VIRY.CZ

dobry den,

mal som problem popisany na http://deletemalware.blogspot.com/2011/ ... -have.html.
po zadani deaktivacneho kodu som cosi odstranil spyware doctorom, no nie som si isty, ci je vsetko ok. momentalne mam avast, ten uz nic infikovane nenasiel.
problem tu uz bol rieseny, takze som skusal sputit aj ComboFix, no bez uspechu. skonci to blue screenom - a problem has been detected.....a naslednym restartom

prikladam aspon log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by ntb at 2011-07-13 16:26:22
Microsoft Windows 7 Home Premium
System drive C: has 150 GB (32%) free of 466 GB
Total RAM: 3039 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:31, on 13. 7. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\svdhalp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Users\ntb\Downloads\RSIT.exe
C:\Program Files\trend micro\ntb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10205&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com?o=15854&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKLM\..\Policies\Explorer\Run: [BDFFBC5DC7] C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
O23 - Service: sviooue - Unknown owner - C:\Windows\system32\drivers\sviooue.exe (file missing)

--
End of file - 5505 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\Install_NSS.job
C:\Windows\tasks\Ohammiie.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default

prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, support@predictad.com:1.11, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
acpro.xml
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\extensions\
engine@conduit.com
support@predictad.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\
askcom.xml
conduit.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BDFFBC5DC7"=C:\Windows\system32\config\system [2011-07-13 19136512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe"="C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe:*:Enabled:Windows Messanger"
"C:\Windows\TEMP\qkay\setup.exe"="C:\Windows\TEMP\qkay\setup.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-13 16:26:22 ----D---- C:\rsit
2011-07-13 16:26:22 ----D---- C:\Program Files\trend micro
2011-07-13 13:51:57 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-13 13:09:43 ----D---- C:\Program Files\AxBx
2011-07-13 12:26:31 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-13 12:26:31 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-13 12:26:30 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-13 12:26:28 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-13 12:26:26 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-13 12:25:59 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-13 12:25:59 ----A---- C:\Windows\avastSS.scr
2011-07-13 12:25:57 ----D---- C:\ProgramData\Alwil Software
2011-07-13 12:25:57 ----D---- C:\Program Files\Alwil Software
2011-07-12 19:58:06 ----D---- C:\Program Files\Defraggler
2011-07-12 19:08:59 ----SD---- C:\32788R22FWJFW
2011-07-12 13:13:15 ----D---- C:\Program Files\PC Tools Security
2011-07-12 12:53:10 ----A---- C:\Windows\system32\drivers\Cat.DB
2011-07-12 11:25:54 ----D---- C:\ProgramData\PC Tools
2011-07-11 21:38:39 ----A---- C:\Windows\system32\svdhalp.exe.ini
2011-07-11 21:38:39 ----A---- C:\Windows\system32\svdhalp.exe
2011-07-05 10:05:22 ----RD---- C:\Program Files\Skype
2011-07-05 09:18:53 ----A---- C:\Windows\system32\msonpmon.dll
2011-07-05 09:17:17 ----D---- C:\Program Files\Microsoft Works
2011-07-05 09:16:51 ----D---- C:\Program Files\Microsoft Visual Studio
2011-07-05 09:16:51 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-05 09:16:32 ----D---- C:\Windows\PCHEALTH
2011-07-05 09:15:14 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-07-05 09:14:46 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 09:13:24 ----RHD---- C:\MSOCache
2011-06-29 08:04:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 08:03:57 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 08:03:57 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-23 15:12:35 ----A---- C:\Windows\system32\apdfflipbookcreator.dll
2011-06-23 15:12:34 ----D---- C:\ProgramData\A-PDF
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-20 21:03:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-20 21:03:55 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-20 21:03:54 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-20 21:03:53 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-20 21:03:52 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-20 21:03:51 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-20 21:03:45 ----A---- C:\Windows\system32\mshtml.dll
2011-06-20 21:03:44 ----A---- C:\Windows\system32\ieframe.dll
2011-06-20 21:03:43 ----A---- C:\Windows\system32\urlmon.dll
2011-06-20 21:03:43 ----A---- C:\Windows\system32\iertutil.dll
2011-06-20 21:03:41 ----A---- C:\Windows\system32\wininet.dll
2011-06-20 21:03:41 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\mstime.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\msfeedssync.exe
2011-06-20 21:03:40 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\licmgr10.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\ieui.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\iepeers.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\iedkcs32.dll
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-14 22:29:08 ----SHD---- C:\Windows\system32\Windupdt
2011-06-14 09:56:47 ----A---- C:\Windows\system32\prevhost.exe
2011-06-14 09:56:46 ----A---- C:\Windows\system32\vbscript.dll
2011-06-14 09:56:46 ----A---- C:\Windows\system32\jscript.dll
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnsapi.dll
2011-06-14 09:56:43 ----A---- C:\Windows\system32\atmlib.dll
2011-06-14 09:56:43 ----A---- C:\Windows\system32\atmfd.dll
2011-06-14 09:56:35 ----A---- C:\Windows\system32\win32k.sys
2011-06-14 09:56:34 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-06-14 09:56:33 ----A---- C:\Windows\system32\XpsPrint.dll
2011-06-14 09:56:32 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-06-14 09:56:31 ----A---- C:\Windows\explorer.exe
2011-06-14 09:56:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-06-14 09:56:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-06-14 09:56:28 ----A---- C:\Windows\system32\mfc42.dll
2011-06-14 09:56:27 ----A---- C:\Windows\system32\mfc42u.dll
2011-06-14 09:56:26 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-06-14 09:56:25 ----A---- C:\Windows\system32\poqexec.exe
2011-06-14 09:55:30 ----A---- C:\Windows\system32\drivers\Diskdump.sys

======List of files/folders modified in the last 1 month======

2011-07-13 16:26:31 ----D---- C:\Windows\Prefetch
2011-07-13 16:26:22 ----D---- C:\Program Files
2011-07-13 16:05:35 ----D---- C:\Windows\Temp
2011-07-13 15:52:50 ----D---- C:\Windows
2011-07-13 15:51:44 ----D---- C:\Users\ntb\AppData\Roaming\Winamp
2011-07-13 15:51:41 ----D---- C:\Windows\Minidump
2011-07-13 14:00:26 ----D---- C:\Windows\system32\config
2011-07-13 13:55:39 ----D---- C:\Windows\System32
2011-07-13 13:53:02 ----D---- C:\Users\ntb\AppData\Roaming\uTorrent
2011-07-13 13:51:57 ----D---- C:\Windows\system32\drivers
2011-07-13 12:26:25 ----SHD---- C:\Windows\Installer
2011-07-13 12:26:22 ----D---- C:\Windows\winsxs
2011-07-13 12:25:57 ----HD---- C:\ProgramData
2011-07-13 11:00:02 ----SHD---- C:\System Volume Information
2011-07-13 11:00:02 ----D---- C:\Program Files\Common Files
2011-07-13 10:57:54 ----AD---- C:\ProgramData\TEMP
2011-07-13 10:11:35 ----D---- C:\Windows\system32\catroot2
2011-07-13 10:11:35 ----D---- C:\Windows\system32\catroot
2011-07-12 19:55:28 ----D---- C:\Windows\system32\Tasks
2011-07-12 19:05:26 ----D---- C:\Windows\Logs
2011-07-12 19:05:20 ----D---- C:\Program Files\Microsoft Office
2011-07-12 16:45:23 ----D---- C:\Windows\Tasks
2011-07-12 16:45:23 ----D---- C:\Program Files\FLAC to MP3 Converter
2011-07-12 13:21:43 ----D---- C:\ProgramData\avg9
2011-07-12 12:03:30 ----RSD---- C:\Windows\Fonts
2011-07-07 19:33:08 ----D---- C:\Windows\inf
2011-07-07 19:33:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-06 16:59:47 ----RSD---- C:\Windows\assembly
2011-07-06 08:07:59 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-06 08:06:02 ----D---- C:\Program Files\Common Files\System
2011-07-06 08:06:02 ----A---- C:\Windows\win.ini
2011-07-05 17:31:04 ----D---- C:\Users\ntb\AppData\Roaming\Skype
2011-07-05 10:05:20 ----D---- C:\ProgramData\Skype
2011-07-05 09:58:30 ----D---- C:\Users\ntb\AppData\Roaming\Media Player Classic
2011-07-05 09:57:05 ----D---- C:\Windows\debug
2011-07-05 09:45:02 ----D---- C:\Windows\system32\DriverStore
2011-07-05 09:37:24 ----D---- C:\ProgramData\THQ
2011-07-05 09:37:18 ----D---- C:\Program Files\THQ
2011-07-05 09:37:17 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-05 09:20:51 ----SD---- C:\Users\ntb\AppData\Roaming\Microsoft
2011-07-05 09:17:07 ----D---- C:\Program Files\MSBuild
2011-07-05 09:16:50 ----D---- C:\Windows\ShellNew
2011-07-05 09:16:32 ----SD---- C:\ProgramData\Microsoft
2011-07-05 09:16:32 ----D---- C:\Program Files\Microsoft.NET
2011-06-29 15:54:41 ----D---- C:\Windows\Microsoft.NET
2011-06-28 08:08:05 ----D---- C:\Windows\system32\drivers\etc
2011-06-26 08:42:31 ----D---- C:\Program Files\Mozilla Firefox
2011-06-21 17:05:06 ----D---- C:\Windows\system32\NDF
2011-06-21 14:54:13 ----D---- C:\Windows\rescache
2011-06-21 12:51:22 ----D---- C:\Windows\system32\LogFiles
2011-06-21 11:42:15 ----D---- C:\Windows\system32\migration
2011-06-21 11:42:15 ----D---- C:\Program Files\Internet Explorer
2011-06-21 00:09:12 ----A---- C:\Windows\system32\MRT.exe
2011-06-20 20:41:08 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-06 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 101392]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-07-22 409088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 abupsa8j;abupsa8j; C:\Windows\system32\drivers\abupsa8j.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-15 212656]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 26168]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [2009-07-22 221266]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 sviooue;sviooue; C:\Windows\system32\drivers\sviooue.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1343400]

-----------------EOF-----------------

Zdravim a pekny den preji

Spyware Doctora odinstalujte, neni to zrovna kvalitni soft

Zkuste spustit ComboFix v nouzovem rezimu

dakujem za ochotu a strateny cas,

zial opat to iste. extrakcia, a cca v 1/2 nabehne blue screen a restart. mam to aj pofotene, mozem poslat na mail, ak to pomoze.
doctora som uz odinstaloval podstatne skor.

Spustte HJT a provedeme fixnuti polozek

HJT najdete zde C:\Program Files\trend micro\ntb.exe
Otevre se Vam okno, kliknete na Do a system scan only
V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10205&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com?o=15854&l=dis
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe"=-
"C:\Windows\TEMP\qkay\setup.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BDFFBC5DC7"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

:services
sviooue

:files
C:\Windows\tasks\At*.job
C:\Windows\tasks\Install_NSS.job
C:\Windows\tasks\Ohammiie.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\askcom.xml
C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\aconduit.xml
C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\awinamp-search.xml
C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe
C:\Windows\TEMP\qkay
C:\Windows\system32\svdhalp.exe
C:\Windows\system32\svdhalp.exe.ini
C:\Windows\system32\drivers\sviooue.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

vsetko som urobil podla vasho navodu. no log C:\_OTM\MovedFiles nikde nie je, hladal som ho , nic. kazdopadne ale ten Vas script prebehol. z pravej strany som skopiroval vystup. predpokladam, ze by to mal byt ten log :

PS: z casu na cas, mi AVAST pop upne hlasku, ze nasiel rootkitie MBR:\\.\PHYSICALDRVE0. momentalne po restarte ntb. Odstranim ho , no nepomaha to.

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Windows\TEMP\qkay\setup.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\BDFFBC5DC7 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== SERVICES/DRIVERS ==========
Service sviooue stopped successfully!
Service sviooue deleted successfully!
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\Install_NSS.job moved successfully.
C:\Windows\tasks\Ohammiie.job moved successfully.
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\askcom.xml moved successfully.
File/Folder C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\aconduit.xml not found.
File/Folder C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\awinamp-search.xml not found.
File/Folder C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe not found.
File/Folder C:\Windows\TEMP\qkay not found.
C:\Windows\system32\svdhalp.exe moved successfully.
C:\Windows\system32\svdhalp.exe.ini moved successfully.
File/Folder C:\Windows\system32\drivers\sviooue.exe not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: ntb
->Temp folder emptied: 67006383 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->FireFox cache emptied: 25354288 bytes
->Flash cache emptied: 869 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202814 bytes
RecycleBin emptied: 67505183 bytes

Total Files Cleaned = 153,00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 07132011_205132

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

2011/07/13 21:37:35.0168 2620 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 21:37:35.0362 2620 ================================================================================
2011/07/13 21:37:35.0363 2620 SystemInfo:
2011/07/13 21:37:35.0363 2620
2011/07/13 21:37:35.0363 2620 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/13 21:37:35.0363 2620 Product type: Workstation
2011/07/13 21:37:35.0363 2620 ComputerName: NTB-PC
2011/07/13 21:37:35.0364 2620 UserName: ntb
2011/07/13 21:37:35.0364 2620 Windows directory: C:\Windows
2011/07/13 21:37:35.0364 2620 System windows directory: C:\Windows
2011/07/13 21:37:35.0364 2620 Processor architecture: Intel x86
2011/07/13 21:37:35.0364 2620 Number of processors: 2
2011/07/13 21:37:35.0364 2620 Page size: 0x1000
2011/07/13 21:37:35.0364 2620 Boot type: Normal boot
2011/07/13 21:37:35.0364 2620 ================================================================================
2011/07/13 21:37:36.0565 2620 Initialize success
2011/07/13 21:37:54.0797 3388 ================================================================================
2011/07/13 21:37:54.0798 3388 Scan started
2011/07/13 21:37:54.0798 3388 Mode: Manual;
2011/07/13 21:37:54.0798 3388 ================================================================================
2011/07/13 21:37:55.0267 3388 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/13 21:37:55.0357 3388 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/07/13 21:37:55.0408 3388 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/13 21:37:55.0481 3388 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/13 21:37:55.0558 3388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 21:37:55.0696 3388 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 21:37:55.0819 3388 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 21:37:55.0952 3388 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/13 21:37:56.0047 3388 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/13 21:37:56.0133 3388 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/13 21:37:56.0216 3388 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/13 21:37:56.0348 3388 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/13 21:37:56.0389 3388 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/13 21:37:56.0480 3388 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 21:37:56.0516 3388 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 21:37:56.0613 3388 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/13 21:37:56.0699 3388 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 21:37:56.0759 3388 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/13 21:37:56.0842 3388 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/13 21:37:56.0921 3388 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 21:37:56.0989 3388 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 21:37:57.0117 3388 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/13 21:37:57.0218 3388 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/13 21:37:57.0324 3388 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/07/13 21:37:57.0402 3388 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/07/13 21:37:57.0519 3388 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/07/13 21:37:57.0607 3388 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/07/13 21:37:57.0698 3388 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 21:37:57.0741 3388 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/13 21:37:57.0833 3388 AtiHdmiService (0bf168115851f9a7e070dc16901cf7c1) C:\Windows\system32\drivers\AtiHdmi.sys
2011/07/13 21:37:57.0991 3388 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/13 21:37:58.0244 3388 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/13 21:37:58.0343 3388 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/13 21:37:58.0461 3388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/13 21:37:58.0532 3388 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 21:37:58.0604 3388 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 21:37:58.0646 3388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 21:37:58.0720 3388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 21:37:58.0797 3388 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 21:37:58.0869 3388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 21:37:58.0918 3388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 21:37:58.0959 3388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 21:37:59.0043 3388 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 21:37:59.0158 3388 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 21:37:59.0286 3388 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/13 21:37:59.0413 3388 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 21:37:59.0471 3388 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/13 21:37:59.0593 3388 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 21:37:59.0634 3388 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/13 21:37:59.0719 3388 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/13 21:37:59.0784 3388 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 21:37:59.0888 3388 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/13 21:37:59.0990 3388 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 21:38:00.0110 3388 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 21:38:00.0152 3388 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/13 21:38:00.0228 3388 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 21:38:00.0309 3388 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 21:38:00.0382 3388 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 21:38:00.0544 3388 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/13 21:38:00.0724 3388 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 21:38:00.0849 3388 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/13 21:38:00.0946 3388 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/13 21:38:01.0058 3388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/13 21:38:01.0104 3388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 21:38:01.0207 3388 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 21:38:01.0270 3388 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 21:38:01.0351 3388 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 21:38:01.0395 3388 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 21:38:01.0491 3388 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 21:38:01.0546 3388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 21:38:01.0626 3388 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 21:38:01.0704 3388 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 21:38:01.0818 3388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 21:38:01.0944 3388 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
2011/07/13 21:38:02.0001 3388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 21:38:02.0111 3388 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 21:38:02.0196 3388 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/13 21:38:02.0270 3388 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 21:38:02.0317 3388 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 21:38:02.0396 3388 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 21:38:02.0504 3388 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/13 21:38:02.0603 3388 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/07/13 21:38:02.0655 3388 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/13 21:38:02.0747 3388 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 21:38:02.0822 3388 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 21:38:02.0953 3388 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 21:38:03.0046 3388 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/13 21:38:03.0179 3388 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 21:38:03.0240 3388 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/13 21:38:03.0337 3388 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 21:38:03.0390 3388 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 21:38:03.0492 3388 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/13 21:38:03.0540 3388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 21:38:03.0630 3388 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/13 21:38:03.0668 3388 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/13 21:38:03.0725 3388 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/13 21:38:03.0834 3388 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/13 21:38:03.0935 3388 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/13 21:38:03.0993 3388 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/13 21:38:04.0082 3388 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 21:38:04.0158 3388 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 21:38:04.0294 3388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 21:38:04.0424 3388 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 21:38:04.0519 3388 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 21:38:04.0585 3388 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 21:38:04.0682 3388 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 21:38:04.0756 3388 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/13 21:38:04.0845 3388 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 21:38:04.0926 3388 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 21:38:05.0066 3388 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/13 21:38:05.0152 3388 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 21:38:05.0237 3388 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 21:38:05.0337 3388 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 21:38:05.0384 3388 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 21:38:05.0472 3388 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/13 21:38:05.0512 3388 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 21:38:05.0613 3388 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 21:38:05.0705 3388 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 21:38:05.0782 3388 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 21:38:05.0841 3388 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 21:38:05.0945 3388 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/13 21:38:05.0978 3388 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/13 21:38:06.0087 3388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 21:38:06.0135 3388 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 21:38:06.0209 3388 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/13 21:38:06.0283 3388 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 21:38:06.0379 3388 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 21:38:06.0430 3388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 21:38:06.0510 3388 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 21:38:06.0552 3388 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/13 21:38:06.0604 3388 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 21:38:06.0669 3388 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 21:38:06.0700 3388 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/13 21:38:06.0763 3388 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 21:38:06.0854 3388 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/13 21:38:06.0937 3388 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 21:38:06.0999 3388 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 21:38:07.0022 3388 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 21:38:07.0066 3388 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 21:38:07.0113 3388 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 21:38:07.0154 3388 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 21:38:07.0185 3388 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 21:38:07.0412 3388 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/07/13 21:38:07.0738 3388 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/13 21:38:07.0928 3388 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 21:38:07.0995 3388 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
2011/07/13 21:38:08.0058 3388 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
2011/07/13 21:38:08.0118 3388 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
2011/07/13 21:38:08.0215 3388 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
2011/07/13 21:38:08.0272 3388 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 21:38:08.0307 3388 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 21:38:08.0377 3388 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 21:38:08.0461 3388 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/13 21:38:08.0504 3388 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/13 21:38:08.0570 3388 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/13 21:38:08.0617 3388 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/13 21:38:08.0682 3388 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/13 21:38:08.0820 3388 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 21:38:08.0863 3388 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 21:38:08.0903 3388 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/13 21:38:08.0977 3388 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/13 21:38:09.0024 3388 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/13 21:38:09.0099 3388 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 21:38:09.0147 3388 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/13 21:38:09.0237 3388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/13 21:38:09.0397 3388 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 21:38:09.0477 3388 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 21:38:09.0563 3388 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 21:38:09.0657 3388 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 21:38:09.0744 3388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 21:38:09.0811 3388 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 21:38:09.0869 3388 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 21:38:09.0974 3388 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 21:38:10.0054 3388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 21:38:10.0144 3388 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 21:38:10.0188 3388 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 21:38:10.0247 3388 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 21:38:10.0307 3388 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 21:38:10.0369 3388 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 21:38:10.0442 3388 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 21:38:10.0489 3388 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 21:38:10.0532 3388 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 21:38:10.0608 3388 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 21:38:10.0689 3388 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 21:38:10.0777 3388 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/13 21:38:10.0856 3388 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/13 21:38:10.0928 3388 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 21:38:11.0000 3388 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/13 21:38:11.0104 3388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 21:38:11.0158 3388 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 21:38:11.0224 3388 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 21:38:11.0250 3388 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 21:38:11.0385 3388 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\Windows\system32\drivers\sfdrv01.sys
2011/07/13 21:38:11.0416 3388 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/13 21:38:11.0495 3388 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/13 21:38:11.0546 3388 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/13 21:38:11.0652 3388 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\Windows\system32\drivers\sfhlp02.sys
2011/07/13 21:38:11.0707 3388 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 21:38:11.0818 3388 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\Windows\system32\drivers\sfsync02.sys
2011/07/13 21:38:11.0930 3388 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/13 21:38:12.0031 3388 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 21:38:12.0106 3388 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 21:38:12.0177 3388 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 21:38:12.0284 3388 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/13 21:38:12.0409 3388 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/13 21:38:12.0409 3388 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/13 21:38:12.0425 3388 sptd - detected LockedFile.Multi.Generic (1)
2011/07/13 21:38:12.0520 3388 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 21:38:12.0573 3388 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 21:38:12.0647 3388 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 21:38:12.0742 3388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 21:38:12.0819 3388 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/13 21:38:12.0920 3388 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/13 21:38:13.0025 3388 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/13 21:38:13.0182 3388 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 21:38:13.0336 3388 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 21:38:13.0426 3388 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 21:38:13.0489 3388 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 21:38:13.0546 3388 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 21:38:13.0604 3388 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 21:38:13.0640 3388 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/13 21:38:13.0941 3388 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 21:38:14.0059 3388 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 21:38:14.0123 3388 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 21:38:14.0197 3388 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 21:38:14.0305 3388 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/13 21:38:14.0387 3388 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/13 21:38:14.0468 3388 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 21:38:14.0534 3388 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/13 21:38:14.0621 3388 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/13 21:38:14.0681 3388 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/13 21:38:14.0760 3388 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 21:38:14.0830 3388 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/13 21:38:14.0919 3388 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 21:38:14.0968 3388 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/13 21:38:15.0071 3388 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/13 21:38:15.0193 3388 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/13 21:38:15.0304 3388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/13 21:38:15.0356 3388 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 21:38:15.0434 3388 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/13 21:38:15.0479 3388 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/13 21:38:15.0570 3388 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/13 21:38:15.0624 3388 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/13 21:38:15.0704 3388 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/13 21:38:15.0747 3388 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/13 21:38:15.0829 3388 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 21:38:15.0899 3388 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/13 21:38:15.0980 3388 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 21:38:16.0084 3388 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/13 21:38:16.0179 3388 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/13 21:38:16.0269 3388 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/13 21:38:16.0364 3388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 21:38:16.0405 3388 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 21:38:16.0427 3388 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 21:38:16.0530 3388 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 21:38:16.0588 3388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 21:38:16.0711 3388 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 21:38:16.0763 3388 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 21:38:16.0902 3388 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/13 21:38:16.0992 3388 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/13 21:38:17.0095 3388 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 21:38:17.0178 3388 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 21:38:17.0258 3388 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 21:38:17.0343 3388 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/07/13 21:38:17.0349 3388 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/13 21:38:17.0358 3388 Boot (0x1200) (2a0bddd14f543203a05c11cd9929fc23) \Device\Harddisk0\DR0\Partition0
2011/07/13 21:38:17.0395 3388 Boot (0x1200) (330ce4fe63478047631ced11349ca62c) \Device\Harddisk0\DR0\Partition1
2011/07/13 21:38:17.0400 3388 ================================================================================
2011/07/13 21:38:17.0400 3388 Scan finished
2011/07/13 21:38:17.0400 3388 ================================================================================
2011/07/13 21:38:17.0411 3232 Detected object count: 2
2011/07/13 21:38:17.0411 3232 Actual detected object count: 2
2011/07/13 21:38:48.0650 3232 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/13 21:38:48.0761 3232 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/13 21:38:48.0762 3232 \Device\Harddisk0\DR0 - ok
2011/07/13 21:38:48.0765 3232 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/13 21:38:58.0869 2408 Deinitialize success

Ja ho tam tusil od zacatku

Proto i CFko zrejme neslo

Zkuste nyni spustit ComboFix

ospravedlnujem sa za oneskorenie. mali ste pravdu, spustit isiel, no zabudol som vypnut resident shieldy. mam avasta, no i tak mi este detekovalo AVG - ten mam odistalovany. ked som dal hladat AVG, naslo ho v startupe. mozno iba to mu vadilo. kazdopadne ok dobehol a log je tu :

ComboFix 11-07-12.02 - ntb . 07. 2011 22:12:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3039.1954 [GMT 2:00]
Running from: c:\users\ntb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\programdata\Microsoft\id.txt
c:\users\ntb\AppData\Roaming\Local
c:\windows\keys.ini
c:\windows\syskey2i.drv
c:\windows\system32\svdhalp.exe
c:\windows\system32\svdhalp.exe.ini
c:\windows\system32\Windupdt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 14:26 . 2011-07-13 14:26 -------- d-----w- C:\rsit
2011-07-13 14:26 . 2011-07-13 14:26 -------- d-----w- c:\program files\trend micro
2011-07-13 11:51 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-13 11:09 . 2011-07-13 11:09 -------- d-----w- c:\program files\AxBx
2011-07-13 10:26 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-13 10:26 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-13 10:26 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-13 10:26 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-13 10:26 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-13 10:25 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-13 10:25 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-13 10:25 . 2011-07-13 10:25 -------- d-----w- c:\programdata\Alwil Software
2011-07-13 10:25 . 2011-07-13 10:25 -------- d-----w- c:\program files\Alwil Software
2011-07-13 09:03 . 2011-07-13 09:03 -------- d-----w- c:\users\ntb\AppData\Local\Diagnostics
2011-07-13 08:09 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B5069F5-3844-4F17-AD89-8C71E6E586F6}\mpengine.dll
2011-07-12 17:58 . 2011-07-12 17:58 -------- d-----w- c:\program files\Defraggler
2011-07-12 17:50 . 2011-07-12 17:50 -------- d-----w- c:\users\ntb\AppData\Local\GHISLER
2011-07-12 17:08 . 2011-07-13 20:11 -------- d-----w- C:\32788R22FWJFW
2011-07-12 11:13 . 2011-07-13 09:00 -------- d-----w- c:\program files\PC Tools Security
2011-07-12 09:25 . 2011-07-13 08:57 -------- d-----w- c:\programdata\PC Tools
2011-07-06 06:06 . 2011-07-06 06:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-05 08:05 . 2011-07-05 08:05 -------- d-----r- c:\program files\Skype
2011-07-05 07:18 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-07-05 07:18 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-07-05 07:17 . 2011-07-06 06:07 -------- d-----w- c:\program files\Microsoft Works
2011-07-05 07:16 . 2011-07-05 07:16 -------- d-----w- c:\windows\PCHEALTH
2011-07-05 07:15 . 2011-07-05 07:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-07-05 07:14 . 2011-07-05 07:14 -------- d-----w- c:\users\ntb\AppData\Local\Microsoft Help
2011-07-05 07:14 . 2011-07-06 15:01 -------- d-----w- c:\programdata\Microsoft Help
2011-07-05 07:13 . 2011-07-05 07:13 -------- d-----r- C:\MSOCache
2011-06-29 06:04 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:03 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 06:03 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 06:03 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 06:03 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 06:03 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 06:03 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 06:03 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 06:03 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 06:03 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-23 13:12 . 2011-05-16 09:04 509440 ----a-w- c:\windows\system32\apdfflipbookcreator.dll
2011-06-23 13:12 . 2011-06-23 13:12 -------- d-----w- c:\programdata\A-PDF
2011-06-23 06:16 . 2011-06-23 06:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 06:16 . 2011-06-23 06:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-14 07:56 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-14 07:55 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-08-06 08:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-08 19:25 . 2011-05-08 19:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-05-08 19:25 . 2011-05-08 19:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-06-23 06:16 . 2011-03-26 18:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"win7"="c:\windows\system32\Windupdt\win7.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-06 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5BFDA7BA-FCA1-1CDD-79BC-DC5FA0BE9F7D}]
c:\windows\system32\config\systemprofile\AppData\Roaming\Windows.exe [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.202.222 192.168.202.213
FF - ProfilePath - c:\users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-13 22:21:10
ComboFix-quarantined-files.txt 2011-07-13 20:21
.
Pre-Run: 156 581 634 048 bytes free
Post-Run: 156 558 213 120 bytes free
.
- - End Of File - - 1468A369FDACC93C719E4371355F4694

Prozente PC AVG removerem http://download.avg.com/filedir/util/su ... 1_1184.exe

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\config\systemprofile\AppData\Roaming\Windows.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5BFDA7BA-FCA1-1CDD-79BC-DC5FA0BE9F7D}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=-
"win7"=-

RenV::
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe

SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
{5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
{E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AtJob::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

nesla spustit mozzila, po restarte ok. ten AVG je stale kdesi v appdata a pod , ked dam hladat AVG v commanderi, najde ho. Combofixu to vsak nevadi, su to asi nejake pozostatky. CCScleaner tiez nezabera.

ComboFix 11-07-13.04 - ntb . 07. 2011 8:19.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3039.2057 [GMT 2:00]
Running from: c:\users\ntb\Desktop\ComboFix.exe
Command switches used :: c:\users\ntb\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 06:26 . 2011-07-14 06:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-14 06:26 . 2011-07-14 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-13 14:26 . 2011-07-13 14:26 -------- d-----w- C:\rsit
2011-07-13 14:26 . 2011-07-13 14:26 -------- d-----w- c:\program files\trend micro
2011-07-13 11:51 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-13 11:09 . 2011-07-13 11:09 -------- d-----w- c:\program files\AxBx
2011-07-13 10:26 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-13 10:26 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-13 10:26 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-13 10:26 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-13 10:26 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-13 10:25 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-13 10:25 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-13 10:25 . 2011-07-13 10:25 -------- d-----w- c:\programdata\Alwil Software
2011-07-13 10:25 . 2011-07-13 10:25 -------- d-----w- c:\program files\Alwil Software
2011-07-13 09:03 . 2011-07-13 09:03 -------- d-----w- c:\users\ntb\AppData\Local\Diagnostics
2011-07-13 08:12 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-13 08:12 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-13 08:12 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-13 08:12 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-13 08:12 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-13 08:12 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-13 08:12 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-13 08:09 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B5069F5-3844-4F17-AD89-8C71E6E586F6}\mpengine.dll
2011-07-12 17:58 . 2011-07-12 17:58 -------- d-----w- c:\program files\Defraggler
2011-07-12 17:50 . 2011-07-12 17:50 -------- d-----w- c:\users\ntb\AppData\Local\GHISLER
2011-07-12 11:13 . 2011-07-13 09:00 -------- d-----w- c:\program files\PC Tools Security
2011-07-12 09:25 . 2011-07-13 08:57 -------- d-----w- c:\programdata\PC Tools
2011-07-06 06:06 . 2011-07-06 06:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-05 08:05 . 2011-07-05 08:05 -------- d-----r- c:\program files\Skype
2011-07-05 07:18 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-07-05 07:18 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-07-05 07:17 . 2011-07-06 06:07 -------- d-----w- c:\program files\Microsoft Works
2011-07-05 07:16 . 2011-07-05 07:16 -------- d-----w- c:\windows\PCHEALTH
2011-07-05 07:15 . 2011-07-05 07:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-07-05 07:14 . 2011-07-05 07:14 -------- d-----w- c:\users\ntb\AppData\Local\Microsoft Help
2011-07-05 07:14 . 2011-07-13 21:57 -------- d-----w- c:\programdata\Microsoft Help
2011-07-05 07:13 . 2011-07-05 07:13 -------- d-----r- C:\MSOCache
2011-06-29 06:04 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:03 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 06:03 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 06:03 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 06:03 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 06:03 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 06:03 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 06:03 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 06:03 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 06:03 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-23 13:12 . 2011-05-16 09:04 509440 ----a-w- c:\windows\system32\apdfflipbookcreator.dll
2011-06-23 13:12 . 2011-06-23 13:12 -------- d-----w- c:\programdata\A-PDF
2011-06-23 06:16 . 2011-06-23 06:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 06:16 . 2011-06-23 06:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-14 07:56 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-14 07:55 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-08-06 08:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-08 19:25 . 2011-05-08 19:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-05-08 19:25 . 2011-05-08 19:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-06-23 06:16 . 2011-03-26 18:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-06 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.202.222 192.168.202.213
FF - ProfilePath - c:\users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3924)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\PEV.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-07-14 08:32:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 06:32
ComboFix2.txt 2011-07-13 20:21
.
Pre-Run: 156 724 617 216 bytes free
Post-Run: 156 648 677 376 bytes free
.
- - End Of File - - 4E46C7F3B73F589769230A33CD8A5BB3

To jsou opravdu jen pozustatky, zalohy, karanteny atd. Doporucuji rucne vymazat

Avast je daleko lepsi ochranou

Jak se chova PC

zatial pohoda. ziadne hlasenia avastu atd. uvidime casom

staci len avast, alebo by bolo dobre nainstalovat aj nieco ine ? nieco na spy atd ?

po boote WIN dostavam stale oznam > the installer StarForce Protection driver is not compatiblr with this version of Win and will be desabled

to ale nesuvisi s virom...

Zkuste StarForce preinstalovat - jelikoz muselo dojit k oprave mbr sektoru

Doporucuji kompletni zmenu hesel - TDL rootkit rad hesla krade a havet si i vesele povidala s okolim

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /UninstallA
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Poprosim o novy log z RSIT

dobry den,
ospravedlnujem sa za par-dnove meskanie.
vybral som 3 mesacny scan.
Logfile of random's system information tool 1.09 (written by random/random)
Run by ntb at 2011-07-17 17:38:06
Microsoft Windows 7 Home Premium
System drive C: has 151 GB (32%) free of 466 GB
Total RAM: 3039 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:08, on 17. 7. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ntb\Downloads\RSIT.exe
C:\Program Files\trend micro\ntb.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

--
End of file - 3122 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default

prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, support@predictad.com:1.11, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
acpro.xml
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\extensions\
engine@conduit.com
support@predictad.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\e09fhc5r.default\searchplugins\
askcom.xml
conduit.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe"="C:\Windows\system32\config\systemprofile\AppData\Roaming\Windows.exe:*:Enabled:Windows Messanger"
"C:\Windows\TEMP\qkay\setup.exe"="C:\Windows\TEMP\qkay\setup.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2011-07-17 17:36:13 ----D---- C:\rsit
2011-07-14 08:33:01 ----D---- C:\Windows\temp
2011-07-14 08:32:13 ----SHD---- C:\$RECYCLE.BIN
2011-07-13 22:11:33 ----D---- C:\Windows\ERDNT
2011-07-13 16:26:22 ----D---- C:\Program Files\trend micro
2011-07-13 13:51:57 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-13 12:26:31 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-13 12:26:31 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-13 12:26:30 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-13 12:26:28 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-13 12:26:26 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-13 12:25:59 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-13 12:25:59 ----A---- C:\Windows\avastSS.scr
2011-07-13 12:25:57 ----D---- C:\ProgramData\Alwil Software
2011-07-13 12:25:57 ----D---- C:\Program Files\Alwil Software
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-07-13 10:12:04 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-07-13 10:11:59 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-07-13 10:11:58 ----A---- C:\Windows\system32\esent.dll
2011-07-13 10:11:58 ----A---- C:\Windows\system32\drivers\storport.sys
2011-07-13 10:11:58 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-07-13 10:11:58 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-07-13 10:11:58 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-07-13 10:11:57 ----A---- C:\Windows\system32\fsutil.exe
2011-07-13 10:11:57 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-07-13 10:11:57 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-07-13 10:11:57 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-07-13 10:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 10:11:48 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 10:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 10:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 10:11:44 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 10:11:44 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 10:11:44 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 10:11:41 ----A---- C:\Windows\system32\win32k.sys
2011-07-12 13:13:15 ----D---- C:\Program Files\PC Tools Security
2011-07-12 12:53:10 ----A---- C:\Windows\system32\drivers\Cat.DB
2011-07-12 11:25:54 ----D---- C:\ProgramData\PC Tools
2011-07-05 10:05:22 ----RD---- C:\Program Files\Skype
2011-07-05 09:18:53 ----A---- C:\Windows\system32\msonpmon.dll
2011-07-05 09:17:17 ----D---- C:\Program Files\Microsoft Works
2011-07-05 09:16:51 ----D---- C:\Program Files\Microsoft Visual Studio
2011-07-05 09:16:51 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-05 09:16:32 ----D---- C:\Windows\PCHEALTH
2011-07-05 09:15:14 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-07-05 09:14:46 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 09:13:24 ----RD---- C:\MSOCache
2011-06-29 08:04:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 08:03:57 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 08:03:57 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 08:03:56 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-23 15:12:35 ----A---- C:\Windows\system32\apdfflipbookcreator.dll
2011-06-23 15:12:34 ----D---- C:\ProgramData\A-PDF
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-20 21:03:57 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-20 21:03:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-20 21:03:55 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-20 21:03:54 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-20 21:03:53 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-20 21:03:52 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-20 21:03:51 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-20 21:03:45 ----A---- C:\Windows\system32\mshtml.dll
2011-06-20 21:03:44 ----A---- C:\Windows\system32\ieframe.dll
2011-06-20 21:03:43 ----A---- C:\Windows\system32\urlmon.dll
2011-06-20 21:03:43 ----A---- C:\Windows\system32\iertutil.dll
2011-06-20 21:03:41 ----A---- C:\Windows\system32\wininet.dll
2011-06-20 21:03:41 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\mstime.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\msfeedssync.exe
2011-06-20 21:03:40 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\licmgr10.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\ieui.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\iepeers.dll
2011-06-20 21:03:40 ----A---- C:\Windows\system32\iedkcs32.dll
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-20 21:03:38 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-14 09:56:47 ----A---- C:\Windows\system32\prevhost.exe
2011-06-14 09:56:46 ----A---- C:\Windows\system32\vbscript.dll
2011-06-14 09:56:46 ----A---- C:\Windows\system32\jscript.dll
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-06-14 09:56:45 ----A---- C:\Windows\system32\dnsapi.dll
2011-06-14 09:56:43 ----A---- C:\Windows\system32\atmlib.dll
2011-06-14 09:56:43 ----A---- C:\Windows\system32\atmfd.dll
2011-06-14 09:56:34 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-06-14 09:56:33 ----A---- C:\Windows\system32\XpsPrint.dll
2011-06-14 09:56:32 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-06-14 09:56:31 ----A---- C:\Windows\explorer.exe
2011-06-14 09:56:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-06-14 09:56:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-06-14 09:56:28 ----A---- C:\Windows\system32\mfc42.dll
2011-06-14 09:56:27 ----A---- C:\Windows\system32\mfc42u.dll
2011-06-14 09:56:26 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-06-14 09:56:25 ----A---- C:\Windows\system32\poqexec.exe
2011-06-14 09:55:30 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-08 21:26:02 ----A---- C:\Windows\system32\LMRTREND.dll
2011-05-08 21:26:02 ----A---- C:\Windows\system32\LMRT.dll
2011-05-08 21:26:02 ----A---- C:\Windows\system32\dxtmsft3.dll
2011-05-08 21:26:01 ----A---- C:\Windows\system32\unam4ie.exe
2011-05-08 21:26:01 ----A---- C:\Windows\system32\strmdll.dll
2011-05-08 21:25:59 ----A---- C:\Windows\system32\w95inf32.dll
2011-05-08 21:25:59 ----A---- C:\Windows\system32\w95inf16.dll
2011-05-08 21:25:59 ----A---- C:\Windows\system32\vidx16.dll
2011-05-08 21:25:59 ----A---- C:\Windows\system32\qcut.dll
2011-05-08 21:25:59 ----A---- C:\Windows\system32\danim.dll
2011-05-08 21:25:03 ----A---- C:\trace.ini
2011-05-08 21:24:47 ----D---- C:\Program Files\Auralog
2011-05-08 21:24:21 ----A---- C:\Windows\err.txt

======List of files/folders modified in the last 3 months======

2011-07-17 17:33:24 ----D---- C:\Windows\system32\config
2011-07-17 17:32:01 ----D---- C:\Windows\Minidump
2011-07-17 17:32:01 ----D---- C:\Windows\debug
2011-07-17 17:32:01 ----D---- C:\Windows
2011-07-17 17:30:31 ----D---- C:\Program Files
2011-07-17 17:27:38 ----D---- C:\Windows\Prefetch
2011-07-17 17:15:07 ----SHD---- C:\System Volume Information
2011-07-17 17:12:02 ----D---- C:\Windows\system32\drivers
2011-07-14 09:57:37 ----D---- C:\Users\ntb\AppData\Roaming\uTorrent
2011-07-14 09:51:00 ----D---- C:\ProgramData
2011-07-14 08:28:07 ----A---- C:\Windows\system.ini
2011-07-14 08:28:00 ----D---- C:\Windows\system32\drivers\etc
2011-07-14 08:22:15 ----D---- C:\Windows\System32
2011-07-14 08:22:15 ----D---- C:\Windows\AppPatch
2011-07-14 08:22:13 ----D---- C:\Program Files\Common Files
2011-07-14 07:32:58 ----D---- C:\Windows\inf
2011-07-14 07:32:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-13 23:57:32 ----SHD---- C:\Windows\Installer
2011-07-13 22:55:08 ----D---- C:\Windows\winsxs
2011-07-13 22:53:07 ----D---- C:\Windows\system32\en-US
2011-07-13 22:53:05 ----D---- C:\Windows\system32\DriverStore
2011-07-13 22:50:10 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 22:21:10 ----D---- C:\Windows\system32\Tasks
2011-07-13 22:20:42 ----D---- C:\Windows\Tasks
2011-07-13 22:18:08 ----SD---- C:\ProgramData\Microsoft
2011-07-13 21:41:23 ----D---- C:\Windows\system32\catroot2
2011-07-13 15:51:44 ----D---- C:\Users\ntb\AppData\Roaming\Winamp
2011-07-13 10:57:54 ----AD---- C:\ProgramData\TEMP
2011-07-13 10:11:35 ----D---- C:\Windows\system32\catroot
2011-07-12 19:05:26 ----D---- C:\Windows\Logs
2011-07-12 19:05:20 ----D---- C:\Program Files\Microsoft Office
2011-07-12 16:45:23 ----D---- C:\Program Files\FLAC to MP3 Converter
2011-07-12 12:03:30 ----RSD---- C:\Windows\Fonts
2011-07-06 16:59:47 ----RSD---- C:\Windows\assembly
2011-07-06 08:07:59 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-06 08:06:02 ----D---- C:\Program Files\Common Files\System
2011-07-06 08:06:02 ----A---- C:\Windows\win.ini
2011-07-05 17:31:04 ----D---- C:\Users\ntb\AppData\Roaming\Skype
2011-07-05 10:05:20 ----D---- C:\ProgramData\Skype
2011-07-05 09:58:30 ----D---- C:\Users\ntb\AppData\Roaming\Media Player Classic
2011-07-05 09:37:24 ----D---- C:\ProgramData\THQ
2011-07-05 09:37:18 ----D---- C:\Program Files\THQ
2011-07-05 09:37:17 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-05 09:20:51 ----SD---- C:\Users\ntb\AppData\Roaming\Microsoft
2011-07-05 09:17:07 ----D---- C:\Program Files\MSBuild
2011-07-05 09:16:50 ----D---- C:\Windows\ShellNew
2011-07-05 09:16:32 ----D---- C:\Program Files\Microsoft.NET
2011-06-29 15:54:41 ----D---- C:\Windows\Microsoft.NET
2011-06-26 08:42:31 ----D---- C:\Program Files\Mozilla Firefox
2011-06-21 17:05:06 ----D---- C:\Windows\system32\NDF
2011-06-21 14:54:13 ----D---- C:\Windows\rescache
2011-06-21 12:51:22 ----D---- C:\Windows\system32\LogFiles
2011-06-21 11:42:15 ----D---- C:\Windows\system32\migration
2011-06-21 11:42:15 ----D---- C:\Program Files\Internet Explorer
2011-06-02 18:28:30 ----D---- C:\Users\ntb\AppData\Roaming\skypePM
2011-05-24 19:14:10 ----N---- C:\Windows\system32\MpSigStub.exe
2011-05-08 21:26:02 ----D---- C:\Program Files\Windows Media Player
2011-05-08 21:26:01 ----D---- C:\Windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-06 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 101392]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-07-22 409088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 avnug8x1;avnug8x1; C:\Windows\system32\drivers\avnug8x1.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-15 212656]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 26168]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [2009-07-22 221266]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1343400]

-----------------EOF-----------------

VIRY.CZ

System process at address 0x3BC3 have just crashed, please f

System process at address 0x3BC3 have just crashed, please f

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea

Re: System process at address 0x3BC3 have just crashed, plea