE64
11:09:04.0093 2852 UserName: a
11:09:04.0093 2852 Windows directory: C:\WINDOWS
11:09:04.0093 2852 System windows directory: C:\WINDOWS
11:09:04.0093 2852 Processor architecture: Intel x86
11:09:04.0093 2852 Number of processors: 2
11:09:04.0093 2852 Page size: 0x1000
11:09:04.0093 2852 Boot type: Normal boot
11:09:04.0093 2852 ============================================================
11:09:06.0062 2852 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:09:06.0484 2852 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:09:06.0500 2852 ============================================================
11:09:06.0500 2852 \Device\Harddisk0\DR0:
11:09:06.0500 2852 MBR partitions:
11:09:06.0500 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
11:09:06.0500 2852 \Device\Harddisk1\DR1:
11:09:06.0500 2852 MBR partitions:
11:09:06.0500 2852 ============================================================
11:09:06.0531 2852 C: <-> \Device\Harddisk0\DR0\Partition1
11:09:06.0546 2852 ============================================================
11:09:06.0546 2852 Initialize success
11:09:06.0546 2852 ============================================================
11:09:09.0640 2716 ============================================================
11:09:09.0640 2716 Scan started
11:09:09.0640 2716 Mode: Manual;
11:09:09.0640 2716 ============================================================
11:09:10.0625 2716 ================ Scan services =============================
11:09:11.0281 2716 [ 0b27ae82c113d3687024d18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:09:11.0281 2716 Aavmker4 - ok
11:09:11.0296 2716 Abiosdsk - ok
11:09:11.0328 2716 abp480n5 - ok
11:09:11.0421 2716 [ 4fe34f1f3126b61fcc6b2043aa8112c9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:09:11.0421 2716 ACPI - ok
11:09:11.0468 2716 [ afdff022a01f0b11c776f0860c3b282f ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:09:11.0468 2716 ACPIEC - ok
11:09:11.0578 2716 [ 5ddc0a8d2cd60bda593ddaf45821ce08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:09:11.0593 2716 Adobe LM Service - ok
11:09:11.0703 2716 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:11.0703 2716 AdobeFlashPlayerUpdateSvc - ok
11:09:11.0718 2716 adpu160m - ok
11:09:11.0796 2716 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:09:11.0796 2716 aec - ok
11:09:11.0875 2716 [ 322d0e36693d6e24a2398bee62a268cd ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:09:11.0875 2716 AFD - ok
11:09:11.0906 2716 Aha154x - ok
11:09:11.0953 2716 aic78u2 - ok
11:09:11.0968 2716 aic78xx - ok
11:09:12.0046 2716 [ e0a6fa244b8624d78fe5ff6f56a33bae ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:09:12.0046 2716 Alerter - ok
11:09:12.0093 2716 [ 88842de939a827577bf24243699ac80a ] ALG C:\WINDOWS\System32\alg.exe
11:09:12.0093 2716 ALG - ok
11:09:12.0109 2716 AliIde - ok
11:09:12.0140 2716 amsint - ok
11:09:12.0203 2716 [ dd8d9c597af7cd2f6b70a3d6a4a1acea ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
11:09:12.0203 2716 androidusb - ok
11:09:12.0281 2716 [ 6b8e7a90e576d4fe308f97c69060a171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:09:12.0281 2716 AppMgmt - ok
11:09:12.0296 2716 asc - ok
11:09:12.0328 2716 asc3350p - ok
11:09:12.0359 2716 asc3550 - ok
11:09:12.0421 2716 [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:09:12.0421 2716 aswFsBlk - ok
11:09:12.0437 2716 [ 9e912fe7b41650701ef2b227aca440f3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:09:12.0453 2716 aswMon2 - ok
11:09:12.0468 2716 [ 982e275d1c5801042fe94209fb0160fb ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:09:12.0468 2716 aswRdr - ok
11:09:12.0515 2716 [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:09:12.0531 2716 aswSnx - ok
11:09:12.0562 2716 [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:09:12.0562 2716 aswSP - ok
11:09:12.0625 2716 [ 7109a9aa551f37cd168c02368465957e ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:09:12.0640 2716 aswTdi - ok
11:09:12.0687 2716 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:09:12.0687 2716 AsyncMac - ok
11:09:12.0703 2716 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:09:12.0718 2716 atapi - ok
11:09:12.0734 2716 Atdisk - ok
11:09:12.0781 2716 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:09:12.0781 2716 Atmarpc - ok
11:09:12.0828 2716 [ de31b88962a8645dba5a37b993e7b0f1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:09:12.0843 2716 AudioSrv - ok
11:09:12.0906 2716 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:09:12.0906 2716 audstub - ok
11:09:13.0031 2716 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:09:13.0031 2716 avast! Antivirus - ok
11:09:13.0046 2716 avast! Firewall - ok
11:09:13.0125 2716 [ 241474d01380e9ed41d4c07f4f5fd401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:09:13.0125 2716 b57w2k - ok
11:09:13.0203 2716 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:09:13.0203 2716 Beep - ok
11:09:13.0328 2716 [ 19395d092fd85ddc2d9c7729cf5a2ac8 ] BITS C:\WINDOWS\system32\qmgr.dll
11:09:13.0375 2716 BITS - ok
11:09:13.0421 2716 [ 249276d3ef1e74b992299cb96099e4d7 ] Browser C:\WINDOWS\System32\browser.dll
11:09:13.0437 2716 Browser - ok
11:09:13.0484 2716 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:09:13.0484 2716 BthEnum - ok
11:09:13.0546 2716 [ fca6f069597b62d42495191ace3fc6c1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
11:09:13.0546 2716 BTHMODEM - ok
11:09:13.0640 2716 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:09:13.0640 2716 BthPan - ok
11:09:13.0734 2716 [ 164f186e09f26ba47b89e4db9b0aaf1e ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
11:09:13.0734 2716 BTHPORT - ok
11:09:13.0812 2716 [ 70ca4b3f634c9dca200832f8da76e009 ] BthServ C:\WINDOWS\System32\bthserv.dll
11:09:13.0812 2716 BthServ - ok
11:09:13.0859 2716 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:09:13.0875 2716 BTHUSB - ok
11:09:13.0906 2716 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:09:13.0921 2716 cbidf2k - ok
11:09:13.0937 2716 cd20xrnt - ok
11:09:14.0015 2716 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:09:14.0015 2716 Cdaudio - ok
11:09:14.0093 2716 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:09:14.0093 2716 Cdfs - ok
11:09:14.0125 2716 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:09:14.0125 2716 Cdrom - ok
11:09:14.0156 2716 [ 84853b3fd012251690570e9e7e43343f ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
11:09:14.0171 2716 cercsr6 - ok
11:09:14.0187 2716 Changer - ok
11:09:14.0250 2716 [ e390dc1d7c461d7d56ec53402f329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:09:14.0250 2716 CiSvc - ok
11:09:14.0281 2716 [ 064507a8dfa8c5c7e2ffddd3e6f424fa ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:09:14.0281 2716 ClipSrv - ok
11:09:14.0375 2716 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:14.0375 2716 clr_optimization_v4.0.30319_32 - ok
11:09:14.0390 2716 CmdIde - ok
11:09:14.0531 2716 [ a0f7d6b070f15ead9f4231b51b246e4c ] cmuda3 C:\WINDOWS\system32\drivers\cmudax3.sys
11:09:14.0531 2716 cmuda3 - ok
11:09:14.0546 2716 COMSysApp - ok
11:09:14.0609 2716 Cpqarray - ok
11:09:14.0671 2716 [ f3ab0933cbd166d271992f411c27ccaf ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:09:14.0687 2716 CryptSvc - ok
11:09:14.0703 2716 dac2w2k - ok
11:09:14.0718 2716 dac960nt - ok
11:09:14.0812 2716 [ c868f3ae15cf71a93f2aa3a32856d839 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:09:14.0812 2716 DcomLaunch - ok
11:09:14.0859 2716 [ 6216fd7fd227de454238a702b218cec7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
11:09:14.0875 2716 dgderdrv - ok
11:09:14.0937 2716 [ 8c9a53e285ac5e6704844d0459ec85be ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:09:14.0937 2716 Dhcp - ok
11:09:14.0953 2716 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:09:14.0968 2716 Disk - ok
11:09:14.0984 2716 dmadmin - ok
11:09:15.0046 2716 [ db5fd2bf5b07dc54bfcb3664ff05bd7c ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:09:15.0062 2716 dmboot - ok
11:09:15.0078 2716 [ fff1720af51171f32f1ead5cf71f2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:09:15.0093 2716 dmio - ok
11:09:15.0140 2716 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:09:15.0140 2716 dmload - ok
11:09:15.0187 2716 [ 2bfefe9e865655a76982f050450b9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:09:15.0203 2716 dmserver - ok
11:09:15.0218 2716 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:09:15.0218 2716 DMusic - ok
11:09:15.0250 2716 [ 0634b791684b84f4a331f3d3536feef8 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:09:15.0250 2716 Dnscache - ok
11:09:15.0343 2716 [ 4a3e2bd20157a0946751229e92eb8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:09:15.0343 2716 Dot3svc - ok
11:09:15.0359 2716 dpti2o - ok
11:09:15.0421 2716 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:09:15.0421 2716 drmkaud - ok
11:09:15.0484 2716 [ 0887d9c2be8d940778cad1e3b85f2a41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:09:15.0484 2716 EapHost - ok
11:09:15.0546 2716 [ a2a4912798f2be706abadd3d30800d16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:09:15.0546 2716 ERSvc - ok
11:09:15.0609 2716 [ f0d2ae69035092bf22dad6b50fab85c2 ] Eventlog C:\WINDOWS\system32\services.exe
11:09:15.0609 2716 Eventlog - ok
11:09:15.0640 2716 [ 260c69fd67687b0dc062fc3d31655857 ] EventSystem C:\WINDOWS\system32\es.dll
11:09:15.0656 2716 EventSystem - ok
11:09:15.0703 2716 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:09:15.0703 2716 Fastfat - ok
11:09:15.0765 2716 [ b927443008910b412bec72fc41c1bad0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:09:15.0781 2716 FastUserSwitchingCompatibility - ok
11:09:15.0843 2716 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:09:15.0843 2716 Fdc - ok
11:09:15.0875 2716 [ ac366695a0796560aa37215ad5762aaf ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:09:15.0875 2716 Fips - ok
11:09:15.0921 2716 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:09:15.0921 2716 Flpydisk - ok
11:09:15.0968 2716 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:09:15.0968 2716 FltMgr - ok
11:09:16.0015 2716 [ b07663a810e861eebfd0eac7e82ca62d ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
11:09:16.0015 2716 FsUsbExDisk - ok
11:09:16.0062 2716 [ f96c429788350db4ba6771c3034dfd88 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
11:09:16.0062 2716 FsUsbExService - ok
11:09:16.0093 2716 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:09:16.0093 2716 Fs_Rec - ok
11:09:16.0125 2716 [ 4e664d8541db4a66b73a24257e322e1f ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:09:16.0125 2716 Ftdisk - ok
11:09:16.0156 2716 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:09:16.0156 2716 Gpc - ok
11:09:16.0281 2716 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:09:16.0281 2716 gupdate - ok
11:09:16.0296 2716 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:09:16.0312 2716 gupdatem - ok
11:09:16.0390 2716 [ fcfe31fb75f8a6295b6b0af87a626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:09:16.0406 2716 helpsvc - ok
11:09:16.0421 2716 HidServ - ok
11:09:16.0484 2716 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:09:16.0484 2716 hidusb - ok
11:09:16.0546 2716 [ 7a6b320928f86bc851530d63c82965d9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:09:16.0562 2716 hkmsvc - ok
11:09:16.0578 2716 hpn - ok
11:09:16.0671 2716 [ f6aacf5bce2893e0c1754afeb672e5c9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:09:16.0671 2716 HTTP - ok
11:09:16.0750 2716 [ 58fe2f2da3bc5573f4a35b3760d3125f ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:09:16.0796 2716 HTTPFilter - ok
11:09:16.0812 2716 i2omgmt - ok
11:09:16.0843 2716 i2omp - ok
11:09:16.0890 2716 [ c528e27945367191e7bae364930b6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:09:16.0890 2716 i8042prt - ok
11:09:16.0921 2716 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:09:16.0937 2716 Imapi - ok
11:09:17.0000 2716 [ f7b93aafad33b2320954c17e26c8d361 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:09:17.0000 2716 ImapiService - ok
11:09:17.0031 2716 ini910u - ok
11:09:17.0078 2716 IntelIde - ok
11:09:17.0109 2716 [ 27b290d632af2cf3cf40bfddb7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:09:17.0109 2716 intelppm - ok
11:09:17.0156 2716 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:09:17.0171 2716 Ip6Fw - ok
11:09:17.0218 2716 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:09:17.0218 2716 IpFilterDriver - ok
11:09:17.0265 2716 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:09:17.0265 2716 IpInIp - ok
11:09:17.0312 2716 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:09:17.0312 2716 IpNat - ok
11:09:17.0343 2716 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:09:17.0343 2716 IPSec - ok
11:09:17.0390 2716 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:09:17.0390 2716 IRENUM - ok
11:09:17.0437 2716 [ cc9f8a2d60aed1a51a3ac34c59b987ae ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:09:17.0437 2716 isapnp - ok
11:09:17.0468 2716 [ 1b6162fe7f66b1a71a4b70f941c4aa9b ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:09:17.0468 2716 Kbdclass - ok
11:09:17.0500 2716 [ 86c8f23616c6c6e5b2776901c17b945b ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:09:17.0515 2716 kbdhid - ok
11:09:17.0546 2716 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:09:17.0546 2716 kmixer - ok
11:09:17.0562 2716 [ 1705745d900dabf2d89f90ebaddc7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:09:17.0578 2716 KSecDD - ok
11:09:17.0640 2716 [ 21920ac69594ab021237054fa728fe46 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:09:17.0640 2716 lanmanserver - ok
11:09:17.0671 2716 [ 5190783f51a2d7a8495202c664d7c963 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:09:17.0687 2716 lanmanworkstation - ok
11:09:17.0703 2716 lbrtfdc - ok
11:09:17.0781 2716 [ 0ab159f536e3e8f7f07113702a07cca5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:09:17.0781 2716 LmHosts - ok
11:09:17.0859 2716 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:09:17.0859 2716 MBAMProtector - ok
11:09:17.0953 2716 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:09:17.0968 2716 MBAMService - ok
11:09:18.0015 2716 [ 221cd1c815b8a6b79389c3f5d1018de8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:09:18.0015 2716 Messenger - ok
11:09:18.0078 2716 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:09:18.0078 2716 mnmdd - ok
11:09:18.0109 2716 [ 9a57d046f88f4b69751b11fd40088a61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:09:18.0125 2716 mnmsrvc - ok
11:09:18.0171 2716 [ 44032b0c6d9954d3fd26438330b99ee7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:09:18.0171 2716 Modem - ok
11:09:18.0187 2716 Momclid - ok
11:09:18.0250 2716 [ 4cb582831dbde63ce43b45d771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:09:18.0250 2716 Mouclass - ok
11:09:18.0312 2716 [ bb269eba740737ab749b214d568b6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:09:18.0312 2716 mouhid - ok
11:09:18.0343 2716 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:09:18.0343 2716 MountMgr - ok
11:09:18.0406 2716 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:09:18.0406 2716 MozillaMaintenance - ok
11:09:18.0421 2716 mraid35x - ok
11:09:18.0453 2716 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:09:18.0468 2716 MRxDAV - ok
11:09:18.0531 2716 [ 68755f0ff16070178b54674fe5b847b0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:09:18.0531 2716 MRxSmb - ok
11:09:18.0578 2716 [ 6db4d1521caba9a5ffab54ade0ae867d ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:09:18.0578 2716 MSDTC - ok
11:09:18.0609 2716 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:09:18.0625 2716 Msfs - ok
11:09:18.0640 2716 MSIServer - ok
11:09:18.0687 2716 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:09:18.0687 2716 MSKSSRV - ok
11:09:18.0750 2716 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:09:18.0750 2716 MSPCLOCK - ok
11:09:18.0781 2716 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:09:18.0781 2716 MSPQM - ok
11:09:18.0828 2716 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:09:18.0843 2716 mssmbios - ok
11:09:18.0859 2716 [ 2f625d11385b1a94360bfc70aaefdee1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:09:18.0875 2716 Mup - ok
11:09:18.0953 2716 [ 6ea362e9db03d44f6b996f4d8be237e9 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:09:18.0968 2716 napagent - ok
11:09:19.0015 2716 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:09:19.0015 2716 NDIS - ok
11:09:19.0031 2716 [ 1ab3d00c991ab086e69db84b6c0ed78f ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:09:19.0046 2716 NdisTapi - ok
11:09:19.0078 2716 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:09:19.0078 2716 Ndisuio - ok
11:09:19.0093 2716 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:09:19.0109 2716 NdisWan - ok
11:09:19.0125 2716 [ 6215023940cfd3702b46abc304e1d45a ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:09:19.0140 2716 NDProxy - ok
11:09:19.0203 2716 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:09:19.0218 2716 NetBIOS - ok
11:09:19.0234 2716 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:09:19.0250 2716 NetBT - ok
11:09:19.0312 2716 [ 933de774986ec85e48210c44ab431de6 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:09:19.0328 2716 NetDDE - ok
11:09:19.0343 2716 [ 933de774986ec85e48210c44ab431de6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:09:19.0359 2716 NetDDEdsdm - ok
11:09:19.0406 2716 [ ed0a176354487ceed65b80a7148ab739 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:09:19.0406 2716 Netlogon - ok
11:09:19.0437 2716 [ 72e1e9e2977be08bdeedb6d8fd9d4d40 ] Netman C:\WINDOWS\System32\netman.dll
11:09:19.0453 2716 Netman - ok
11:09:19.0484 2716 [ aac97dab5f8a0573cf10e0eac42a7724 ] Nla C:\WINDOWS\System32\mswsock.dll
11:09:19.0484 2716 Nla - ok
11:09:19.0500 2716 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:09:19.0515 2716 Npfs - ok
11:09:19.0562 2716 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:09:19.0578 2716 Ntfs - ok
11:09:19.0593 2716 [ ed0a176354487ceed65b80a7148ab739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:09:19.0609 2716 NtLmSsp - ok
11:09:19.0687 2716 [ 023dd70573d644f3d9c8b1258a7bfd08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:09:19.0750 2716 NtmsSvc - ok
11:09:19.0781 2716 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
11:09:19.0796 2716 Null - ok
11:09:19.0859 2716 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:09:19.0859 2716 NwlnkFlt - ok
11:09:19.0890 2716 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:09:19.0890 2716 NwlnkFwd - ok
11:09:19.0953 2716 [ 46f8db73b4a53e543f8e371dc7c75bae ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:09:19.0953 2716 Parport - ok
11:09:19.0984 2716 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:09:19.0984 2716 PartMgr - ok
11:09:20.0046 2716 [ 1fae19d0457176318bba4a8795656ebc ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:09:20.0046 2716 ParVdm - ok
11:09:20.0062 2716 [ 6ce351d149cb4befc702951e471e1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:09:20.0078 2716 PCI - ok
11:09:20.0093 2716 PCIDump - ok
11:09:20.0140 2716 [ 2da4ec85e0ea7a45c6b2a05820492d5a ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:09:20.0140 2716 PCIIde - ok
11:09:20.0187 2716 [ 4fc31e6c19a5ce5198b1abff94cae758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:09:20.0187 2716 Pcmcia - ok
11:09:20.0203 2716 PDCOMP - ok
11:09:20.0234 2716 PDFRAME - ok
11:09:20.0265 2716 PDRELI - ok
11:09:20.0296 2716 PDRFRAME - ok
11:09:20.0312 2716 perc2 - ok
11:09:20.0343 2716 perc2hib - ok
11:09:20.0453 2716 [ f0d2ae69035092bf22dad6b50fab85c2 ] PlugPlay C:\WINDOWS\system32\services.exe
11:09:20.0468 2716 PlugPlay - ok
11:09:20.0484 2716 [ ed0a176354487ceed65b80a7148ab739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:09:20.0500 2716 PolicyAgent - ok
11:09:20.0531 2716 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:09:20.0531 2716 PptpMiniport - ok
11:09:20.0546 2716 [ ed0a176354487ceed65b80a7148ab739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:09:20.0562 2716 ProtectedStorage - ok
11:09:20.0578 2716 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:09:20.0593 2716 PSched - ok
11:09:20.0640 2716 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:09:20.0640 2716 Ptilink - ok
11:09:20.0703 2716 [ 153d02480a0a2f45785522e814c634b6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:09:20.0703 2716 PxHelp20 - ok
11:09:20.0718 2716 ql1080 - ok
11:09:20.0750 2716 Ql10wnt - ok
11:09:20.0765 2716 ql12160 - ok
11:09:20.0796 2716 ql1240 - ok
11:09:20.0828 2716 ql1280 - ok
11:09:20.0890 2716 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:09:20.0890 2716 RasAcd - ok
11:09:20.0953 2716 [ 2b5e44ea009f2f374b980e1e9a70635d ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:09:20.0953 2716 RasAuto - ok
11:09:21.0000 2716 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:09:21.0000 2716 Rasl2tp - ok
11:09:21.0093 2716 [ d57554c664b64604bd1ee13ea2c07e77 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:09:21.0109 2716 RasMan - ok
11:09:21.0125 2716 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:09:21.0140 2716 RasPppoe - ok
11:09:21.0187 2716 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:09:21.0187 2716 Raspti - ok
11:09:21.0218 2716 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:09:21.0218 2716 Rdbss - ok
11:09:21.0234 2716 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:09:21.0250 2716 RDPCDD - ok
11:09:21.0281 2716 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:09:21.0296 2716 rdpdr - ok
11:09:21.0359 2716 [ 6728e45b66f93c08f11de2e316fc70dd ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:09:21.0375 2716 RDPWD - ok
11:09:21.0437 2716 [ c0d9d9711cb74ee9bc66353d8cbdab0e ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:09:21.0453 2716 RDSessMgr - ok
11:09:21.0500 2716 [ 611bfd220305be3a85ae876ea47d4aa5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:09:21.0500 2716 redbook - ok
11:09:21.0546 2716 [ 127c26b5371651043450e52542099aba ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:09:21.0546 2716 RemoteAccess - ok
11:09:21.0609 2716 [ 8f31505484a190d5b22274708799f4ec ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:09:21.0625 2716 RemoteRegistry - ok
11:09:21.0687 2716 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:09:21.0703 2716 RFCOMM - ok
11:09:21.0734 2716 [ 718b3bdc0bc3c2f7d065a53d26202af9 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:09:21.0750 2716 RpcLocator - ok
11:09:21.0796 2716 [ c868f3ae15cf71a93f2aa3a32856d839 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:09:21.0812 2716 RpcSs - ok
11:09:21.0859 2716 [ 09ab2e71e58b078038e3bfdba7ffc984 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:09:21.0875 2716 RSVP - ok
11:09:21.0906 2716 [ ed0a176354487ceed65b80a7148ab739 ] SamSs C:\WINDOWS\system32\lsass.exe
11:09:21.0921 2716 SamSs - ok
11:09:21.0968 2716 [ 410046e401eb11e1e6749e9deea41d4a ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:09:21.0984 2716 SCardSvr - ok
11:09:22.0031 2716 [ 3ff232a7731621b8902d81d42418c93c ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:09:22.0046 2716 Schedule - ok
11:09:22.0109 2716 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:09:22.0109 2716 Secdrv - ok
11:09:22.0156 2716 [ 477e2c3cc5e4a0d635bcb0ea8dcac3c6 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:09:22.0171 2716 seclogon - ok
11:09:22.0187 2716 [ a530b75c10c23c9ab28fdb6ce719e21f ] SENS C:\WINDOWS\system32\sens.dll
11:09:22.0203 2716 SENS - ok
11:09:22.0234 2716 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:09:22.0234 2716 serenum - ok
11:09:22.0250 2716 [ b842729337c9b921615c40d3c1a1af96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:09:22.0265 2716 Serial - ok
11:09:22.0343 2716 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:09:22.0343 2716 Sfloppy - ok
11:09:22.0406 2716 [ f58faca9621d2db01bd0927d9a0a208e ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:09:22.0421 2716 SharedAccess - ok
11:09:22.0453 2716 [ b927443008910b412bec72fc41c1bad0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:09:22.0453 2716 ShellHWDetection - ok
11:09:22.0468 2716 Simbad - ok
11:09:22.0515 2716 Sparrow - ok
11:09:22.0562 2716 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:09:22.0562 2716 splitter - ok
11:09:22.0625 2716 [ cb1090bca0e7b40d0b5b4e4d66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:09:22.0640 2716 Spooler - ok
11:09:22.0671 2716 [ 94610c8653635e4459316a0050d55ce7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:09:22.0671 2716 sr - ok
11:09:22.0734 2716 [ 35b91147124f64ac8081a2edb9ea4dee ] srservice C:\WINDOWS\system32\srsvc.dll
11:09:22.0750 2716 srservice - ok
11:09:22.0781 2716 [ 5252605079810904e31c332e241cd59b ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:09:22.0781 2716 Srv - ok
11:09:22.0828 2716 [ 64e44acd8c238fcbbb78f0ba4bdc4b05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
11:09:22.0843 2716 ssadbus - ok
11:09:22.0890 2716 [ bb2c84a15c765da89fd832b0e73f26ce ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
11:09:22.0890 2716 ssadmdfl - ok
11:09:22.0921 2716 [ 6d0d132ddc6f43eda00dced6d8b1ca31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
11:09:22.0921 2716 ssadmdm - ok
11:09:22.0953 2716 [ 1a5a397bc459f346ab56492b61ef79f6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
11:09:22.0953 2716 ssadserd - ok
11:09:23.0015 2716 [ 069351a1d7d291013177a90ae6edccbc ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
11:09:23.0015 2716 sscdbus - ok
11:09:23.0046 2716 [ 1c925be223a5c0f9f469252292a48df6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
11:09:23.0046 2716 sscdmdfl - ok
11:09:23.0078 2716 [ ae3e77ae0fbdb07eb1ac3fed74a0695e ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
11:09:23.0078 2716 sscdmdm - ok
11:09:23.0140 2716 [ becd5271dc4e3b7c3d035f790fcbc1e5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:09:23.0156 2716 SSDPSRV - ok
11:09:23.0203 2716 [ c1cdd9275f6a115bb0ae1d55d8d27ba6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:09:23.0218 2716 stisvc - ok
11:09:23.0281 2716 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:09:23.0296 2716 swenum - ok
11:09:23.0312 2716 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:09:23.0328 2716 swmidi - ok
11:09:23.0343 2716 SwPrv - ok
11:09:23.0375 2716 symc810 - ok
11:09:23.0406 2716 symc8xx - ok
11:09:23.0437 2716 sym_hi - ok
11:09:23.0468 2716 sym_u3 - ok
11:09:23.0515 2716 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:09:23.0515 2716 sysaudio - ok
11:09:23.0578 2716 [ ce06f01b88ace199a1bf460cac29c110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:09:23.0593 2716 SysmonLog - ok
11:09:23.0656 2716 [ c2546cd7a398476f9df5614b2ae160e8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:09:23.0671 2716 TapiSrv - ok
11:09:23.0718 2716 [ 93ea8d04ec73a85db02eb8805988f733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:09:23.0734 2716 Tcpip - ok
11:09:23.0765 2716 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:09:23.0781 2716 TDPIPE - ok
11:09:23.0812 2716 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:09:23.0812 2716 TDTCP - ok
11:09:23.0859 2716 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:09:23.0859 2716 TermDD - ok
11:09:23.0953 2716 [ a75dd6fc3dbee4fff5ebc9f2c28bb66e ] TermService C:\WINDOWS\System32\termsrv.dll
11:09:23.0953 2716 TermService - ok
11:09:23.0984 2716 [ b927443008910b412bec72fc41c1bad0 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:09:24.0000 2716 Themes - ok
11:09:24.0062 2716 [ cd0cc7b167d78043a41c98d4921efb54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:09:24.0078 2716 TlntSvr - ok
11:09:24.0093 2716 TosIde - ok
11:09:24.0140 2716 [ 38853304ccb938d30e0c4cde8d2c2a8a ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:09:24.0156 2716 TrkWks - ok
11:09:24.0218 2716 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:09:24.0218 2716 Udfs - ok
11:09:24.0234 2716 ultra - ok
11:09:24.0281 2716 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:09:24.0296 2716 Update - ok
11:09:24.0343 2716 [ 651bd90dcee5b7bdc74a2eb7c9266f9e ] upnphost C:\WINDOWS\System32\upnphost.dll
11:09:24.0343 2716 upnphost - ok
11:09:24.0390 2716 [ 20a0f6a11959e92908717d09e87d670d ] UPS C:\WINDOWS\System32\ups.exe
11:09:24.0406 2716 UPS - ok
11:09:24.0468 2716 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:09:24.0468 2716 usbehci - ok
11:09:24.0546 2716 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:09:24.0546 2716 usbhub - ok
11:09:24.0593 2716 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:09:24.0593 2716 usbscan - ok
11:09:24.0625 2716 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:09:24.0625 2716 USBSTOR - ok
11:09:24.0671 2716 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:09:24.0671 2716 usbuhci - ok
11:09:24.0687 2716 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:09:24.0703 2716 VgaSave - ok
11:09:24.0718 2716 ViaIde - ok
11:09:24.0781 2716 [ 28a4b296b47782173c346e376cb374d1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:09:24.0781 2716 VolSnap - ok
11:09:24.0875 2716 [ d6ba1a63d9e00933f1cd2a885573afb2 ] VSS C:\WINDOWS\System32\vssvc.exe
11:09:24.0890 2716 VSS - ok
11:09:24.0921 2716 [ fa4e1cdba256787f2149f4aad07bc91f ] W32Time C:\WINDOWS\system32\w32time.dll
11:09:24.0937 2716 W32Time - ok
11:09:24.0984 2716 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:09:24.0984 2716 Wanarp - ok
11:09:25.0046 2716 [ bbcfeab7e871cddac2d397ee7fa91fdc ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:09:25.0062 2716 Wdf01000 - ok
11:09:25.0078 2716 WDICA - ok
11:09:25.0125 2716 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:09:25.0125 2716 wdmaud - ok
11:09:25.0171 2716 [ 47ae51048a82dfa1cd6b51d369f7e169 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:09:25.0187 2716 WebClient - ok
11:09:25.0281 2716 [ e488332126e3b1182d2b8a0c35408ec6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:09:25.0281 2716 winmgmt - ok
11:09:25.0375 2716 [ fd600b032e741eb6aab509fc630f7c42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:09:25.0375 2716 WinUSB - ok
11:09:25.0421 2716 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:09:25.0437 2716 WmdmPmSN - ok
11:09:25.0515 2716 [ 6538d6bde04b56737fe743c24d4ce83d ] Wmi C:\WINDOWS\System32\advapi32.dll
11:09:25.0515 2716 Wmi - ok
11:09:25.0609 2716 [ 23f6f03272f7e5679f1f050aed5acee6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:09:25.0609 2716 WmiApSrv - ok
11:09:25.0640 2716 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:09:25.0656 2716 WpdUsb - ok
11:09:25.0750 2716 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:09:25.0750 2716 WPFFontCache_v0400 - ok
11:09:25.0812 2716 [ 4c86d5faf78194995af9cc1075f65dd3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:09:25.0828 2716 wscsvc - ok
11:09:25.0875 2716 [ c1364564800ee9784192145324a23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:09:25.0890 2716 wuauserv - ok
11:09:25.0953 2716 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:09:25.0953 2716 WudfPf - ok
11:09:26.0000 2716 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:09:26.0000 2716 WudfRd - ok
11:09:26.0031 2716 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:09:26.0046 2716 WudfSvc - ok
11:09:26.0140 2716 [ a27d4ba7264c0bf52f32d10405bea1d4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:09:26.0156 2716 WZCSVC - ok
11:09:26.0218 2716 [ 8847b26a6615d51f3cd06f13f2d8a2d7 ] XGIGraphics C:\WINDOWS\system32\DRIVERS\xg20grp.sys
11:09:26.0234 2716 XGIGraphics - ok
11:09:26.0296 2716 [ eaa4bb9edb3fb10cf8979fe65e63658f ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:09:26.0328 2716 xmlprov - ok
11:09:26.0375 2716 [ 7597e0c770bd8ce1beb552b0a756bdb7 ] ZD1211U(OvisLink) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
11:09:26.0375 2716 ZD1211U(OvisLink) - ok
11:09:26.0406 2716 [ 29c917279d79848b3dd94909fc00e2a8 ] ZDPNDIS5 C:\WINDOWS\system32\ZDPNDIS5.SYS
11:09:26.0421 2716 ZDPNDIS5 - ok
11:09:26.0453 2716 ================ Scan global ===============================
11:09:26.0500 2716 (f36278e42c8c5df03ce17dac8231c91c) C:\WINDOWS\system32\basesrv.dll
11:09:26.0562 2716 (77a41c497adb0c96d1e8df6f71d843c0) C:\WINDOWS\system32\winsrv.dll
11:09:26.0593 2716 (77a41c497adb0c96d1e8df6f71d843c0) C:\WINDOWS\system32\winsrv.dll
11:09:26.0625 2716 (f0d2ae69035092bf22dad6b50fab85c2) C:\WINDOWS\system32\services.exe
11:09:26.0640 2716 [Global] - ok
11:09:26.0640 2716 ================ Scan MBR ==================================
11:09:26.0671 2716 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
11:09:26.0859 2716 \Device\Harddisk0\DR0 - ok
11:09:26.0875 2716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:09:26.0890 2716 \Device\Harddisk1\DR1 - ok
11:09:26.0890 2716 ================ Scan VBR ==================================
11:09:26.0906 2716 Boot (0x1200) (65b595474391ba0604c6e89d4a45753a) \Device\Harddisk0\DR0\Partition1
11:09:26.0921 2716 \Device\Harddisk0\DR0\Partition1 - ok
11:09:26.0921 2716 ============================================================
11:09:26.0921 2716 Scan finished
11:09:26.0921 2716 ============================================================
11:09:26.0968 2772 Detected object count: 0
11:09:26.0968 2772 Actual detected object count: 0
11:09:57.0359 0324 Deinitialize success

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

Combofix zkus v nouz. režimu.

Combofix
PC mi bohuzel v nouzovem rezimu nenabehne - nevim proc, hned po jeho volbe mi v rohu cerne obrazovky blika kurzor, dal uz nic


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 20:52:16
-----------------------------
20:52:16.046 OS Version: Windows 5.1.2600 Service Pack 3
20:52:16.046 Number of processors: 2 586 0x401
20:52:16.046 ComputerName: A-B47928693AE64 UserName: a
20:52:16.781 Initialize success
20:52:17.062 AVAST engine defs: 12081600
20:52:24.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:52:24.453 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
20:52:24.453 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
20:52:24.453 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
20:52:24.484 Disk 0 MBR read successfully
20:52:24.500 Disk 0 MBR scan
20:52:24.500 Disk 0 Windows XP default MBR code
20:52:24.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
20:52:24.515 Disk 0 scanning sectors +156232125
20:52:24.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:52:40.312 Service scanning
20:52:56.609 Modules scanning
20:53:02.781 Disk 0 trace - called modules:
20:53:02.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:53:02.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a653ab8]
20:53:02.875 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a654d98]
20:53:03.203 AVAST engine scan C:\WINDOWS
20:53:09.015 AVAST engine scan C:\WINDOWS\system32
20:55:53.906 AVAST engine scan C:\WINDOWS\system32\drivers
20:56:09.765 AVAST engine scan C:\Documents and Settings\a
20:58:25.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\a\Plocha\MBR.dat"
20:58:25.109 The log file has been saved successfully to "C:\Documents and Settings\a\Plocha\aswMBR.txt"



SecurityCheck
Checkup

Results of screen317's Security Check version 0.99.44
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware verze 1.62.0.1300
Toolbar Cleaner 1.0
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Stáhni si rkill
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

Pak zkus v norm. režimu Combofix.

koukni , co je v této složce:
C:\Documents and Settings\a

rkill probehl, log byl prazdny
Combofix opet spadne
C:\Documents and Settings\a mnou vytvoreny uzivatel a

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si a nainstaluj WhoCrashed

otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2012/08/20 8:42:57

-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801GB Ultra ATA Storage Controllers - 27DF [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-4163B
+ Intel(R) 82801GB Serial ATA Storage Controllers - 27C0 [ATA]
+ Primární kanál IDE (0)
- HDS728080PLA380
+ Sekundární kanál IDE (1)
- WDC WD20EARS-00MVWB0

-- Disk List ---------------------------------------------------------------
(1) HDS728080PLA380 : 80,0 GB [0/1/0, pd1]
(2) WDC WD20EARS-00MVWB0 : 2000,3 GB [1/2/0, pd1]

----------------------------------------------------------------------------
(1) HDS728080PLA380
----------------------------------------------------------------------------
Model : HDS728080PLA380
Firmware : PF2OA63A
Serial Number : PF1B9BEKTT035K
Disk Size : 80,0 GB (8,4/80,0/80,0)
Buffer Size : 7677 KB
Queue Depth : 32
# of Sectors : 156250000
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 1
Transfer Mode : SATA/300
Power On Hours : 34611 hod.
Power On Count : 597 krát
Temparature : 31 C (87 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : 8080h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _16 000000010000 Počet chyb čtení
02 157 157 _50 0000000000D7 Průchodnost disku
03 111 111 _24 000300B200B5 Čas na roztočení ploten
04 100 100 __0 000000000255 Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 142 142 _20 00000000001C Čas potřebný na vyhledání
09 _96 _96 __0 000000008733 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 000000000255 Počet cyklů zapnutí zařízení
C0 100 100 _50 000000000382 Počet vypnutí disku
C1 100 100 _50 000000000382 Počet cyklů načítání/vymazání
C2 177 177 __0 002D0010001F Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 5046 3142 454B 454B 5454 3033 354B
020: 0003 3BFA 0034 5046 324F 3341 3341 4844 5337 3238
030: 3038 3050 4C41 3338 3020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: 2F90 0950 0000 0007 0003 0078 0078 00F0 0078 0000
070: 0000 0000 0000 0000 0000 0306 0306 0000 005E 0040
080: 00FC 001A 346B 7FE9 4773 3E01 3E01 4763 207F 0016
090: 0000 0000 FFFE 0000 8080 00CA 00CA 00F9 2710 0000
100: 2F90 0950 0000 0000 00CA 0000 0000 5A87 5000 CCA3
110: 0FE7 184C 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 000B
130: 0000 0000 3B82 0DB1 FE20 4000 4000 0004 0000 0000
140: 0000 11F7 28E0 131A 0300 3F7F 3F7F 00C0 0040 2B00
150: 8000 0000 3246 4436 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 2FA5

----------------------------------------------------------------------------
(2) WDC WD20EARS-00MVWB0
----------------------------------------------------------------------------
Model : WDC WD20EARS-00MVWB0
Firmware : 51.0AB51
Serial Number : WD-WCAZA7190532
Disk Size : 2000,3 GB (8,4/137,4/2000,3)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 1162 hod.
Power On Count : 553 krát
Temparature : 27 C (80 F)
Health Status : Pozor
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 198 _51 000000000000 Počet chyb čtení
03 253 225 _21 0000000003C6 Čas na roztočení ploten
04 100 100 __0 000000000251 Počet spuštění/zastavení
05 200 200 140 000000000001 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _99 _99 __0 00000000048A Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 000000000229 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000003E Počet vypnutí disku
C1 197 197 __0 0000000029B0 Počet cyklů načítání/vymazání
C2 123 111 __0 00000000001B Teplota
C4 199 199 __0 000000000001 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000008 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4137 4137 3139 3035 3332
020: 0000 0000 0032 3531 2E30 3531 3531 5744 4320 5744
030: 3230 4541 5253 2D30 304D 4230 4230 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1706 1706 0000 0044 0040
080: 01FE 0000 746B 7D61 4123 BC41 BC41 4123 207F 00B9
090: 00B9 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 88B0 E8E0 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 05D8 9606 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 3035 3035 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 FBA5





--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 3.06
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.


To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.



--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: A-B47928693AE64
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) 4 CPU 2.80GHz Intel586, level: 15
2 logical processors, active mask: 3
RAM: 2146742272 total
VM: 2147352576, free: 2060693504



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Fri 17.8.2012 6:39:33 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081712-01.dmp
This was probably caused by the following module: catchme.sys (catchme+0x10D7)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF896D2290, 0xFFFFFFFF896D26A8, 0x1A830001)
Error: BAD_POOL_HEADER
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: catchme.sys .
Google query: catchme.sys BAD_POOL_HEADER




On Thu 16.8.2012 9:55:46 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081612-02.dmp
This was probably caused by the following module: catchme.sys (catchme+0x10D7)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF89514000, 0xFFFFFFFF89514418, 0x1A830000)
Error: BAD_POOL_HEADER
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: catchme.sys .
Google query: catchme.sys BAD_POOL_HEADER




On Thu 16.8.2012 9:36:52 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081612-01.dmp
This was probably caused by the following module: catchme.sys (catchme+0x10D7)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF89407298, 0xFFFFFFFF894076B0, 0x1A830006)
Error: BAD_POOL_HEADER
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: catchme.sys .
Google query: catchme.sys BAD_POOL_HEADER





--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

3 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

catchme.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)


(2) WDC WD20EARS-00MVWB0
000000000001 Počet udalostí s číslem realokování sektorů
000000000008 Počet chyb při zápisu sektorů
000000000001 Počet přemapovaných sektorů
Ten Ti pomalu odchází , zazálohuj si potřebné a reklamuj , čí kup nový.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.