Problem s PC vir v drivers/tcpip.sys

[Grexa]

Avast mi skoro pri kazdej akcii hlasy problem s virom v system32/drivers/tcpip.sys prikladam log s RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-04-28 14:29:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (8%) free of 33 GB
Total RAM: 2047 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:35, on 28.4.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Programs\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Programs\Avast5\avastUI.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Programs\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe
C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Programs\FireFox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Programs\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\Programs\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Programs\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS2011HELPER] RUNDLL32.EXE C:\DOCUME~1\Admin\LOCALS~1\Temp\MS2011Helper.DLL,w
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WConfig.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Programs\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 11561 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1222892560.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003UA.job
C:\WINDOWS\tasks\RegistryBooster.job
C:\WINDOWS\tasks\RMSmartUpdate.job
C:\WINDOWS\tasks\SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"avast5"=C:\PROGRA~1\Programs\Avast5\avastUI.exe [2011-01-13 3396624]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-01-11 1230704]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"DAEMON Tools Lite"=C:\Program Files\Programs\DAEMON Tools\daemon.exe [2008-07-24 490952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-23 39408]
"AutoStartNPSAgent"=C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe [2010-02-26 102400]
"Device Detection"=C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe [2010-09-06 401592]
"AlcoholAutomount"=C:\Program Files\Programs\Alcohol 52\AxAutoMntSrv.exe [2010-08-20 33120]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"MS2011HELPER"=C:\DOCUME~1\Admin\LOCALS~1\Temp\MS2011Helper.DLL,w []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-20 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Programs\12Voip\12Voip.exe"="C:\Program Files\Programs\12Voip\12Voip.exe:*:Enabled:12Voip"
"C:\Program Files\Programs\QIP Infium2\infium.exe"="C:\Program Files\Programs\QIP Infium2\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Programs\Opera\opera.exe"="C:\Program Files\Programs\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Hry\Assassins Creed\AssassinsCreed_Dx9.exe"="D:\Hry\Assassins Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\Hry\Assassins Creed\AssassinsCreed_Dx10.exe"="D:\Hry\Assassins Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\Hry\Assassins Creed\AssassinsCreed_Launcher.exe"="D:\Hry\Assassins Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Programs\Garena\Garena.exe"="C:\Program Files\Programs\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Programs\QIP 8080\QIP\qip.exe"="C:\Program Files\Programs\QIP 8080\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Hry\World of Warcraft\Repair.exe"="D:\Hry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Hry\World of Warcraft\Launcher.exe"="D:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="D:\Hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Programs\PASW Statistics\WinWrapIDE.exe"="C:\Program Files\Programs\PASW Statistics\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\Programs\PASW Statistics\paswstat.exe"="C:\Program Files\Programs\PASW Statistics\paswstat.exe:*:Disabled:Statistics18:exe"
"C:\Program Files\Programs\PASW Statistics\paswstat.com"="C:\Program Files\Programs\PASW Statistics\paswstat.com:*:Disabled:Statistics18:com"
"C:\Program Files\Programs\FreeCall\FreeCall.exe"="C:\Program Files\Programs\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Programs\Samsung PC studio\npsasvr.exe"="C:\Program Files\Programs\Samsung PC studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Programs\Samsung PC studio\npsvsvr.exe"="C:\Program Files\Programs\Samsung PC studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"D:\Hry\Ubisoft\Assassin's Creed II\server.exe"="D:\Hry\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:ServerEmuUbi"
"C:\Assassin's Creed II\server.exe"="C:\Assassin's Creed II\server.exe:*:Enabled:ServerEmuUbi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\Hry\League of Legends\air\LolClient.exe"="D:\Hry\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"D:\Hry\League of Legends\game\League of Legends.exe"="D:\Hry\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Brotherhood\ACBSP.exe"="D:\Hry\Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"D:\Hry\Brotherhood\ACBMP.exe"="D:\Hry\Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"D:\Hry\Brotherhood\AssassinsCreedBrotherhood.exe"="D:\Hry\Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"D:\Hry\Brotherhood\UPlayBrowser.exe"="D:\Hry\Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-04-28 12:41:12 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-28 12:41:09 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-28 12:41:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-12 11:54:57 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-04-12 11:54:56 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-04-06 02:32:29 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2011-04-05 04:28:10 ----D---- C:\Documents and Settings\Admin\Application Data\PunkBuster

======List of files/folders modified in the last 1 months======

2011-04-28 14:29:31 ----D---- C:\Program Files\trend micro
2011-04-28 14:17:52 ----D---- C:\WINDOWS\temp
2011-04-28 14:04:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-28 14:03:59 ----D---- C:\Documents and Settings\Admin\Application Data\Dropbox
2011-04-28 14:03:42 ----D---- C:\WINDOWS\Prefetch
2011-04-28 14:03:25 ----SD---- C:\WINDOWS\Tasks
2011-04-28 13:25:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-28 12:41:12 ----D---- C:\WINDOWS\system32\drivers
2011-04-28 12:41:08 ----RD---- C:\Program Files
2011-04-28 08:09:15 ----D---- C:\WINDOWS
2011-04-28 02:12:16 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2011-04-27 19:45:13 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-26 14:05:08 ----SHD---- C:\WINDOWS\Installer
2011-04-26 14:05:08 ----SHD---- C:\Config.Msi
2011-04-26 14:04:45 ----D---- C:\WINDOWS\system32
2011-04-25 02:11:26 ----D---- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2011-04-24 03:56:04 ----A---- C:\WINDOWS\wincmd.ini
2011-04-19 02:39:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-12 19:49:04 ----D---- C:\temp
2011-04-12 11:54:56 ----D---- C:\Program Files\Programs
2011-04-06 02:32:41 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-04-05 04:30:46 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2011-04-05 04:30:46 ----D---- C:\Documents and Settings\Admin\Application Data\Ubisoft
2011-04-05 04:28:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-04-05 04:28:11 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-04-05 04:27:20 ----D---- C:\WINDOWS\WinSxS
2011-04-05 04:26:30 ----D---- C:\WINDOWS\system32\DirectX
2011-04-05 04:26:28 ----HD---- C:\WINDOWS\inf
2011-04-05 04:26:04 ----RSD---- C:\WINDOWS\assembly
2011-04-05 04:17:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-04 21:07:26 ----D---- C:\Assassin's Creed II
2011-04-01 17:31:31 ----D---- C:\Program Files\Warcraft 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-10-30 43648]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-09 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-10-01 82380]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-12-22 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 42960]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-20 2843136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-09 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 109328]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 120208]
R3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 a9fzn3y6;a9fzn3y6; C:\WINDOWS\system32\drivers\a9fzn3y6.sys []
S3 acjctpk7;acjctpk7; C:\WINDOWS\system32\drivers\acjctpk7.sys []
S3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 cpuz132;cpuz132; C:\WINDOWS\system32\drivers\cpuz132.sys []
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\XLL5D.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Programs\Garena\safedrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-20 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Programs\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-10-31 32256]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-07-15 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-24 153376]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-05 75136]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-04 1523008]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[stell]

Zdravim
Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

Stiahnit si [exeHelper]
2x klik na na exeHelper.com spusti sa oprava.
po dokonceni opravy stlac lubovolny klaves,,
Postni obsah log.txt (bude vytvoreny v adresari, kde si spustil exeHelper.com)
Poznamka: ak sa v okne zobrazi zprava, "Chyba pri odstranovani souboru", spust znovu- program ,,,


PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[Grexa]

tak spravil som to co ste napisali v danom poradi pri tom prvom pocas scanu naslo 2 threats tu je log

2011/04/28 15:48:10.0812 2372 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 15:48:10.0984 2372 ================================================================================
2011/04/28 15:48:10.0984 2372 SystemInfo:
2011/04/28 15:48:10.0984 2372
2011/04/28 15:48:10.0984 2372 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/28 15:48:10.0984 2372 Product type: Workstation
2011/04/28 15:48:10.0984 2372 ComputerName: PC
2011/04/28 15:48:10.0984 2372 UserName: Admin
2011/04/28 15:48:10.0984 2372 Windows directory: C:\WINDOWS
2011/04/28 15:48:10.0984 2372 System windows directory: C:\WINDOWS
2011/04/28 15:48:10.0984 2372 Processor architecture: Intel x86
2011/04/28 15:48:10.0984 2372 Number of processors: 2
2011/04/28 15:48:10.0984 2372 Page size: 0x1000
2011/04/28 15:48:10.0984 2372 Boot type: Normal boot
2011/04/28 15:48:10.0984 2372 ================================================================================
2011/04/28 15:48:11.0171 2372 Initialize success
2011/04/28 15:48:13.0515 3812 ================================================================================
2011/04/28 15:48:13.0515 3812 Scan started
2011/04/28 15:48:13.0515 3812 Mode: Manual;
2011/04/28 15:48:13.0515 3812 ================================================================================
2011/04/28 15:48:14.0187 3812 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/28 15:48:14.0250 3812 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/28 15:48:14.0281 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/28 15:48:14.0312 3812 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/04/28 15:48:14.0328 3812 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/04/28 15:48:14.0359 3812 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/28 15:48:14.0390 3812 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/28 15:48:14.0421 3812 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/28 15:48:14.0515 3812 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/28 15:48:14.0531 3812 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/28 15:48:14.0531 3812 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/28 15:48:14.0546 3812 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/28 15:48:14.0562 3812 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/28 15:48:14.0593 3812 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/28 15:48:14.0609 3812 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/28 15:48:14.0687 3812 ati2mtag (e51aa5adf535c847072c0aed3e642912) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/28 15:48:14.0718 3812 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/28 15:48:14.0750 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/28 15:48:14.0796 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/28 15:48:14.0843 3812 C-Dilla (4ff76600b4ca68376b80af1683799c60) C:\WINDOWS\system32\drivers\CDANT.SYS
2011/04/28 15:48:14.0875 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/28 15:48:14.0906 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/28 15:48:14.0906 3812 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/28 15:48:14.0921 3812 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/28 15:48:15.0000 3812 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/28 15:48:15.0031 3812 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/28 15:48:15.0046 3812 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/28 15:48:15.0062 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/28 15:48:15.0078 3812 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/28 15:48:15.0093 3812 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/28 15:48:15.0125 3812 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/04/28 15:48:15.0156 3812 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/28 15:48:15.0171 3812 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/28 15:48:15.0171 3812 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/28 15:48:15.0187 3812 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/28 15:48:15.0218 3812 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/28 15:48:15.0250 3812 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/04/28 15:48:15.0250 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/28 15:48:15.0281 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/28 15:48:15.0359 3812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/28 15:48:15.0437 3812 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/28 15:48:15.0453 3812 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/04/28 15:48:15.0484 3812 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
2011/04/28 15:48:15.0515 3812 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/28 15:48:15.0546 3812 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/28 15:48:15.0578 3812 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/28 15:48:15.0593 3812 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/28 15:48:15.0625 3812 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/28 15:48:15.0656 3812 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/28 15:48:15.0703 3812 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/28 15:48:15.0718 3812 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/28 15:48:15.0765 3812 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/28 15:48:15.0781 3812 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/28 15:48:15.0812 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/28 15:48:15.0828 3812 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/28 15:48:15.0843 3812 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/28 15:48:15.0875 3812 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/28 15:48:15.0906 3812 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/28 15:48:15.0921 3812 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/28 15:48:15.0937 3812 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2011/04/28 15:48:15.0953 3812 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/04/28 15:48:15.0968 3812 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/28 15:48:16.0000 3812 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/28 15:48:16.0046 3812 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/28 15:48:16.0046 3812 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/28 15:48:16.0109 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/28 15:48:16.0140 3812 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/28 15:48:16.0140 3812 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/28 15:48:16.0156 3812 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/28 15:48:16.0187 3812 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/28 15:48:16.0203 3812 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/28 15:48:16.0218 3812 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/28 15:48:16.0234 3812 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/28 15:48:16.0265 3812 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/28 15:48:16.0265 3812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/28 15:48:16.0296 3812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/28 15:48:16.0312 3812 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/04/28 15:48:16.0328 3812 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/28 15:48:16.0328 3812 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/28 15:48:16.0359 3812 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/28 15:48:16.0375 3812 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/28 15:48:16.0390 3812 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/28 15:48:16.0390 3812 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/28 15:48:16.0421 3812 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2011/04/28 15:48:16.0421 3812 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/28 15:48:16.0453 3812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/28 15:48:16.0500 3812 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/04/28 15:48:16.0515 3812 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/04/28 15:48:16.0531 3812 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/04/28 15:48:16.0546 3812 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/04/28 15:48:16.0546 3812 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/28 15:48:16.0578 3812 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/28 15:48:16.0609 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/28 15:48:16.0640 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/28 15:48:16.0656 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/28 15:48:16.0671 3812 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/28 15:48:16.0687 3812 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/28 15:48:16.0703 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/28 15:48:16.0750 3812 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/28 15:48:16.0765 3812 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/28 15:48:16.0781 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/28 15:48:16.0796 3812 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/28 15:48:16.0890 3812 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/28 15:48:16.0921 3812 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/04/28 15:48:16.0921 3812 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/28 15:48:16.0937 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/28 15:48:16.0953 3812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/28 15:48:17.0000 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/28 15:48:17.0031 3812 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/28 15:48:17.0031 3812 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/28 15:48:17.0046 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/28 15:48:17.0046 3812 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/28 15:48:17.0062 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/28 15:48:17.0093 3812 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/28 15:48:17.0109 3812 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/28 15:48:17.0140 3812 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/28 15:48:17.0171 3812 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/04/28 15:48:17.0218 3812 RTLE8023xp (f58a92e8b9caebe2fa8e73ada7d9bd4c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/28 15:48:17.0250 3812 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2011/04/28 15:48:17.0281 3812 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/04/28 15:48:17.0312 3812 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/04/28 15:48:17.0343 3812 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/28 15:48:17.0375 3812 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/04/28 15:48:17.0390 3812 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/28 15:48:17.0406 3812 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/28 15:48:17.0437 3812 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/28 15:48:17.0484 3812 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/28 15:48:17.0531 3812 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/28 15:48:17.0531 3812 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/04/28 15:48:17.0531 3812 sptd - detected Locked file (1)
2011/04/28 15:48:17.0546 3812 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/28 15:48:17.0562 3812 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/28 15:48:17.0593 3812 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/04/28 15:48:17.0625 3812 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/04/28 15:48:17.0656 3812 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/04/28 15:48:17.0671 3812 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/28 15:48:17.0718 3812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/28 15:48:17.0812 3812 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/28 15:48:17.0828 3812 Tcpip (1745b00fc1141404b28f4b94f69a8871) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/28 15:48:17.0828 3812 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tcpip.sys. md5: 1745b00fc1141404b28f4b94f69a8871
2011/04/28 15:48:17.0828 3812 Tcpip - detected Locked file (1)
2011/04/28 15:48:17.0843 3812 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/28 15:48:17.0859 3812 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/28 15:48:17.0890 3812 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/28 15:48:18.0000 3812 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/04/28 15:48:18.0031 3812 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/28 15:48:18.0062 3812 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/28 15:48:18.0109 3812 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/28 15:48:18.0125 3812 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/28 15:48:18.0156 3812 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/28 15:48:18.0171 3812 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/28 15:48:18.0203 3812 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/28 15:48:18.0218 3812 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/28 15:48:18.0250 3812 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/28 15:48:18.0281 3812 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/28 15:48:18.0312 3812 VBoxDrv (8b0a5f9bef05f89cd03644eb7af3c408) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/04/28 15:48:18.0328 3812 VBoxNetAdp (065f15e84f2cc4ef60594283e9d72617) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/04/28 15:48:18.0343 3812 VBoxNetFlt (c6643b766eec08785e8a3b3aa52b7a9b) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/04/28 15:48:18.0375 3812 VBoxUSBMon (e81d2740cd33450a0e11138cd8f0ed63) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/04/28 15:48:18.0375 3812 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/28 15:48:18.0421 3812 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/28 15:48:18.0437 3812 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/28 15:48:18.0468 3812 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/28 15:48:18.0515 3812 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/28 15:48:18.0531 3812 WLC811GPCI (aa2d6e05be36436503e6f3e33f1f2bd8) C:\WINDOWS\system32\DRIVERS\WLC811G.sys
2011/04/28 15:48:18.0671 3812 ================================================================================
2011/04/28 15:48:18.0671 3812 Scan finished
2011/04/28 15:48:18.0671 3812 ================================================================================
2011/04/28 15:48:18.0687 1320 Detected object count: 2
2011/04/28 15:48:28.0484 1320 Locked file(sptd) - User select action: Skip
2011/04/28 15:48:28.0484 1320 Locked file(Tcpip) - User select action: Skip



to druhej tu je log :


exeHelper by Raktor
Build 20100414
Run at 15:50:42 on 04/28/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


no a ten combo fix zial mi log nedal lebo pocas testovania combofixom islo do stage 50 potom napisalo deleting files a zobrazilo mi modru obrazovku win a som uz iba pockal kym spravim dumb memory do 100 spustil sa win a ziadny log spravil som to dvakrat a to iste to spravilo tak neviem na C: som pozeral ci tam nieje log nieje tam ale je tam priecinok combofix ma ikonu ako tento pocitac a ked to otvarim tak tam je C, D mechaniky a dukumenty no proste ako tento pocitac to ma obsah a este po starte win mi hodi ako prve chybu RUNDLL a napisane, ze zadany modul sa nepodarilo najst C:\DOCUME~1\ADMIN\LOCALS~1\TEMP\MS2011\Helper.dll

[stell]

ok, prejdi sem
C:\WINDOWS\system32\DRIVERS\
Najdi tcpip.sys a premenuj na tcpip.sys old
Stiahni tento subor>.rozbal a tcpip.sys
vloz do zlozky
C:\WINDOWS\system32\DRIVERS\

tcpip.7z

(163.14 KiB) Staženo 65 x

Ak to budes mat, pojdes do nudzoveho rezimu a spustis znova combofix, potom napis ze co, a ako.

C:\DOCUME~1\ADMIN\LOCALS~1\TEMP\MS2011\Helper.dll
Toto zmazal combofix, je to smejd, takze hlasku ignorovat

[Grexa]

ten subor tcpip som spravil tak ako ste mi napisali
ale ten combofix no spustil som ho v safe mode ale pise mi ze avast bezi i ked nebezi otvorim si avast a ten pise ze je vypnuty dam ho vypnut na tych 10min ale combofix stale pise ze ide tak neviem

[stell]

Vsetky hlasky combofixu ignorovat, stale klikaj OK< OK< OK<<

[Grexa]

tak tu to je :

ComboFix 11-04-27.03 - Admin 28.04.2011 17:42:31.8.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1754 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Kaspersky_Key_Finder_(KKF
c:\documents and settings\Admin\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_rg5cuwyk53vczko11axjhbnsfnjc3paq\1.4.4.0\user.config
c:\documents and settings\Admin\Application Data\Local
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\3.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\4.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\datfpuidqfzx.avi.ddr
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\Take_Me_Out.S02E10.WS.PDTV.XviD-CiA_ns.avi.ddr
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Take_Me_Out.S02E10.WS.PDTV.XviD-CiA_ns.avi.ddp
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\video.avi(2).ddr
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\video.avi(3).ddr
c:\documents and settings\Admin\Application Data\Local\Temp\DDM\Settings\video.avi.ddr
c:\documents and settings\Admin\Application Data\Mikrotik
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Admin\My Documents\DPE.DUS
c:\documents and settings\Admin\WINDOWS
c:\windows\system32\2621888992.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 15:38 . 2011-04-28 15:39 -------- d-----w- c:\documents and settings\Administrator
2011-04-28 14:55 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-28 10:41 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 10:41 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 10:41 . 2011-04-28 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 09:54 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-04-12 09:54 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-04-12 09:54 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-04-06 00:32 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-05 02:28 . 2011-04-05 02:28 -------- d-----w- c:\documents and settings\Admin\Application Data\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 02:28 . 2008-11-16 12:53 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-05 02:28 . 2008-11-16 12:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-04 16:32 . 2011-01-11 00:57 31552 ----a-w- c:\windows\system32\TURegOpt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\Programs\DAEMON Tools\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
"AutoStartNPSAgent"="c:\program files\Programs\Samsung PC studio\NPSAgent.exe" [2010-02-26 102400]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2010-09-06 401592]
"AlcoholAutomount"="c:\program files\Programs\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2008-10-2 397312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"12Voip"="c:\program files\Programs\12Voip\12Voip.exe" -nosplash -minimized
"FreeCall"="c:\program files\Programs\FreeCall\FreeCall.exe" -nosplash -minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Programs\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Programs\\QIP Infium2\\infium.exe"=
"c:\\Program Files\\Programs\\Opera\\opera.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Programs\\Garena\\Garena.exe"=
"c:\\Program Files\\Programs\\QIP 8080\\QIP\\qip.exe"=
"d:\\Hry\\World of Warcraft\\Repair.exe"=
"d:\\Hry\\World of Warcraft\\Launcher.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\WinWrapIDE.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.com"=
"c:\\Program Files\\Programs\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsasvr.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsvsvr.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\server.exe"=
"c:\\Assassin's Creed II\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Hry\\League of Legends\\air\\LolClient.exe"=
"d:\\Hry\\League of Legends\\game\\League of Legends.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Brotherhood\\ACBSP.exe"=
"d:\\Hry\\Brotherhood\\ACBMP.exe"=
"d:\\Hry\\Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Hry\\Brotherhood\\UPlayBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24718:TCP"= 24718:TCP:BitComet 24718 TCP
"24718:UDP"= 24718:UDP:BitComet 24718 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58682:TCP"= 58682:TCP:Pando Media Booster
"58682:UDP"= 58682:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"56565:TCP"= 56565:TCP:Pando Media Booster
"56565:UDP"= 56565:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6884:TCP"= 6884:TCP:League of Legends Launcher
"6884:UDP"= 6884:UDP:League of Legends Launcher
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1.8.2009 20:42 270888]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2008 13:09 436792]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.5.2010 14:58 294608]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [11.1.2011 20:34 158736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [11.1.2011 20:34 42960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.5.2010 14:58 17744]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [26.2.2010 12:49 233472]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 19:07 222456]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11.1.2011 1:24 632792]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [4.3.2011 18:30 1523008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26.2.2010 12:49 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Programs\Garena\safedrv.sys --> c:\program files\Programs\Garena\safedrv.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18.6.2009 18:52 18432]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11.1.2011 0:23 27064]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1.8.2009 20:42 65576]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.12.2010 16:31 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [22.12.2010 16:31 120208]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [2.10.2008 17:13 50432]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-01-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8222892560.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 06:50]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-04-28 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 18:02]
.
2011-04-28 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-01-10 16:51]
.
2011-04-28 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-01-10 18:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: umb.sk\ais2
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8bcy1wp1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Programs\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Programs\FireFox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 17:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-28 17:50:21
ComboFix-quarantined-files.txt 2011-04-28 15:50
ComboFix2.txt 2009-08-01 12:32
.
Pre-Run: 510 664 704 bytes free
Post-Run: 505 069 568 voľných bajtov
.
- - End Of File - - 0D940E67A11CEB971B9397004A2CA16B

[stell]

1:Takto, ak mas nainstalovane nieco od c:\program files\Uniblue\
Vsetko odinstalovat.
2:a)Download from Piriform.com http://www.piriform.com/ccleaner/download/standard/
program a nainštalujeme.

b)Všetky spustené programy,prehliadač zatvoríme.
c)Spustíme CCleaner,nastavenie necháme tak ako je. stlačte gombík Analyzovať a po analýze stlačte Gombík Spustiť Cleaner.
d)Kliknite na záložku Aplikácie a stlačte gombík Analyzovať a po analýze stlačte Gombík Spustiť Cleaner.
e)Kliknite na Register,stlačte Hľadaj problémy, po dokončení skenování kliknite na Opraviť vybrané problémy, zvoľte ANO pre vytvorenie zálohy, uložte súbor a kliknite na Opraviť všetky problémy.

3: Vypnut obnovy systeme>>restart a zapnut spat.
http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

4:Odinstaluj combofix>.premenuj ikonu combofixu na uninstall
a spust.
5:Zmaz ten premenovany tcpip.sys old

A napis ako sa chova pocitac.

[Grexa]

ok vsetko som to urobil ide v pohode avast uz nic nepise a ani po restarte uz ta chyba dll nieje
dakujem velmi pekne

[stell]

Ok,
nemas zaco,
ak chces mozes este spustit Malwarebytes, uplnu kontrolu.
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229