PC-HELP.CZ

Dobrý den
Už nějakou dobu (dva měsíce) mám problém s internetem.
projevuje se to takto:
ze začátku připojení docela dobrý za chvíli (třeba 5 min ) mi upload spadne na velmi malé číslo,nebo se mi zablokuje připojení úplně(nelze se připojit k poskytovateli -používám připojení PPPoE (avonet zlín)
Zkoušel jsem přeinstalovat ovladače, novou síťovou kartu,dokonce jsem shodou okolností nedávno přeinstaloval windous-XP (včetne všech programů-zformátoval jsem disk C)
Samozřejmě jsem předtím projížděl počítač antivirem (avast,MWAVSCAN,Malwarebytes Anti-Malware)a protože tyto programy nějaké svinstvo našli a to i po formátu disku C. a většinou se ty svinstva objevují znova tak bych potřeboval pročistit počítač pořádně a možná tím i odstraním problém s připojením na internet.
Zde jsou nejčastěji zachycené hrozby: Bv:autorun-s,Win32:Confi,Win32:Malvare-gen
Prosím pomozte už jsem steho úplně vyřízený.

prozačátek jsem dávám log z HijackThis

mám win XP,používám Google Chrome

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:14, on 5.12.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVAST\AvastSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST\avastUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
D:\luboš\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5514 bytes

fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

tak jsem to fix

Malwarebytes' Anti-Malware jsem ho měl už nainstalovaného tak jsem jenom provedl aktualizaci a provedl sken
tady je výsledek:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.05.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
skrcek :: SKRCEK-5DE342BF [administrátor]

Ochrana: Zakázána

5.12.2012 18:01:57
mbam-log-2012-12-05 (18-01-57).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208761
Uplynulý čas: 2 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)



ještě takový dodatek když jsem projížděl v uterý počítač avastem tak to našlo viry i na disku D: a E: (Bv:autorun-s)

Jestli si formátoval oba disky , žádný malware to nepřežije...

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

na počítači mám dva disky
-jeden je rozdělený na C a D, z toho C je systémový (a jen ten jsem formátoval)
-druhý je označen E

tady jsou ty logy:

19:47:55.0171 4012 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:47:55.0203 4012 ============================================================
19:47:55.0203 4012 Current date / time: 2012/12/05 19:47:55.0203
19:47:55.0203 4012 SystemInfo:
19:47:55.0203 4012
19:47:55.0203 4012 OS Version: 5.1.2600 ServicePack: 2.0
19:47:55.0203 4012 Product type: Workstation
19:47:55.0203 4012 ComputerName: SKRCEK-5DE342BF
19:47:55.0203 4012 UserName: skrcek
19:47:55.0203 4012 Windows directory: C:\WINNT
19:47:55.0203 4012 System windows directory: C:\WINNT
19:47:55.0203 4012 Processor architecture: Intel x86
19:47:55.0203 4012 Number of processors: 2
19:47:55.0203 4012 Page size: 0x1000
19:47:55.0203 4012 Boot type: Normal boot
19:47:55.0203 4012 ============================================================
19:47:56.0343 4012 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:47:56.0343 4012 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:47:56.0343 4012 ============================================================
19:47:56.0343 4012 \Device\Harddisk0\DR0:
19:47:56.0343 4012 MBR partitions:
19:47:56.0343 4012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
19:47:56.0359 4012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x6DF8F4B
19:47:56.0359 4012 \Device\Harddisk1\DR1:
19:47:56.0359 4012 MBR partitions:
19:47:56.0359 4012 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:47:56.0359 4012 ============================================================
19:47:56.0359 4012 C: <-> \Device\Harddisk0\DR0\Partition1
19:47:56.0406 4012 E: <-> \Device\Harddisk1\DR1\Partition1
19:47:56.0437 4012 D: <-> \Device\Harddisk0\DR0\Partition2
19:47:56.0437 4012 ============================================================
19:47:56.0437 4012 Initialize success
19:47:56.0437 4012 ============================================================
19:48:09.0437 4040 ============================================================
19:48:09.0437 4040 Scan started
19:48:09.0437 4040 Mode: Manual;
19:48:09.0437 4040 ============================================================
19:48:10.0093 4040 ================ Scan system memory ========================
19:48:10.0093 4040 System memory - ok
19:48:10.0093 4040 ================ Scan services =============================
19:48:10.0265 4040 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINNT\system32\drivers\Aavmker4.sys
19:48:10.0265 4040 Aavmker4 - ok
19:48:10.0265 4040 Abiosdsk - ok
19:48:10.0265 4040 abp480n5 - ok
19:48:10.0296 4040 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
19:48:10.0296 4040 ACPI - ok
19:48:10.0328 4040 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
19:48:10.0328 4040 ACPIEC - ok
19:48:10.0359 4040 [ 3637D692B25A842FB4BB7EA75B39184F ] ADIHdAudAddService C:\WINNT\system32\drivers\ADIHdAud.sys
19:48:10.0359 4040 ADIHdAudAddService - ok
19:48:10.0359 4040 adpu160m - ok
19:48:10.0375 4040 [ E8694FC1DAC061AD989506B470552415 ] AEAudio C:\WINNT\system32\drivers\AEAudio.sys
19:48:10.0375 4040 AEAudio - ok
19:48:10.0390 4040 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINNT\system32\drivers\aec.sys
19:48:10.0390 4040 aec - ok
19:48:10.0421 4040 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINNT\System32\drivers\afd.sys
19:48:10.0421 4040 AFD - ok
19:48:10.0421 4040 Aha154x - ok
19:48:10.0421 4040 aic116x - ok
19:48:10.0437 4040 aic78u2 - ok
19:48:10.0437 4040 aic78xx - ok
19:48:10.0453 4040 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINNT\system32\alrsvc.dll
19:48:10.0468 4040 Alerter - ok
19:48:10.0484 4040 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINNT\System32\alg.exe
19:48:10.0484 4040 ALG - ok
19:48:10.0484 4040 AliIde - ok
19:48:10.0500 4040 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 C:\WINNT\system32\DRIVERS\AmdK8.sys
19:48:10.0515 4040 AmdK8 - ok
19:48:10.0515 4040 ami0nt - ok
19:48:10.0515 4040 amsint - ok
19:48:10.0546 4040 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINNT\System32\appmgmts.dll
19:48:10.0546 4040 AppMgmt - ok
19:48:10.0578 4040 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys
19:48:10.0578 4040 Arp1394 - ok
19:48:10.0578 4040 asc - ok
19:48:10.0593 4040 asc3350p - ok
19:48:10.0593 4040 asc3550 - ok
19:48:10.0625 4040 [ 19A1DAC5BC607C212E8A94C05886ED52 ] AsIO C:\WINNT\system32\drivers\AsIO.sys
19:48:10.0625 4040 AsIO - ok
19:48:10.0687 4040 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:48:10.0687 4040 aspnet_state - ok
19:48:10.0718 4040 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINNT\system32\drivers\aswFsBlk.sys
19:48:10.0718 4040 aswFsBlk - ok
19:48:10.0734 4040 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINNT\system32\drivers\aswMon2.sys
19:48:10.0734 4040 aswMon2 - ok
19:48:10.0750 4040 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINNT\system32\drivers\AswRdr.sys
19:48:10.0750 4040 AswRdr - ok
19:48:10.0781 4040 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINNT\system32\drivers\aswSnx.sys
19:48:10.0781 4040 aswSnx - ok
19:48:10.0781 4040 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINNT\system32\drivers\aswSP.sys
19:48:10.0781 4040 aswSP - ok
19:48:10.0796 4040 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINNT\system32\drivers\aswTdi.sys
19:48:10.0796 4040 aswTdi - ok
19:48:10.0812 4040 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
19:48:10.0812 4040 AsyncMac - ok
19:48:10.0828 4040 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
19:48:10.0828 4040 atapi - ok
19:48:10.0843 4040 Atdisk - ok
19:48:10.0875 4040 [ AEB33A68E2476A4FB48EA99BE4526206 ] Ati HotKey Poller C:\WINNT\system32\Ati2evxx.exe
19:48:10.0890 4040 Ati HotKey Poller - ok
19:48:10.0921 4040 [ C148BD421F063443FE628F08099A1E48 ] ATI Smart C:\WINNT\system32\ati2sgag.exe
19:48:10.0921 4040 ATI Smart - ok
19:48:10.0984 4040 [ 7BABF1346886B8F08C1FD5424359583A ] ati2mtag C:\WINNT\system32\DRIVERS\ati2mtag.sys
19:48:10.0984 4040 ati2mtag - ok
19:48:11.0015 4040 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
19:48:11.0015 4040 Atmarpc - ok
19:48:11.0046 4040 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINNT\System32\audiosrv.dll
19:48:11.0046 4040 AudioSrv - ok
19:48:11.0078 4040 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
19:48:11.0078 4040 audstub - ok
19:48:11.0171 4040 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST\AvastSvc.exe
19:48:11.0171 4040 avast! Antivirus - ok
19:48:11.0187 4040 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
19:48:11.0187 4040 Beep - ok
19:48:11.0250 4040 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINNT\System32\qmgr.dll
19:48:11.0281 4040 BITS - ok
19:48:11.0328 4040 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINNT\System32\browser.dll
19:48:11.0328 4040 Browser - ok
19:48:11.0328 4040 BusLogic - ok
19:48:11.0359 4040 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
19:48:11.0359 4040 cbidf2k - ok
19:48:11.0390 4040 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINNT\system32\DRIVERS\CCDECODE.sys
19:48:11.0390 4040 CCDECODE - ok
19:48:11.0390 4040 cd20xrnt - ok
19:48:11.0421 4040 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
19:48:11.0421 4040 Cdaudio - ok
19:48:11.0453 4040 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
19:48:11.0453 4040 Cdfs - ok
19:48:11.0453 4040 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
19:48:11.0453 4040 Cdrom - ok
19:48:11.0468 4040 Changer - ok
19:48:11.0484 4040 [ 9E21229E04E1D301BB40222FE4641CB2 ] cisvc C:\WINNT\system32\cisvc.exe
19:48:11.0500 4040 cisvc - ok
19:48:11.0500 4040 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINNT\system32\clipsrv.exe
19:48:11.0515 4040 ClipSrv - ok
19:48:11.0531 4040 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:11.0578 4040 clr_optimization_v2.0.50727_32 - ok
19:48:11.0578 4040 CmdIde - ok
19:48:11.0578 4040 COMSysApp - ok
19:48:11.0593 4040 Cpqarray - ok
19:48:11.0593 4040 cpqarry2 - ok
19:48:11.0593 4040 cpqfcalm - ok
19:48:11.0609 4040 cpqfws2e - ok
19:48:11.0625 4040 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINNT\System32\cryptsvc.dll
19:48:11.0625 4040 CryptSvc - ok
19:48:11.0625 4040 dac2w2k - ok
19:48:11.0640 4040 dac960nt - ok
19:48:11.0671 4040 [ 676E6C3C8F3B4F8B64BE33FD20ADFCE2 ] DcomLaunch C:\WINNT\system32\rpcss.dll
19:48:11.0687 4040 DcomLaunch - ok
19:48:11.0687 4040 deckzpsx - ok
19:48:11.0718 4040 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
19:48:11.0718 4040 Dhcp - ok
19:48:11.0734 4040 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
19:48:11.0734 4040 Disk - ok
19:48:11.0734 4040 dmadmin - ok
19:48:11.0796 4040 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
19:48:11.0812 4040 dmboot - ok
19:48:11.0812 4040 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINNT\system32\DRIVERS\dmio.sys
19:48:11.0828 4040 dmio - ok
19:48:11.0828 4040 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
19:48:11.0843 4040 dmload - ok
19:48:11.0843 4040 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINNT\System32\dmserver.dll
19:48:11.0859 4040 dmserver - ok
19:48:11.0875 4040 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
19:48:11.0890 4040 DMusic - ok
19:48:11.0890 4040 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
19:48:11.0890 4040 Dnscache - ok
19:48:11.0906 4040 dpti2o - ok
19:48:11.0906 4040 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
19:48:11.0906 4040 drmkaud - ok
19:48:11.0937 4040 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINNT\system32\DRIVERS\dtsoftbus01.sys
19:48:11.0937 4040 dtsoftbus01 - ok
19:48:11.0953 4040 EFS - ok
19:48:11.0984 4040 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINNT\System32\ersvc.dll
19:48:11.0984 4040 ERSvc - ok
19:48:12.0015 4040 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINNT\system32\services.exe
19:48:12.0015 4040 Eventlog - ok
19:48:12.0031 4040 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINNT\System32\es.dll
19:48:12.0031 4040 EventSystem - ok
19:48:12.0078 4040 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
19:48:12.0093 4040 Fastfat - ok
19:48:12.0109 4040 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
19:48:12.0125 4040 FastUserSwitchingCompatibility - ok
19:48:12.0156 4040 [ 98328A1049627B72E5770BE009DB6C0A ] Fax C:\WINNT\system32\fxssvc.exe
19:48:12.0171 4040 Fax - ok
19:48:12.0171 4040 Fd16_700 - ok
19:48:12.0203 4040 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINNT\system32\DRIVERS\fdc.sys
19:48:12.0203 4040 Fdc - ok
19:48:12.0234 4040 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINNT\system32\drivers\Fips.sys
19:48:12.0234 4040 Fips - ok
19:48:12.0234 4040 fireport - ok
19:48:12.0234 4040 flashpnt - ok
19:48:12.0281 4040 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINNT\system32\DRIVERS\flpydisk.sys
19:48:12.0281 4040 Flpydisk - ok
19:48:12.0328 4040 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
19:48:12.0328 4040 FltMgr - ok
19:48:12.0343 4040 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
19:48:12.0343 4040 Fs_Rec - ok
19:48:12.0375 4040 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
19:48:12.0375 4040 Ftdisk - ok
19:48:12.0390 4040 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
19:48:12.0390 4040 Gpc - ok
19:48:12.0421 4040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:48:12.0437 4040 gupdate - ok
19:48:12.0437 4040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:48:12.0437 4040 gupdatem - ok
19:48:12.0453 4040 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINNT\system32\drivers\AtiHdAud.sys
19:48:12.0468 4040 HdAudAddService - ok
19:48:12.0484 4040 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINNT\system32\DRIVERS\HDAudBus.sys
19:48:12.0484 4040 HDAudBus - ok
19:48:12.0546 4040 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:48:12.0546 4040 helpsvc - ok
19:48:12.0546 4040 HidServ - ok
19:48:12.0578 4040 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINNT\system32\DRIVERS\hidusb.sys
19:48:12.0578 4040 hidusb - ok
19:48:12.0578 4040 hpn - ok
19:48:12.0609 4040 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
19:48:12.0609 4040 HTTP - ok
19:48:12.0640 4040 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
19:48:12.0640 4040 HTTPFilter - ok
19:48:12.0640 4040 i2omgmt - ok
19:48:12.0656 4040 i2omp - ok
19:48:12.0687 4040 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
19:48:12.0687 4040 i8042prt - ok
19:48:12.0703 4040 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
19:48:12.0703 4040 Imapi - ok
19:48:12.0734 4040 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINNT\System32\imapi.exe
19:48:12.0734 4040 ImapiService - ok
19:48:12.0750 4040 ini910u - ok
19:48:12.0750 4040 IntelIde - ok
19:48:12.0765 4040 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINNT\system32\drivers\ip6fw.sys
19:48:12.0765 4040 ip6fw - ok
19:48:12.0796 4040 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
19:48:12.0796 4040 IpFilterDriver - ok
19:48:12.0812 4040 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
19:48:12.0812 4040 IpInIp - ok
19:48:12.0812 4040 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
19:48:12.0828 4040 IpNat - ok
19:48:12.0843 4040 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSEC C:\WINNT\system32\DRIVERS\ipsec.sys
19:48:12.0843 4040 IPSEC - ok
19:48:12.0843 4040 ipsraidn - ok
19:48:12.0843 4040 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
19:48:12.0859 4040 IRENUM - ok
19:48:12.0875 4040 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
19:48:12.0875 4040 isapnp - ok
19:48:12.0921 4040 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:48:12.0921 4040 JavaQuickStarterService - ok
19:48:12.0937 4040 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
19:48:12.0937 4040 Kbdclass - ok
19:48:12.0953 4040 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINNT\system32\drivers\kmixer.sys
19:48:12.0953 4040 kmixer - ok
19:48:12.0968 4040 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
19:48:12.0968 4040 KSecDD - ok
19:48:13.0015 4040 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINNT\System32\srvsvc.dll
19:48:13.0015 4040 lanmanserver - ok
19:48:13.0062 4040 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
19:48:13.0062 4040 lanmanworkstation - ok
19:48:13.0078 4040 lbrtfdc - ok
19:48:13.0125 4040 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:48:13.0125 4040 LightScribeService - ok
19:48:13.0140 4040 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINNT\System32\lmhsvc.dll
19:48:13.0156 4040 LmHosts - ok
19:48:13.0156 4040 lp6nds35 - ok
19:48:13.0171 4040 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINNT\system32\drivers\mbam.sys
19:48:13.0187 4040 MBAMProtector - ok
19:48:13.0218 4040 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:48:13.0218 4040 MBAMScheduler - ok
19:48:13.0250 4040 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:48:13.0250 4040 MBAMService - ok
19:48:13.0265 4040 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINNT\System32\msgsvc.dll
19:48:13.0265 4040 Messenger - ok
19:48:13.0296 4040 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
19:48:13.0296 4040 mnmdd - ok
19:48:13.0328 4040 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe
19:48:13.0328 4040 mnmsrvc - ok
19:48:13.0359 4040 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINNT\system32\drivers\Modem.sys
19:48:13.0359 4040 Modem - ok
19:48:13.0359 4040 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
19:48:13.0359 4040 Mouclass - ok
19:48:13.0390 4040 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
19:48:13.0390 4040 mouhid - ok
19:48:13.0406 4040 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
19:48:13.0406 4040 MountMgr - ok
19:48:13.0421 4040 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINNT\system32\DRIVERS\MPE.sys
19:48:13.0437 4040 MPE - ok
19:48:13.0437 4040 mraid35x - ok
19:48:13.0437 4040 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
19:48:13.0437 4040 MRxDAV - ok
19:48:13.0468 4040 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
19:48:13.0468 4040 MRxSmb - ok
19:48:13.0500 4040 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINNT\system32\msdtc.exe
19:48:13.0500 4040 MSDTC - ok
19:48:13.0500 4040 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
19:48:13.0500 4040 Msfs - ok
19:48:13.0500 4040 MSIServer - ok
19:48:13.0531 4040 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
19:48:13.0531 4040 MSKSSRV - ok
19:48:13.0546 4040 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
19:48:13.0546 4040 MSPCLOCK - ok
19:48:13.0562 4040 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
19:48:13.0562 4040 MSPQM - ok
19:48:13.0578 4040 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
19:48:13.0578 4040 mssmbios - ok
19:48:13.0609 4040 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINNT\system32\drivers\MSTEE.sys
19:48:13.0609 4040 MSTEE - ok
19:48:13.0625 4040 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINNT\system32\DRIVERS\ASACPI.sys
19:48:13.0625 4040 MTsensor - ok
19:48:13.0640 4040 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINNT\system32\drivers\Mup.sys
19:48:13.0640 4040 Mup - ok
19:48:13.0656 4040 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINNT\system32\DRIVERS\NABTSFEC.sys
19:48:13.0656 4040 NABTSFEC - ok
19:48:13.0671 4040 Ncrc710 - ok
19:48:13.0687 4040 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINNT\system32\drivers\NDIS.sys
19:48:13.0687 4040 NDIS - ok
19:48:13.0703 4040 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINNT\system32\DRIVERS\NdisIP.sys
19:48:13.0703 4040 NdisIP - ok
19:48:13.0734 4040 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
19:48:13.0734 4040 NdisTapi - ok
19:48:13.0750 4040 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
19:48:13.0750 4040 Ndisuio - ok
19:48:13.0750 4040 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
19:48:13.0750 4040 NdisWan - ok
19:48:13.0765 4040 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
19:48:13.0765 4040 NDProxy - ok
19:48:13.0781 4040 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
19:48:13.0781 4040 NetBIOS - ok
19:48:13.0796 4040 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
19:48:13.0796 4040 NetBT - ok
19:48:13.0828 4040 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINNT\system32\netdde.exe
19:48:13.0843 4040 NetDDE - ok
19:48:13.0843 4040 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINNT\system32\netdde.exe
19:48:13.0843 4040 NetDDEdsdm - ok
19:48:13.0875 4040 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINNT\System32\lsass.exe
19:48:13.0890 4040 Netlogon - ok
19:48:13.0906 4040 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINNT\System32\netman.dll
19:48:13.0921 4040 Netman - ok
19:48:13.0937 4040 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys
19:48:13.0953 4040 NIC1394 - ok
19:48:13.0968 4040 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINNT\System32\mswsock.dll
19:48:13.0968 4040 Nla - ok
19:48:14.0015 4040 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:48:14.0031 4040 NMIndexingService - ok
19:48:14.0031 4040 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINNT\system32\drivers\Npfs.sys
19:48:14.0031 4040 Npfs - ok
19:48:14.0062 4040 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
19:48:14.0078 4040 Ntfs - ok
19:48:14.0078 4040 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINNT\System32\lsass.exe
19:48:14.0093 4040 NtLmSsp - ok
19:48:14.0109 4040 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
19:48:14.0125 4040 NtmsSvc - ok
19:48:14.0171 4040 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
19:48:14.0171 4040 Null - ok
19:48:14.0656 4040 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys
19:48:15.0140 4040 nv - ok
19:48:15.0171 4040 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
19:48:15.0171 4040 NwlnkFlt - ok
19:48:15.0171 4040 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
19:48:15.0171 4040 NwlnkFwd - ok
19:48:15.0203 4040 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys
19:48:15.0203 4040 ohci1394 - ok
19:48:15.0203 4040 Parallel - ok
19:48:15.0218 4040 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINNT\system32\drivers\Parport.sys
19:48:15.0218 4040 Parport - ok
19:48:15.0250 4040 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
19:48:15.0250 4040 PartMgr - ok
19:48:15.0281 4040 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
19:48:15.0281 4040 ParVdm - ok
19:48:15.0296 4040 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
19:48:15.0296 4040 PCI - ok
19:48:15.0312 4040 PCIDump - ok
19:48:15.0312 4040 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
19:48:15.0312 4040 PCIIde - ok
19:48:15.0343 4040 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
19:48:15.0343 4040 Pcmcia - ok
19:48:15.0359 4040 PDCOMP - ok
19:48:15.0359 4040 PDFRAME - ok
19:48:15.0359 4040 PDRELI - ok
19:48:15.0375 4040 PDRFRAME - ok
19:48:15.0375 4040 perc2 - ok
19:48:15.0375 4040 perc2hib - ok
19:48:15.0390 4040 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINNT\system32\services.exe
19:48:15.0406 4040 PlugPlay - ok
19:48:15.0406 4040 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINNT\System32\lsass.exe
19:48:15.0406 4040 PolicyAgent - ok
19:48:15.0437 4040 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
19:48:15.0437 4040 PptpMiniport - ok
19:48:15.0453 4040 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINNT\system32\DRIVERS\processr.sys
19:48:15.0453 4040 Processor - ok
19:48:15.0453 4040 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINNT\system32\lsass.exe
19:48:15.0453 4040 ProtectedStorage - ok
19:48:15.0468 4040 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
19:48:15.0468 4040 Ptilink - ok
19:48:15.0468 4040 ql1080 - ok
19:48:15.0484 4040 Ql10wnt - ok
19:48:15.0484 4040 ql12160 - ok
19:48:15.0484 4040 ql1240 - ok
19:48:15.0500 4040 ql1280 - ok
19:48:15.0500 4040 ql2100 - ok
19:48:15.0515 4040 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
19:48:15.0515 4040 RasAcd - ok
19:48:15.0531 4040 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINNT\System32\rasauto.dll
19:48:15.0546 4040 RasAuto - ok
19:48:15.0562 4040 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
19:48:15.0562 4040 Rasl2tp - ok
19:48:15.0578 4040 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINNT\System32\rasmans.dll
19:48:15.0578 4040 RasMan - ok
19:48:15.0578 4040 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
19:48:15.0593 4040 RasPppoe - ok
19:48:15.0593 4040 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
19:48:15.0593 4040 Raspti - ok
19:48:15.0609 4040 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
19:48:15.0609 4040 Rdbss - ok
19:48:15.0640 4040 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
19:48:15.0640 4040 RDPCDD - ok
19:48:15.0656 4040 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys
19:48:15.0656 4040 rdpdr - ok
19:48:15.0687 4040 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
19:48:15.0687 4040 RDPWD - ok
19:48:15.0703 4040 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINNT\system32\sessmgr.exe
19:48:15.0718 4040 RDSessMgr - ok
19:48:15.0734 4040 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
19:48:15.0750 4040 redbook - ok
19:48:15.0765 4040 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINNT\System32\mprdim.dll
19:48:15.0765 4040 RemoteAccess - ok
19:48:15.0781 4040 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINNT\system32\regsvc.dll
19:48:15.0796 4040 RemoteRegistry - ok
19:48:15.0796 4040 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINNT\System32\locator.exe
19:48:15.0796 4040 RpcLocator - ok
19:48:15.0812 4040 [ 676E6C3C8F3B4F8B64BE33FD20ADFCE2 ] RpcSs C:\WINNT\system32\rpcss.dll
19:48:15.0828 4040 RpcSs - ok
19:48:15.0843 4040 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINNT\System32\rsvp.exe
19:48:15.0843 4040 RSVP - ok
19:48:15.0875 4040 [ E9877AA069DC11B03DBD1D33B8B2A3CA ] RTL8023xp C:\WINNT\system32\DRIVERS\Rtlnicxp.sys
19:48:15.0875 4040 RTL8023xp - ok
19:48:15.0890 4040 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINNT\system32\DRIVERS\RTL8139.SYS
19:48:15.0890 4040 rtl8139 - ok
19:48:15.0906 4040 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINNT\system32\lsass.exe
19:48:15.0906 4040 SamSs - ok
19:48:15.0921 4040 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINNT\System32\SCardSvr.exe
19:48:15.0921 4040 SCardSvr - ok
19:48:15.0937 4040 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINNT\system32\schedsvc.dll
19:48:15.0937 4040 Schedule - ok
19:48:15.0968 4040 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
19:48:15.0968 4040 Secdrv - ok
19:48:15.0984 4040 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINNT\System32\seclogon.dll
19:48:15.0984 4040 seclogon - ok
19:48:16.0015 4040 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINNT\system32\drivers\Senfilt.sys
19:48:16.0015 4040 SenFiltService - ok
19:48:16.0031 4040 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINNT\system32\sens.dll
19:48:16.0046 4040 SENS - ok
19:48:16.0062 4040 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
19:48:16.0062 4040 serenum - ok
19:48:16.0078 4040 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
19:48:16.0078 4040 Serial - ok
19:48:16.0078 4040 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
19:48:16.0078 4040 Sfloppy - ok
19:48:16.0109 4040 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINNT\System32\ipnathlp.dll
19:48:16.0125 4040 SharedAccess - ok
19:48:16.0140 4040 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
19:48:16.0140 4040 ShellHWDetection - ok
19:48:16.0140 4040 Simbad - ok
19:48:16.0171 4040 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINNT\system32\DRIVERS\SLIP.sys
19:48:16.0171 4040 SLIP - ok
19:48:16.0171 4040 Sparrow - ok
19:48:16.0187 4040 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINNT\system32\drivers\splitter.sys
19:48:16.0187 4040 splitter - ok
19:48:16.0203 4040 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINNT\system32\spoolsv.exe
19:48:16.0203 4040 Spooler - ok
19:48:16.0234 4040 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINNT\system32\DRIVERS\sr.sys
19:48:16.0234 4040 sr - ok
19:48:16.0250 4040 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINNT\System32\srsvc.dll
19:48:16.0265 4040 srservice - ok
19:48:16.0265 4040 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINNT\system32\DRIVERS\srv.sys
19:48:16.0265 4040 Srv - ok
19:48:16.0296 4040 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
19:48:16.0296 4040 SSDPSRV - ok
19:48:16.0328 4040 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINNT\system32\wiaservc.dll
19:48:16.0343 4040 stisvc - ok
19:48:16.0343 4040 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINNT\system32\DRIVERS\StreamIP.sys
19:48:16.0343 4040 streamip - ok
19:48:16.0359 4040 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
19:48:16.0359 4040 swenum - ok
19:48:16.0375 4040 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINNT\system32\drivers\swmidi.sys
19:48:16.0375 4040 swmidi - ok
19:48:16.0375 4040 SwPrv - ok
19:48:16.0390 4040 symc810 - ok
19:48:16.0390 4040 symc8xx - ok
19:48:16.0390 4040 sym_hi - ok
19:48:16.0406 4040 sym_u3 - ok
19:48:16.0421 4040 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
19:48:16.0421 4040 sysaudio - ok
19:48:16.0437 4040 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
19:48:16.0453 4040 SysmonLog - ok
19:48:16.0468 4040 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINNT\System32\tapisrv.dll
19:48:16.0484 4040 TapiSrv - ok
19:48:16.0515 4040 [ 583E063FDC888CA30D05C2724B0D7EF4 ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
19:48:16.0515 4040 Tcpip - ok
19:48:16.0531 4040 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
19:48:16.0531 4040 TDPIPE - ok
19:48:16.0546 4040 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
19:48:16.0546 4040 TDTCP - ok
19:48:16.0546 4040 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
19:48:16.0546 4040 TermDD - ok
19:48:16.0578 4040 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINNT\System32\termsrv.dll
19:48:16.0593 4040 TermService - ok
19:48:16.0593 4040 tga - ok
19:48:16.0609 4040 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINNT\System32\shsvcs.dll
19:48:16.0609 4040 Themes - ok
19:48:16.0625 4040 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINNT\System32\tlntsvr.exe
19:48:16.0640 4040 TlntSvr - ok
19:48:16.0640 4040 TosIde - ok
19:48:16.0640 4040 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINNT\system32\trkwks.dll
19:48:16.0656 4040 TrkWks - ok
19:48:16.0687 4040 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
19:48:16.0687 4040 Udfs - ok
19:48:16.0718 4040 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:48:16.0718 4040 UleadBurningHelper - ok
19:48:16.0718 4040 ultra - ok
19:48:16.0718 4040 ultra66 - ok
19:48:16.0750 4040 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINNT\system32\wdfmgr.exe
19:48:16.0750 4040 UMWdf - ok
19:48:16.0765 4040 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINNT\system32\DRIVERS\update.sys
19:48:16.0765 4040 Update - ok
19:48:16.0796 4040 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINNT\System32\upnphost.dll
19:48:16.0812 4040 upnphost - ok
19:48:16.0812 4040 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINNT\System32\ups.exe
19:48:16.0812 4040 UPS - ok
19:48:16.0843 4040 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
19:48:16.0843 4040 usbehci - ok
19:48:16.0875 4040 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
19:48:16.0875 4040 usbhub - ok
19:48:16.0906 4040 [ B0205D19BA25CA654810D0AED04496A8 ] usbhub20 C:\WINNT\system32\DRIVERS\usbhub20.sys
19:48:16.0906 4040 usbhub20 - ok
19:48:16.0921 4040 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINNT\system32\DRIVERS\usbohci.sys
19:48:16.0921 4040 usbohci - ok
19:48:16.0953 4040 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
19:48:16.0968 4040 usbprint - ok
19:48:16.0968 4040 [ 99A7BB6AD534407F42415F089BDC122A ] UtilMan C:\WINNT\System32\UtilMan.exe
19:48:16.0984 4040 UtilMan - ok
19:48:17.0015 4040 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINNT\System32\drivers\vga.sys
19:48:17.0015 4040 VgaSave - ok
19:48:17.0015 4040 ViaIde - ok
19:48:17.0046 4040 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
19:48:17.0046 4040 VolSnap - ok
19:48:17.0093 4040 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINNT\System32\vssvc.exe
19:48:17.0093 4040 VSS - ok
19:48:17.0109 4040 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINNT\System32\w32time.dll
19:48:17.0125 4040 W32Time - ok
19:48:17.0156 4040 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
19:48:17.0156 4040 Wanarp - ok
19:48:17.0171 4040 WDICA - ok
19:48:17.0187 4040 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
19:48:17.0203 4040 wdmaud - ok
19:48:17.0218 4040 [ 4BD50644CF52F00091F894AB7541E538 ] WebClient C:\WINNT\System32\webclnt.dll
19:48:17.0234 4040 WebClient - ok
19:48:17.0265 4040 [ 0E507042CCEFC40B8BB5DDE75A7BD0C7 ] wfcxacap C:\WINNT\system32\DRIVERS\wfcxacap.sys
19:48:17.0265 4040 wfcxacap - ok
19:48:17.0281 4040 [ B8ACB6B48F928FF5E58B1A2DC3FA628C ] wfcxatun C:\WINNT\system32\drivers\wfcxatun.sys
19:48:17.0296 4040 wfcxatun - ok
19:48:17.0296 4040 [ E32EEEAC4ED0249474A2C9B71F1D5A73 ] wfcxdtun C:\WINNT\system32\drivers\wfcxdtun.sys
19:48:17.0296 4040 wfcxdtun - ok
19:48:17.0296 4040 [ FC4F80B8C23DBF4D23A9A4DED38CF430 ] wfcxtcap C:\WINNT\system32\drivers\wfcxtcap.sys
19:48:17.0296 4040 wfcxtcap - ok
19:48:17.0312 4040 [ E9905845ABC7B3521F642F9C8D08A03E ] WFCXVCAP C:\WINNT\system32\drivers\wfcxvcap.sys
19:48:17.0328 4040 WFCXVCAP - ok
19:48:17.0328 4040 [ 0AED0D6F83ADE999FA6A8E485830E4C5 ] wfcxxbar C:\WINNT\system32\drivers\wfcxxbar.sys
19:48:17.0328 4040 wfcxxbar - ok
19:48:17.0375 4040 [ 9BC98A4E3401D52ED860CF883CCB7478 ] WFIOCTL C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
19:48:17.0375 4040 WFIOCTL - ok
19:48:17.0421 4040 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
19:48:17.0437 4040 winmgmt - ok
19:48:17.0468 4040 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll
19:48:17.0468 4040 WmdmPmSN - ok
19:48:17.0515 4040 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINNT\System32\advapi32.dll
19:48:17.0531 4040 Wmi - ok
19:48:17.0546 4040 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINNT\System32\wbem\wmiapsrv.exe
19:48:17.0546 4040 WmiApSrv - ok
19:48:17.0578 4040 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINNT\system32\wscsvc.dll
19:48:17.0578 4040 wscsvc - ok
19:48:17.0609 4040 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
19:48:17.0609 4040 WSTCODEC - ok
19:48:17.0640 4040 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINNT\System32\wuauserv.dll
19:48:17.0640 4040 wuauserv - ok
19:48:17.0656 4040 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINNT\System32\wzcsvc.dll
19:48:17.0671 4040 WZCSVC - ok
19:48:17.0734 4040 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINNT\System32\xmlprov.dll
19:48:17.0750 4040 xmlprov - ok
19:48:17.0781 4040 [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp C:\WINNT\system32\DRIVERS\yk51x86.sys
19:48:17.0781 4040 yukonwxp - ok
19:48:17.0796 4040 ================ Scan global ===============================
19:48:17.0812 4040 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINNT\system32\basesrv.dll
19:48:17.0812 4040 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINNT\system32\winsrv.dll
19:48:17.0843 4040 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINNT\system32\winsrv.dll
19:48:17.0859 4040 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINNT\system32\services.exe
19:48:17.0859 4040 [Global] - ok
19:48:17.0859 4040 ================ Scan MBR ==================================
19:48:17.0875 4040 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
19:48:18.0031 4040 \Device\Harddisk0\DR0 - ok
19:48:18.0031 4040 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:48:18.0031 4040 \Device\Harddisk1\DR1 - ok
19:48:18.0031 4040 ================ Scan VBR ==================================
19:48:18.0031 4040 [ 8824BF68DE1B5775514D3BA0E15ABC56 ] \Device\Harddisk0\DR0\Partition1
19:48:18.0031 4040 \Device\Harddisk0\DR0\Partition1 - ok
19:48:18.0046 4040 [ 94A53D571AEB0A914BDCDB3C588A37DF ] \Device\Harddisk0\DR0\Partition2
19:48:18.0046 4040 \Device\Harddisk0\DR0\Partition2 - ok
19:48:18.0062 4040 [ 6CB921EB7428FA2A4F5C5BF5926CE93D ] \Device\Harddisk1\DR1\Partition1
19:48:18.0062 4040 \Device\Harddisk1\DR1\Partition1 - ok
19:48:18.0062 4040 ============================================================
19:48:18.0062 4040 Scan finished
19:48:18.0062 4040 ============================================================
19:48:18.0078 4032 Detected object count: 0
19:48:18.0078 4032 Actual detected object count: 0
19:48:32.0906 4008 Deinitialize success



a druhý:

ComboFix 12-12-04.01 - skrcek 05.12.2012 19:56:46.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1499 [GMT 1:00]
Spuštěný z: c:\documents and settings\skrcek\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\ssv.dll
c:\winnt\regedit.com
c:\winnt\system32\dllcache\wmpvis.dll
c:\winnt\system32\Dvbpws.dll
c:\winnt\system32\taskmgr.com
c:\winnt\Web\default.htt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-05 do 2012-12-05 )))))))))))))))))))))))))))))))
.
.
2012-11-30 18:35 . 2012-11-30 19:22 -------- d-----w- C:\BDS
2012-11-30 09:54 . 2012-11-30 09:55 -------- d-----w- C:\WFDB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 19:58 . 2006-05-23 07:56 299424 ----a-w- c:\winnt\system32\drivers\yk51x86.sys
2012-12-03 13:57 . 2012-12-03 13:57 4318485 ----a-w- c:\winnt\REGBK00.ZIP
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-17 143872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"avast"="c:\program files\AVAST\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-25 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9464:TCP"= 9464:TCP:fjbdl
.
R1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [30.11.2012 17:25 738504]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [30.11.2012 17:25 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winnt\system32\drivers\dtsoftbus01.sys [3.12.2012 20:07 242240]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\winnt\system32\drivers\wfcxacap.sys [30.11.2012 10:49 9856]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [30.11.2012 17:25 21256]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\winnt\system32\drivers\wfcxatun.sys [30.11.2012 10:49 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\winnt\system32\drivers\wfcxvcap.sys [30.11.2012 10:49 167040]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [1.12.2012 19:49 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\winnt\system32\drivers\wfcxdtun.sys [30.11.2012 10:49 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\winnt\system32\drivers\wfcxtcap.sys [30.11.2012 10:49 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\winnt\system32\drivers\wfcxxbar.sys [30.11.2012 10:49 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [30.11.2012 10:54 9446]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.12.2012 19:49 676936]
S3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [29.11.2012 12:17 49776]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-05 c:\winnt\Tasks\avast! Emergency Update.job
- c:\program files\AVAST\AvastEmUpdate.exe [2012-11-30 22:50]
.
2012-12-03 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 13:22]
.
2012-12-03 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 13:22]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-05 20:01
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\Ati2evxx.exe
c:\program files\AVAST\AvastSvc.exe
c:\winnt\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\system32\wdfmgr.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\System32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-05 20:03:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-05 19:03
.
Před spuštěním: 9 804 410 880
Po spuštění: 9 710 944 256
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 87AD5D4AC43DF9F6E9906FA09AB790B9

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

C:\BDS
C:\WFDB
Ty složky znáš??

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

předchozí čištění "ComboFix" dopadlo dobře, po restartu počítač jel až do chvíle kdy mi avast zachytil opět nějaké svináky a chtěl po mě restart ,
po restartu už windous normálně nenaběhl (nezobrazila se plocha a nepomohl ani restart nebo poslední známá konfigurace) musel jsem se vrátit k bodu obnovení, před první test "ComboFix"


C:\BDS
C:\WFDB
ty to složky neznám a jsou mi taky podezřelé ,myslel jsem že si je na něco vytvořil systém ,jinak se zdají prázdné.


po navrácení jsem provedl požadované skeny tady jsou logy:

ComboFix 12-12-04.01 - skrcek 06.12.2012 15:59:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1518 [GMT 1:00]
Spuštěný z: c:\documents and settings\skrcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\skrcek\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.124\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.124\goopdate.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.124\psmachine.dll
c:\program files\Google\Update\1.3.21.124\psuser.dll
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.95\23.0.1271.95_23.0.1271.91_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\ssv.dll
c:\winnt\regedit.com
c:\winnt\system32\dllcache\wmpvis.dll
c:\winnt\system32\Dvbpws.dll
c:\winnt\system32\taskmgr.com
c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IAS
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-06 do 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-11-30 18:35 . 2012-11-30 19:22 -------- d-----w- C:\BDS
2012-11-30 09:54 . 2012-11-30 09:55 -------- d-----w- C:\WFDB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 19:58 . 2006-05-23 07:56 299424 ----a-w- c:\winnt\system32\drivers\yk51x86.sys
2012-12-03 13:57 . 2012-12-03 13:57 4318485 ----a-w- c:\winnt\REGBK00.ZIP
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-17 143872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"avast"="c:\program files\AVAST\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-25 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [30.11.2012 17:25 738504]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [30.11.2012 17:25 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winnt\system32\drivers\dtsoftbus01.sys [3.12.2012 20:07 242240]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\winnt\system32\drivers\wfcxacap.sys [30.11.2012 10:49 9856]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [30.11.2012 17:25 21256]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\winnt\system32\drivers\wfcxatun.sys [30.11.2012 10:49 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\winnt\system32\drivers\wfcxvcap.sys [30.11.2012 10:49 167040]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [1.12.2012 19:49 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\winnt\system32\drivers\wfcxdtun.sys [30.11.2012 10:49 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\winnt\system32\drivers\wfcxtcap.sys [30.11.2012 10:49 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\winnt\system32\drivers\wfcxxbar.sys [30.11.2012 10:49 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [30.11.2012 10:54 9446]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.12.2012 19:49 676936]
S3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [29.11.2012 12:17 49776]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-06 c:\winnt\Tasks\avast! Emergency Update.job
- c:\program files\AVAST\AvastEmUpdate.exe [2012-11-30 22:50]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 16:04
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\Ati2evxx.exe
c:\program files\AVAST\AvastSvc.exe
c:\winnt\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\system32\wdfmgr.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\System32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-06 16:05:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-06 15:05
ComboFix2.txt 2012-12-05 19:03
.
Před spuštěním: 9 616 805 888
Po spuštění: 9 599 606 784
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 73FB7CEDF4F300249F90C23B0B56D2AC



a druhý:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-06 16:09:39
-----------------------------
16:09:39.359 OS Version: Windows 5.1.2600 Service Pack 2
16:09:39.359 Number of processors: 2 586 0x6B02
16:09:39.359 ComputerName: SKRCEK-5DE342BF UserName: skrcek
16:09:39.703 Initialize success
16:09:39.812 AVAST engine defs: 12120401
16:09:52.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
16:09:52.203 Disk 0 Vendor: WDC_WD800AAJS-00PSA0 05.06H05 Size: 76319MB BusType: 3
16:09:52.203 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-1b
16:09:52.203 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01110 Size: 476940MB BusType: 3
16:09:52.218 Disk 0 MBR read successfully
16:09:52.218 Disk 0 MBR scan
16:09:52.218 Disk 0 Windows XP default MBR code
16:09:52.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
16:09:52.218 Disk 0 Partition - 00 0F Extended LBA 56305 MB offset 40965750
16:09:52.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56305 MB offset 40965813
16:09:52.234 Disk 0 scanning sectors +156280320
16:09:52.281 Disk 0 scanning C:\WINNT\system32\drivers
16:10:03.171 Service scanning
16:10:11.687 Modules scanning
16:10:14.218 Disk 0 trace - called modules:
16:10:14.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:10:14.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bb5ab8]
16:10:14.234 3 CLASSPNP.SYS[ba8e905b] -> nt!IofCallDriver -> \Device\0000006a[0x89bb9e98]
16:10:14.234 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89b95940]
16:10:14.375 AVAST engine scan C:\WINNT
16:10:16.718 AVAST engine scan C:\WINNT\system32
16:11:43.984 AVAST engine scan C:\WINNT\system32\drivers
16:11:53.875 AVAST engine scan C:\Documents and Settings\skrcek
16:12:33.734 AVAST engine scan C:\Documents and Settings\All Users
16:12:40.187 Scan finished successfully
16:13:28.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\skrcek\Plocha\MBR.dat"
16:13:28.500 The log file has been saved successfully to "C:\Documents and Settings\skrcek\Plocha\aswMBR.txt"

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

ComboFix 12-12-04.01 - skrcek 06.12.2012 20:24:53.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1551 [GMT 1:00]
Spuštěný z: c:\documents and settings\skrcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\skrcek\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\winnt\REGBK00.ZIP"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\BDS
C:\WFDB
c:\winnt\REGBK00.ZIP
c:\winnt\system32\Dvbpws.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-06 do 2012-12-06 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 19:58 . 2006-05-23 07:56 299424 ----a-w- c:\winnt\system32\drivers\yk51x86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-17 143872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"avast"="c:\program files\AVAST\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-25 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [30.11.2012 17:25 738504]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [30.11.2012 17:25 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winnt\system32\drivers\dtsoftbus01.sys [3.12.2012 20:07 242240]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\winnt\system32\drivers\wfcxacap.sys [30.11.2012 10:49 9856]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [30.11.2012 17:25 21256]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\winnt\system32\drivers\wfcxatun.sys [30.11.2012 10:49 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\winnt\system32\drivers\wfcxvcap.sys [30.11.2012 10:49 167040]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [1.12.2012 19:49 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\winnt\system32\drivers\wfcxdtun.sys [30.11.2012 10:49 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\winnt\system32\drivers\wfcxtcap.sys [30.11.2012 10:49 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\winnt\system32\drivers\wfcxxbar.sys [30.11.2012 10:49 10496]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [30.11.2012 10:54 9446]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.12.2012 19:49 676936]
S3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [29.11.2012 12:17 49776]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-06 c:\winnt\Tasks\avast! Emergency Update.job
- c:\program files\AVAST\AvastEmUpdate.exe [2012-11-30 22:50]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 20:29
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\Ati2evxx.exe
c:\program files\AVAST\AvastSvc.exe
c:\winnt\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\system32\wdfmgr.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\System32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-06 20:31:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-06 19:31
ComboFix2.txt 2012-12-06 15:05
ComboFix3.txt 2012-12-05 19:03
.
Před spuštěním: 9 570 627 584
Po spuštění: 9 564 045 312
.
- - End Of File - - CC588B82922B8BB30696B3AAA5471B7F




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:34, on 6.12.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVAST\AvastSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
D:\luboš\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4166 bytes





RogueKiller V8.3.1 [Dec 6 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : skrcek [Práva správce]
Mód : Kontrola -- Datum : 12/06/2012 20:36:48

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA} : NameServer (217.112.162.34 217.112.160.1) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINNT\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD800AAJS-00PSA0 +++++
--- User ---
[MBR] 22f3f9e93c8e0dd8270a0a1123ca84f0
[BSP] 2c8930e3b63d7689429dcd28f8f8218b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 56305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ +++++
--- User ---
[MBR] 92434cc197d5392b3279ceea22e4648d
[BSP] a17c411c2798abb95534022c3c714862 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_12062012_02d2036.txt >>
RKreport[1]_S_12062012_02d2036.txt

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Jak se chová PC?
Hlídej si taky volné místo. Na systémovém disku máš už jen 9,5 GB. Pro správný chod by mělo být volno 10-15% kapacity

Zadatím to vypadá dobře
Přihlašování na poskytovatele internetu je vpohodě,Rychlost připojení taky download 25,79Mb/s upload 11,62Mb/s uvidím jestli ta rychlost vydrží a nebude mi to padat.
Start systému se zrychlil (hlavně programu které se načítaj po antiviru).
Tak přes víkend to pozkouším projedu celý PC antivirem po restartu a pokud se něco nevyskytne tak to prohlásím za vyřešené.

Ináč moc moc díky všem a snad to bude dobrý.

tak jsem to pozkoušel .
pc sice jede lépe ale ten internet ještě není dobrej. Sice připojení po startu počítače je dobré ale později mi opět padá upload na směšně nízké číslo (0,03Mb/s) občas to rovnou vyhlásí "kabel byl odpojen" .
provedl jsem kontrolu PC (všechny disky) antivirem po restartu a nic mi nenašel.
Dnes jsem PC (všechny disky) kontroloval programem MWAV ,dávám sem část logu s nějakýma výsledkama. Tak nevím jestli jsou to nějaký zbytky po předchozím čištění a problém s připojením je někde jinde(hardware;problém na straně poskytovatele připojení) či jestli mám furt v PC nějakou "škodnou".
Je PC bez virů nebo tam ještě neco vidíte??
log:
09 XII 2012 17:36:24 - ***** Scanning Memory Files *****

09 XII 2012 17:36:35 - ***** Scanning Registry Files *****
09 XII 2012 17:36:36 - Scanning File C:\WINNT\System32\mstask.dll (????)
09 XII 2012 17:36:36 - Scanning File C:\WINNT\System32\mstask.dll (????)

09 XII 2012 17:36:40 - ***** Scanning StartUp Folders *****

09 XII 2012 17:36:40 - ***** Scanning Service Files *****
09 XII 2012 17:36:44 - ERROR(2)!!! Invalid Entry C:\WINDOWS\system32\mspmsnsv.dll. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services.

09 XII 2012 17:36:44 - ***** Scanning Registry and File system for Adware/Spyware *****
09 XII 2012 17:36:44 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\skrcek\LOCALS~1\temp\spydb.avs, Size: 465231]...
09 XII 2012 17:36:44 - Indexed Spyware Databases Successfully Created...

09 XII 2012 17:36:51 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
09 XII 2012 17:36:51 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entries Removed.
09 XII 2012 17:36:51 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

09 XII 2012 17:36:51 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
09 XII 2012 17:36:51 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
09 XII 2012 17:36:51 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

09 XII 2012 17:36:51 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
09 XII 2012 17:36:51 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
09 XII 2012 17:36:51 - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.


09 XII 2012 17:36:51 - ***** Scanning Registry Files *****
09 XII 2012 17:36:51 - Scanning File C:\WINNT\System32\mstask.dll (????)
09 XII 2012 17:36:51 - Scanning File C:\WINNT\System32\mstask.dll (????)
09 XII 2012 17:36:51 - Scanning File C:\WINNT\System32\mstask.dll (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\System32\extmgr.dll (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\lhacm.acm (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\msg723.acm (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\yv12vfw.dll (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\ac3acm.acm (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\lameACM.acm (????)
09 XII 2012 17:36:52 - Scanning File C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (????)
09 XII 2012 17:36:52 - Scanning File C:\Program Files\WinFast\WFDTV\WFWIZ.exe (????)
09 XII 2012 17:36:52 - Scanning File C:\WINNT\system32\tscupgrd.exe (????)
09 XII 2012 17:36:52 - Clearing Temporary sub-folders as Spyware/Adware found in system...
09 XII 2012 17:36:55 - Few files will be deleted *ONLY* on reboot...
09 XII 2012 17:36:55 - Few files will be deleted *ONLY* on reboot...
09 XII 2012 17:36:55 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
09 XII 2012 17:36:55 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
09 XII 2012 17:36:55 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

09 XII 2012 17:36:55 - ***** Scanning System32 Folders *****



09 XII 2012 17:37:46 - ***** Scanning All Drives *****
09 XII 2012 17:37:46 - ***** C:,D:,E: *****
09 XII 2012 17:37:46 - Scanning C:\ Drive
09 XII 2012 17:39:03 - C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf not Scanned. Possibly password protected...
09 XII 2012 17:39:03 - C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf not Scanned. Possibly password protected...
09 XII 2012 17:39:03 - C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf not Scanned. Possibly password protected...
09 XII 2012 17:39:06 - C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf not Scanned. Possibly password protected...
09 XII 2012 17:44:35 - C:\WINNT\system32\config\default not Scanned. Possibly password protected...
09 XII 2012 17:44:35 - C:\WINNT\system32\config\SAM not Scanned. Possibly password protected...
09 XII 2012 17:44:35 - C:\WINNT\system32\config\SECURITY not Scanned. Possibly password protected...
09 XII 2012 17:44:35 - C:\WINNT\system32\config\software not Scanned. Possibly password protected...
09 XII 2012 17:44:35 - C:\WINNT\system32\config\system not Scanned. Possibly password protected...
09 XII 2012 17:45:58 - Scanning D:\ Drive
09 XII 2012 17:53:32 - Scanning E:\ Drive

09 XII 2012 18:03:20 - ***** Checking for specific ITW Viruses *****

09 XII 2012 18:03:20 - ***** Scanning complete. *****

09 XII 2012 18:03:20 - Total Objects Scanned: 140405
09 XII 2012 18:03:20 - Total Critical Objects: 3
09 XII 2012 18:03:20 - Total Disinfected Objects: 0
09 XII 2012 18:03:20 - Total Objects Renamed: 0
09 XII 2012 18:03:20 - Total Deleted Objects: 3
09 XII 2012 18:03:20 - Total Errors: 1
09 XII 2012 18:03:20 - Time Elapsed: 00:27:10
09 XII 2012 18:03:20 - Virus Database Date: 09 Dec 2012
09 XII 2012 18:03:20 - Virus Database Count: 8283348

09 XII 2012 18:03:20 - Scan Completed.



a následný log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:51:37, on 9.12.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVAST\AvastSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST\avastUI.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
D:\luboš\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF8ED30-64D6-460C-A4FD-B2F74156DECA}: NameServer = 217.112.162.34 217.112.160.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4455 bytes