VIRY.CZ

Zdravím, Windows Firewall sa mi sám vypína, Firefox neustále mrzne...
Pred dvomi dňami som dostal Yv1.exe . Zabil som proces cez Správcu úloh, odstránil z MS Config a zmazal nositeľa vírusu a aj Yv1 z temp. Potom som to ešte prebehol MBAM ktorí ešte odstránil sráča .dll . Ale niekde tam ešte musí byť. V logu z Hijack This nevidím nič. Ten je už ale zastaralý. Prikladám RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by michal at 2010-06-19 11:38:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 49 GB (26%) free of 187 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:25, on 19. 6. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msconfig.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\michal\Downloads\RSIT.exe
C:\Program Files\trend micro\michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.36.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5586 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Crysis Wars(R) Updates.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2552291509-578217736-3520049274-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2552291509-578217736-3520049274-1000UA.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"eRecoveryService"= []
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-10-01 718688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Google Update"=C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\Acer\Empowering Technology\SysMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M5T8QL3YW3]
C:\Users\michal\AppData\Local\Temp\Yv1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-19 11:38:19 ----D---- C:\rsit
2010-06-18 21:08:17 ----D---- C:\Program Files\Trend Micro
2010-06-18 15:11:43 ----D---- C:\Program Files\VirtualBus
2010-06-12 13:15:11 ----D---- C:\Program Files\Adobe
2010-06-12 08:22:55 ----D---- C:\Program Files\Mozilla Developer Preview 3.7 Alpha 5
2010-06-10 16:48:13 ----SHD---- C:\ProgramData\SecuROM
2010-06-10 16:46:12 ----D---- C:\Windows\system32\xlive
2010-06-10 16:46:12 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-06-07 14:08:35 ----D---- C:\ProgramData\Solidshield
2010-06-07 14:05:16 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-06-04 21:12:14 ----A---- C:\GF_Excpt.txt
2010-06-01 20:21:00 ----HDC---- C:\ProgramData\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
2010-06-01 16:27:15 ----HDC---- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2010-06-01 15:31:40 ----HDC---- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2010-06-01 15:03:19 ----D---- C:\ProgramData\Electronic Arts
2010-06-01 15:03:10 ----D---- C:\ProgramData\Adobe
2010-06-01 15:03:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-06-01 14:06:51 ----RHD---- C:\Users\michal\AppData\Roaming\SecuROM
2010-06-01 14:04:52 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-06-01 14:04:36 ----HDC---- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-05-31 11:11:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment.de367bea.temp
2010-05-31 11:02:28 ----D---- C:\Program Files\Common Files\Blizzard Entertainment.7a8f8d35.temp
2010-05-30 16:46:14 ----D---- C:\Program Files\Common Files\Blizzard Entertainment.temp
2010-05-30 16:45:43 ----D---- C:\ProgramData\Blizzard
2010-05-30 10:13:50 ----D---- C:\ProgramData\NVIDIA Corporation
2010-05-30 10:11:55 ----A---- C:\Windows\system32\OpenCL.dll
2010-05-30 10:11:55 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-05-30 10:11:53 ----A---- C:\Windows\system32\nvoglv32.dll
2010-05-30 10:11:51 ----A---- C:\Windows\system32\nvd3dum.dll
2010-05-30 10:11:51 ----A---- C:\Windows\system32\nvcuvid.dll
2010-05-30 10:11:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-05-30 10:11:50 ----A---- C:\Windows\system32\nvcuda.dll
2010-05-30 10:11:48 ----A---- C:\Windows\system32\nvcompiler.dll
2010-05-30 10:11:48 ----A---- C:\Windows\system32\nvcod1920.dll
2010-05-30 10:11:48 ----A---- C:\Windows\system32\nvcod.dll
2010-05-29 18:45:50 ----D---- C:\Windows\Minidump
2010-05-21 18:57:26 ----A---- C:\Windows\system32\nvvsvc.exe
2010-05-21 18:57:26 ----A---- C:\Windows\system32\nvmctray.dll
2010-05-21 18:57:26 ----A---- C:\Windows\system32\nvcpl.dll
2010-05-21 18:57:24 ----A---- C:\Windows\system32\nvsvc.dll
2010-05-21 16:15:03 ----D---- C:\Users\michal\AppData\Roaming\GHISLER

======List of files/folders modified in the last 1 months======

2010-06-19 11:38:25 ----D---- C:\Windows\Temp
2010-06-19 11:21:39 ----D---- C:\Users\michal\AppData\Roaming\Skype
2010-06-19 09:41:06 ----D---- C:\Users\michal\AppData\Roaming\skypePM
2010-06-19 07:11:02 ----D---- C:\ProgramData\NVIDIA
2010-06-18 22:14:12 ----D---- C:\Users\michal\AppData\Roaming\vlc
2010-06-18 21:14:15 ----D---- C:\Windows\system32\Tasks
2010-06-18 21:14:14 ----D---- C:\Windows\Tasks
2010-06-18 21:11:13 ----SD---- C:\Windows\Downloaded Program Files
2010-06-18 21:08:17 ----RD---- C:\Program Files
2010-06-18 18:17:50 ----SHD---- C:\Windows\Installer
2010-06-18 17:02:54 ----D---- C:\Users\michal\AppData\Roaming\dvdcss
2010-06-11 06:15:02 ----D---- C:\Windows
2010-06-10 16:56:26 ----SHD---- C:\System Volume Information
2010-06-10 16:48:13 ----HD---- C:\ProgramData
2010-06-10 16:46:54 ----D---- C:\Windows\System32
2010-06-10 10:58:48 ----SD---- C:\Users\michal\AppData\Roaming\Microsoft
2010-06-07 14:05:24 ----RSD---- C:\Windows\assembly
2010-06-07 13:59:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-06 07:57:48 ----D---- C:\Windows\system32\LogFiles
2010-06-04 21:48:27 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-06-04 19:07:35 ----D---- C:\Windows\system32\catroot2
2010-06-04 16:04:05 ----D---- C:\Windows\Prefetch
2010-06-03 14:16:49 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-06-03 12:43:02 ----D---- C:\Windows\system32\drivers
2010-06-01 15:31:50 ----A---- C:\Windows\system32\pbsvc.exe
2010-06-01 15:03:10 ----D---- C:\Users\michal\AppData\Roaming\Adobe
2010-06-01 15:03:07 ----D---- C:\Program Files\Common Files
2010-06-01 13:54:51 ----D---- C:\Program Files\Electronic Arts
2010-06-01 13:50:06 ----D---- C:\ProgramData\Media Center Programs
2010-05-30 10:14:54 ----D---- C:\Windows\inf
2010-05-30 10:13:31 ----D---- C:\Program Files\NVIDIA Corporation
2010-05-30 10:13:12 ----D---- C:\Windows\system32\catroot
2010-05-30 10:11:38 ----D---- C:\NVIDIA
2010-05-30 10:07:33 ----D---- C:\Windows\Help
2010-05-25 20:27:25 ----D---- C:\Windows\Panther
2010-05-22 03:04:00 ----A---- C:\Windows\system32\nvapi.dll
2010-05-21 16:24:44 ----D---- C:\Program Files\WinRAR
2010-05-20 19:37:00 ----D---- C:\Windows\system32\directx
2010-05-20 19:36:53 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2010-05-12 95024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-05-03 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-05-22 10887624]
R3 Ph3xIB32;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]
S2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 aatkjhms;aatkjhms; C:\Windows\system32\drivers\aatkjhms.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-03-27 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-09-10 62424]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-05-21 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-02-02 75064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-05-21 240232]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe []
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]

-----------------EOF-----------------

V PC nevidím žádný antivir. Nainstalujte, updatujte, proveďte sken a smažte, či opravte vše, co najde.

PC ma už ani nepustí do internutu. Píšem z notebooku. Na PC je rezidentný mbam. Ale dostal som cez USB do PC Avast! tak robím hĺbkový test.

Nič nenašiel.
Skúsil som vypnúť Windows Firewall ktorí sa mi podarilo zapnúť a všetky problémy zmizli. Nechce sa mi to veriť lebo ešte predtým mi fungoval na 100%

Patrně něco změnilo nastavení fw. Nebyl by od věci sken ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 10-06-18.03 - michal . 06. 2010 14:53:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2047.1352 [GMT 2:00]
Running from: c:\users\michal\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\michal\Ad-AwareCommand.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\ealregsnapshot1.reg
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 12:59 . 2010-06-19 13:00 -------- d-----w- c:\users\michal\AppData\Local\temp
2010-06-19 12:59 . 2010-06-19 12:59 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2010-06-19 12:59 . 2010-06-19 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-19 09:47 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-19 09:47 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-19 09:47 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-19 09:47 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-19 09:47 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-19 09:46 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-19 09:46 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-19 09:46 . 2010-06-19 09:46 -------- d-----w- c:\program files\Alwil Software
2010-06-19 09:38 . 2010-06-19 09:38 -------- d-----w- C:\rsit
2010-06-18 19:08 . 2010-06-19 09:38 -------- d-----w- c:\program files\Trend Micro
2010-06-18 16:18 . 2010-06-18 16:18 -------- d-----w- c:\users\Mamka\AppData\Roaming\skypePM
2010-06-18 16:17 . 2010-06-18 16:20 -------- d-----w- c:\users\Mamka\AppData\Roaming\Skype
2010-06-18 13:11 . 2010-06-18 13:25 -------- d-----w- c:\program files\VirtualBus
2010-06-12 11:15 . 2010-06-12 11:14 53632 ----a-w- c:\users\michal\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-12 06:22 . 2010-06-15 12:51 -------- d-----w- c:\program files\Mozilla Developer Preview 3.7 Alpha 5
2010-06-11 04:17 . 2010-06-11 04:17 -------- d-----w- c:\users\Mamka\AppData\Local\HP
2010-06-10 14:48 . 2010-06-10 14:48 -------- d-----w- c:\users\michal\AppData\Local\Rockstar Games
2010-06-10 14:48 . 2010-06-10 14:48 -------- d-sh--w- c:\programdata\SecuROM
2010-06-10 14:46 . 2010-06-10 14:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-10 14:46 . 2010-06-10 14:46 -------- d-----w- c:\windows\system32\xlive
2010-06-07 12:08 . 2010-06-07 12:08 -------- d-----w- c:\programdata\Solidshield
2010-06-02 14:53 . 2010-05-29 09:38 340992 ----a-w- c:\users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\31ct6l45.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2010-06-01 18:21 . 2010-06-01 18:21 -------- dc-h--w- c:\programdata\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
2010-06-01 18:21 . 2009-02-12 14:32 2775600 -c--a-w- c:\programdata\{7451F7D5-591C-4490-8D3B-C73A69A0E782}\setup.exe
2010-06-01 14:27 . 2010-06-01 14:27 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2010-06-01 14:27 . 2009-03-31 13:08 2789480 -c--a-w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe
2010-06-01 13:31 . 2010-06-01 14:27 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2010-06-01 13:31 . 2008-08-11 11:26 2864992 -c--a-r- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe
2010-06-01 13:03 . 2010-06-01 13:05 -------- d-----w- c:\programdata\Electronic Arts
2010-06-01 13:03 . 2010-06-12 11:14 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-01 13:03 . 2010-06-12 11:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-01 12:06 . 2010-06-01 12:06 -------- d--h--r- c:\users\michal\AppData\Roaming\SecuROM
2010-06-01 12:04 . 2010-06-01 12:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-01 12:04 . 2010-06-01 12:04 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-06-01 12:04 . 2008-08-17 11:39 2928992 -c--a-r- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
2010-05-31 09:11 . 2010-05-31 09:11 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.de367bea.temp
2010-05-31 09:02 . 2010-05-31 09:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.7a8f8d35.temp
2010-05-30 14:46 . 2010-05-30 14:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2010-05-30 14:45 . 2010-05-30 14:45 -------- d-----w- c:\programdata\Blizzard
2010-05-30 08:13 . 2010-05-30 08:13 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-05-30 08:11 . 2010-05-22 01:04 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-30 08:11 . 2010-05-22 01:04 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-05-30 08:11 . 2010-05-22 01:04 10887624 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-05-30 08:11 . 2010-05-22 01:04 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-05-30 08:11 . 2010-05-22 01:04 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-05-30 08:11 . 2010-05-22 01:04 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-30 08:11 . 2010-05-22 01:04 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-30 08:11 . 2010-05-22 01:04 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-05-30 08:11 . 2010-05-22 01:04 232040 ----a-w- c:\windows\system32\nvcod1920.dll
2010-05-30 08:11 . 2010-05-22 01:04 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-05-30 08:11 . 2010-05-22 01:04 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-29 14:38 . 2010-06-03 10:43 -------- d-----w- c:\users\michal\AppData\Local\eSupport.com
2010-05-29 14:07 . 2010-05-29 14:07 10134 ----a-r- c:\users\michal\AppData\Roaming\Microsoft\Installer\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}\ARPPRODUCTICON.exe
2010-05-21 16:57 . 2010-05-21 16:57 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-05-21 16:57 . 2010-05-21 16:57 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-05-21 16:57 . 2010-05-21 16:57 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-21 16:57 . 2010-05-21 16:57 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-05-21 14:15 . 2010-05-21 14:15 -------- d-----w- c:\users\michal\AppData\Roaming\GHISLER
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\UC.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-05-21 14:15 . 2010-05-19 05:55 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 12:49 . 2009-10-31 08:53 -------- d-----w- c:\programdata\NVIDIA
2010-06-19 12:46 . 2010-01-09 12:04 -------- d-----w- c:\users\michal\AppData\Roaming\Skype
2010-06-19 11:49 . 2010-05-30 08:17 55829 ----a-w- c:\programdata\nvModes.dat
2010-06-19 07:41 . 2010-01-09 12:05 -------- d-----w- c:\users\michal\AppData\Roaming\skypePM
2010-06-18 20:14 . 2010-02-19 13:30 -------- d-----w- c:\users\michal\AppData\Roaming\vlc
2010-06-18 15:02 . 2010-04-02 11:55 -------- d-----w- c:\users\michal\AppData\Roaming\dvdcss
2010-06-08 08:25 . 2009-11-03 17:06 1 ----a-w- c:\users\michal\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-07 11:59 . 2007-05-03 07:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 05:01 . 2009-12-30 06:54 1 ----a-w- c:\users\Mamka\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-04 19:48 . 2010-02-02 15:22 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-04 19:48 . 2010-02-02 15:21 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-03 12:17 . 2010-02-02 15:22 138056 ----a-w- c:\users\michal\AppData\Roaming\PnkBstrK.sys
2010-06-03 12:17 . 2010-02-02 15:22 138056 ----a-w- c:\users\michal\AppData\Roaming\PnkBstrK.sys
2010-06-03 12:16 . 2010-02-02 15:21 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-01 13:31 . 2010-04-30 10:56 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-01 11:54 . 2010-02-21 14:34 -------- d-----w- c:\program files\Electronic Arts
2010-06-01 11:50 . 2009-10-31 10:56 -------- d-----w- c:\programdata\Media Center Programs
2010-06-01 05:18 . 2009-11-02 13:28 107208 ----a-w- c:\users\Mamka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:13 . 2009-10-31 08:52 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-30 08:10 . 2010-02-10 14:04 1356 ----a-w- c:\users\michal\AppData\Local\d3d9caps.dat
2010-05-22 01:04 . 2010-05-30 08:11 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-05-22 01:04 . 2010-04-07 17:43 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-05-19 04:45 . 2007-01-08 21:09 602104 ----a-w- c:\windows\system32\perfh005.dat
2010-05-19 04:45 . 2007-01-08 21:09 120866 ----a-w- c:\windows\system32\perfc005.dat
2010-05-18 12:55 . 2010-05-18 12:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-05-18 12:51 . 2010-05-18 12:51 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-05-17 09:33 . 2010-04-15 10:13 -------- d-----w- c:\users\michal\AppData\Roaming\uTorrent
2010-05-17 09:30 . 2010-05-12 14:54 -------- d-----w- c:\programdata\Lavasoft
2010-05-17 09:29 . 2010-05-12 14:54 -------- d-----w- c:\program files\Lavasoft
2010-05-17 09:13 . 2009-10-30 14:30 107208 ----a-w- c:\users\michal\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-17 08:59 . 2010-04-20 17:04 -------- d-----w- c:\program files\Microsoft.NET
2010-05-17 08:57 . 2010-05-10 17:34 -------- d-----w- c:\program files\Microsoft Small Business
2010-05-16 12:40 . 2010-05-16 12:40 10134 ----a-r- c:\users\michal\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-05-16 12:40 . 2010-05-16 12:40 -------- d-----w- c:\program files\Microsoft WSE
2010-05-12 15:07 . 2010-05-12 15:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-10 17:30 . 2010-05-10 16:39 -------- d-----w- c:\users\michal\AppData\Roaming\GetRightToGo
2010-05-10 17:30 . 2010-05-10 17:29 -------- d-----w- c:\program files\Microsoft SQL Server
2010-05-10 17:14 . 2007-05-03 08:21 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 13:16 . 2010-03-16 10:51 -------- d-----w- c:\users\michal\AppData\Roaming\Dark Sector
2010-04-29 13:39 . 2010-01-06 18:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-06 18:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 17:06 . 2010-04-20 17:06 -------- d-----w- c:\program files\Microsoft Works
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-27 18:42 . 2010-03-27 18:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-03-21 17:05 . 2010-03-01 13:12 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-21 17:05 . 2010-03-01 13:12 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Google Update"="c:\users\michal\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-26 14:28 136176 ----atw- c:\users\michal\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):51,30,16,8c,57,aa,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2552291509-578217736-3520049274-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-17 691696]
S1 aswSP;aswSP; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-05-12 95024]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-05-21 240232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2010-06-01 13:31]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552291509-578217736-3520049274-1000Core.job
- c:\users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 14:28]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552291509-578217736-3520049274-1000UA.job
- c:\users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.36.0.cab
FF - ProfilePath - c:\users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\31ct6l45.default\
FF - plugin: c:\program files\GameSpy\Comrade\npcomrade.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\users\michal\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\31ct6l45.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\31ct6l45.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Acer Empowering Technology Monitor - c:\acer\Empowering Technology\SysMonitor.exe
MSConfigStartUp-ICQ - d:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-M5T8QL3YW3 - c:\users\michal\AppData\Local\Temp\Yv1.exe
AddRemove-BurningWheels - d:\program files\Cobra 11 - Burning Wheels\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 15:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2552291509-578217736-3520049274-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,c3,48,2a,2f,0e,8a,3c,01,4b,9d,97,4c,92,9a,99,01,66,64,5a,9a,
9e,ce,8f,a8,cc,ad,c3,e8,91,76,c9,8f,c7,61,17,28,ce,a3,9a,48,2c,83,76,0d,df,\
"rkeysecu"=hex:3b,07,39,52,b0,89,50,74,54,c0,87,80,5f,51,fd,e7
.
Completion time: 2010-06-19 15:02:13
ComboFix-quarantined-files.txt 2010-06-19 13:02

Pre-Run: Volných bajtů: 49 848 823 808
Post-Run: Volných bajtů: 49 863 475 200

- - End Of File - - 20FE06B4DB09CD6CED7F8F725B4C629A

4 položky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

Windows Defender sa už updatuje, Firewall už funguje korektne a FF rovnako.
EDIT: Nejdú aktualizácie. Stále iba vyhľadáva.

Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-22 14:11:43
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\michal\AppData\Local\Temp\kxlyypow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D587AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D5878EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D587A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 84E211F8
Device \FileSystem\fastfat \Fat 866D61F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Druhý bude hned.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 14:26:31
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\michal\AppData\Local\Temp\kxlyypow.sys

---- System - GMER 1.0.15 ----

INT 0x52 ? 84E1BBF8
INT 0x53 ? 865B9BF8
INT 0x62 ? 84E1BBF8
INT 0x63 ? 865B9BF8
INT 0xA3 ? 84E1ABF8
INT 0xB3 ? 84E1ABF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D587AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D5878EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D587A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82178DF0 7 Bytes JMP 8D587A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 821E428F 5 Bytes JMP 8D583536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 8223CF78 5 Bytes JMP 8D584EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8223E803 7 Bytes JMP 8D5878EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8229E796 7 Bytes JMP 8D587ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? System32\Drivers\spmu.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8836241B 5 Bytes JMP 865B91D8
.text aqd11afb.SYS 8CB45000 22 Bytes [82, D3, 3C, 82, 6C, D2, 3C, ...]
.text aqd11afb.SYS 8CB45017 45 Bytes [00, 32, 37, 70, 82, 3D, 35, ...]
.text aqd11afb.SYS 8CB45045 135 Bytes [3A, 0B, 82, FD, B9, 04, 82, ...]
.text aqd11afb.SYS 8CB450CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text aqd11afb.SYS 8CB450DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9BECD300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9BF10300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [826076D6] \SystemRoot\System32\Drivers\spmu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82607042] \SystemRoot\System32\Drivers\spmu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82607800] \SystemRoot\System32\Drivers\spmu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [826070C0] \SystemRoot\System32\Drivers\spmu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8260713E] \SystemRoot\System32\Drivers\spmu.sys
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortWritePortUchar] 838CB6BF
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8CB690
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aqd11afb.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82616B90] \SystemRoot\System32\Drivers\spmu.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 84E211F8
Device \FileSystem\fastfat \FatCdrom 866D61F8
Device \Driver\volmgr \Device\VolMgrControl 84E1D1F8
Device \Driver\usbohci \Device\USBPDO-0 865BE2A0
Device \Driver\usbehci \Device\USBPDO-1 865C71F8
Device \Driver\netbt \Device\NetBT_Tcpip_{98F178C4-DBEC-4468-A176-2C093E8879F4} 86BAF3C0

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP0105 \Device\00000049 spmu.sys
Device \Driver\USBSTOR \Device\00000070 86C41500
Device \Driver\volmgr \Device\HarddiskVolume1 84E1D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84E1D1F8
Device \Driver\cdrom \Device\CdRom0 865D21F8
Device \Driver\nvstor32 \Device\00000059 84E201F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E1D1F8
Device \Driver\cdrom \Device\CdRom1 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E1F1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E1F1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E1F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84E1D1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84E1D1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84E1D1F8
Device \Driver\volmgr \Device\HarddiskVolume7 84E1D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86BAF3C0
Device \Driver\Smb \Device\NetbiosSmb 86BB9500
Device \Driver\nvstor32 \Device\RaidPort0 84E201F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\RaidPort1 84E201F8
Device \Driver\iScsiPrt \Device\RaidPort2 866BD1F8
Device \Driver\usbohci \Device\USBFDO-0 865BE2A0
Device \Driver\USBSTOR \Device\0000006c 86C41500
Device \Driver\sptd \Device\4277596111 spmu.sys
Device \Driver\USBSTOR \Device\0000006d 86C41500
Device \Driver\usbehci \Device\USBFDO-1 865C71F8
Device \Driver\USBSTOR \Device\0000006e 86C41500
Device \Driver\USBSTOR \Device\0000006f 86C41500
Device \Driver\aqd11afb \Device\Scsi\aqd11afb1 865C01F8
Device \Driver\aqd11afb \Device\Scsi\aqd11afb1Port5Path0Target1Lun0 865C01F8
Device \FileSystem\fastfat \Fat 866D61F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

Device \FileSystem\cdfs \Cdfs 87A0E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@X\1a\0d\0i\0\r\1 \0M\0a\0r\0v\0e\0l\0l\0 \0Y\0u\0k\0o\0n\0 \08\08\0E\08\0000\0005\0006\0 \0P\0C\0I\0-\0E\0 \0G\0i\0g\0a\0b\0i\0t\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xEC 0xE9 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0xF7 0xAC 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0xA7 0xF2 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x14 0xB8 0xEC 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xEC 0xE9 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0xF7 0xAC 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0xA7 0xF2 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x51 0x68 0x5F 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@X\1a\0d\0i\0\r\1 \0M\0a\0r\0v\0e\0l\0l\0 \0Y\0u\0k\0o\0n\0 \08\08\0E\08\0000\0005\0006\0 \0P\0C\0I\0-\0E\0 \0G\0i\0g\0a\0b\0i\0t\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xEC 0xE9 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0xF7 0xAC 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0xA7 0xF2 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x14 0xB8 0xEC 0x3F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xEC 0xE9 0x64 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0xF7 0xAC 0x5A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0xA7 0xF2 0x68 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x51 0x68 0x5F 0x8E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x74 0x60 0xC6 0x62 ...

---- EOF - GMER 1.0.15 ----

Michalko píše:Windows Defender sa už updatuje, Firewall už funguje korektne a FF rovnako.
EDIT: Nejdú aktualizácie. Stále iba vyhľadáva.

co používaš za Firewall ? některe Firewall i ti braní stahovat aktualizace doporučují vypnout rezident štít

Windows Firewall. Vypína a zapína sa kedy chce. Blokuje net... Ešte pred mesiacom bolo všetko ok.

Rootkit také nemáte. Ještě zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

VIRY.CZ

Problémy s PC

Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC

Re: Problémy s PC