PC stále odosiela packety

[hrban666]

problém je ten že som v škole na NB naťahal nejakú háveď asi cez USB
použil som KAV, spyware doctor, aj eset online scanner čo našlo som vymazal ale stále to odosiela
včera som pozeral na desktop bol v pohode a dnes už aj desktop odosiela packety

pridávam logy
Z NB
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-06 00:08:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (4%) free of 277 GB
Total RAM: 2943 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:08:10, on 6. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Cain\Cain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Admin\My Documents\Preberanie\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Random Wallpapers] C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D590507-BED2-4B7D-A4C5-0C4E002340CD}: NameServer = 192.108.131.11,194.160.44.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6035E575-58B2-4E24-B5B0-1D8C37A71294}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Documents and Settings\Admin\AppData\LocalLow\Microńoft\redir.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11534 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2010-03-28 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-10-23 376921]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
""= []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
""= []
"Random Wallpapers"=C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe [2004-05-07 1331712]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-13 319792]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-09-18 5376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server"
"C:\Veci\New folder\GHostOne\GHostOne.exe"="C:\Veci\New folder\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot"
"C:\Veci\New folder\GHostOne\ghost.exe"="C:\Veci\New folder\GHostOne\ghost.exe:*:Enabled:ghost"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE"="C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe"="C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe:*:Enabled:USP"
"C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe"="C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4"
"C:\Users\Admin\My Documents\Preberanie\winbox.exe"="C:\Users\Admin\My Documents\Preberanie\winbox.exe:*:Enabled:winbox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Cain\Cain.exe"="C:\Program Files\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28eca089-b5c9-11de-99db-00120e297bad}]
shell\AutoRun\command - G:\sources\sperr32.exe x64

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32b6c2a8-dc37-11de-9a08-00120e297bad}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\winmb.dll,AddAtomT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beb60f15-be73-11de-99e6-00120e297bad}]
shell\AutoRun\command - I:\
shell\open\command - rundll32.exe .\msdtfp.dll,AddAtomT


======List of files/folders created in the last 1 months======

2010-04-06 00:08:02 ----D---- C:\Program Files\trend micro
2010-04-06 00:08:01 ----D---- C:\rsit
2010-04-05 23:59:17 ----D---- C:\Program Files\HJT
2010-04-02 11:56:19 ----D---- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 11:56:19 ----D---- C:\Program Files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 11:56:04 ----A---- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed Setup Log.txt
2010-04-02 10:38:15 ----D---- C:\Program Files\Virtual Villagers - The Secret City
2010-04-01 20:02:32 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-01 20:02:31 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-01 19:44:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\Admin\Application Data\PC Tools
2010-03-31 20:30:07 ----D---- C:\Program Files\ESET
2010-03-28 17:19:55 ----D---- C:\Program Files\Kaspersky Lab
2010-03-28 17:19:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-28 17:13:41 ----D---- C:\WINDOWS\Prefetch
2010-03-28 17:08:58 ----A---- C:\WINDOWS\kaio.INI
2010-03-28 17:03:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-18 17:40:12 ----A---- C:\WINDOWS\system32\wpa.bak
2010-03-18 17:35:24 ----A---- C:\WINDOWS\system32\antiwpa.dll
2010-03-18 16:59:47 ----D---- C:\Program Files\OpenTTD
2010-03-17 22:18:19 ----D---- C:\Program Files\Toshiba
2010-03-17 21:56:51 ----A---- C:\WINDOWS\setuplog.txt
2010-03-17 14:23:25 ----D---- C:\WINDOWS\Minidump
2010-03-17 14:10:38 ----HD---- C:\WINDOWS\PIF
2010-03-13 13:48:25 ----D---- C:\WINDOWS\KeyChanger Windows Edition
2010-03-13 13:48:25 ----D---- C:\Program Files\KeyChanger Windows Edition
2010-03-12 23:25:44 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search
2010-03-12 19:05:27 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-03-12 19:05:27 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
2010-03-12 19:04:45 ----D---- C:\Program Files\Windows Desktop Search
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-03-12 19:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-03-07 11:57:59 ----N---- C:\WINDOWS\system32\browserchoice.exe

======List of files/folders modified in the last 1 months======

2010-04-06 00:08:02 ----RD---- C:\Program Files
2010-04-05 23:59:18 ----SHD---- C:\WINDOWS\Installer
2010-04-05 23:21:57 ----D---- C:\Program Files\Warcraft III
2010-04-05 20:29:03 ----D---- C:\Program Files\Universal Share Downloader
2010-04-05 14:42:49 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 13:28:51 ----D---- C:\Program Files\Cheat Engine
2010-04-02 19:12:05 ----D---- C:\Program Files\DOSBox-0.72
2010-04-02 11:56:19 ----AD---- C:\WINDOWS
2010-04-02 11:53:07 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2010-04-01 22:57:34 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-04-01 22:57:15 ----D---- C:\WINDOWS\Temp
2010-04-01 22:55:17 ----D---- C:\Program Files\Cain
2010-04-01 22:52:41 ----D---- C:\Program Files\Spyware Doctor
2010-04-01 19:45:03 ----D---- C:\WINDOWS\WinSxS
2010-04-01 19:44:58 ----D---- C:\WINDOWS\system32\drivers
2010-04-01 19:44:16 ----D---- C:\Program Files\Common Files
2010-04-01 03:36:56 ----D---- C:\Veci
2010-03-31 21:25:38 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2010-03-31 20:30:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-31 19:54:35 ----AC---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2010-03-31 19:54:35 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-03-31 19:11:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-31 18:20:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 15:31:52 ----D---- C:\WINDOWS\pss
2010-03-30 15:31:52 ----ASH---- C:\boot.ini
2010-03-30 15:31:52 ----AC---- C:\WINDOWS\win.ini
2010-03-30 15:31:52 ----AC---- C:\WINDOWS\system.ini
2010-03-30 10:32:24 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2010-03-30 02:10:51 ----D---- C:\WINDOWS\system32
2010-03-29 17:29:37 ----D---- C:\Documents and Settings\Admin\Application Data\skypePM
2010-03-29 00:40:55 ----D---- C:\Documents and Settings\Admin\Application Data\dvdcss
2010-03-28 23:09:28 ----AC---- C:\WINDOWS\WINCMD.INI
2010-03-28 18:42:52 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2010-03-28 17:21:43 ----HD---- C:\WINDOWS\inf
2010-03-28 17:21:01 ----SHD---- C:\System Volume Information
2010-03-28 17:19:10 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 16:48:57 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-28 16:11:54 ----D---- C:\Program Files\Total Video Converter
2010-03-21 21:21:50 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2010-03-18 00:11:26 ----AC---- C:\WINDOWS\WirelessFTP.INI
2010-03-17 22:23:33 ----D---- C:\WINDOWS\system32\Setup
2010-03-17 22:18:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 16:41:29 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-17 16:41:28 ----D---- C:\WINDOWS\Debug
2010-03-17 16:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 02:40:20 ----D---- C:\Program Files\uTorrent
2010-03-12 19:39:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-12 19:11:51 ----RSD---- C:\WINDOWS\assembly
2010-03-12 19:05:39 ----D---- C:\WINDOWS\security
2010-03-12 19:05:05 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-03-12 19:04:53 ----D---- C:\WINDOWS\system32\en-US
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\wbem
2010-03-12 13:01:21 ----D---- C:\Program Files\Movie Maker
2010-03-12 13:00:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-08 18:33:11 ----N---- C:\WINDOWS\system32\winlogon.exe
2010-03-08 18:33:11 ----AC---- C:\WINDOWS\system32\winlogon.bak
2010-03-08 13:31:20 ----D---- C:\WINDOWS\AppPatch
2010-03-08 01:09:49 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-28 296976]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-10 17801]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-12-21 30720]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-17 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-17 5888]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
R4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
S3 ahrrkhs6;ahrrkhs6; C:\WINDOWS\system32\drivers\ahrrkhs6.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-10-23 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-14 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2006-03-31 414208]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2009-09-24 259368]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-21 65536]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-26 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Z desktopu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-06 00:07:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (18%) free of 10 GB
Total RAM: 1535 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:08:17, on 6. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
D:\preberanie\RSIT.exe
D:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S4A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Pridať do Anti-Bannera - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9374E2C-A0A7-48FB-AA91-2EB658141399}: NameServer = 208.67.222.222,192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7536 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - D:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - D:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"EPSON SX100 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [2008-02-05 188928]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe [2009-12-17 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vypress Chat StartUp.lnk]
C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe [2010-03-20 12390]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-02-25 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cain\Cain.exe"="D:\Program Files\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"D:\Program Files\Vypress Chat\VyChat.exe"="D:\Program Files\Vypress Chat\VyChat.exe:*:Enabled:Vypress Chat - network chat software"
"D:\Program Files\World of Warcraft\Launcher.exe"="D:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Program Files\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61d0b010-2ae8-11df-b231-0013d4f18dec}]
shell\AutoRun\command - F:\.\Docs\print.exe
shell\explore\command - F:\.\\\\Docs/print.exe
shell\open\command - F:\Docs////print.exe


======List of files/folders created in the last 1 months======

2010-04-06 00:07:59 ----D---- D:\Program Files\trend micro
2010-04-06 00:07:58 ----D---- C:\rsit
2010-04-05 23:40:27 ----D---- C:\WINDOWS\LastGood
2010-04-02 20:57:15 ----HD---- C:\WINDOWS\PIF
2010-04-01 16:44:26 ----D---- C:\Documents and Settings\Admin\Application Data\fltk.org
2010-03-31 19:25:38 ----D---- D:\Program Files\DOSBox-0.72
2010-03-28 18:37:37 ----D---- D:\Program Files\Kaspersky Lab
2010-03-28 18:37:12 ----A---- C:\WINDOWS\kaio.INI
2010-03-27 20:34:59 ----A---- C:\WINDOWS\War3Unin.exe
2010-03-27 20:33:49 ----D---- D:\Program Files\Warcraft III
2010-03-20 23:03:23 ----D---- C:\WINDOWS\Eurobattle.net
2010-03-20 23:02:13 ----A---- C:\WINDOWS\Eurobattle.net Setup Log.txt
2010-03-20 14:29:48 ----A---- C:\WINDOWS\Uninstall Jade Empire.exe
2010-03-20 14:15:46 ----D---- D:\Program Files\Jade Empire
2010-03-20 14:12:51 ----D---- D:\Program Files\DAEMON Tools Lite
2010-03-20 14:12:33 ----D---- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
2010-03-20 14:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-03-20 13:21:36 ----D---- C:\WINDOWS\pss
2010-03-20 13:12:58 ----D---- C:\Documents and Settings\Admin\Application Data\VyPRESS
2010-03-20 13:12:53 ----D---- D:\Program Files\Vypress Chat
2010-03-11 01:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-07 03:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-07 03:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-07 03:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-07 03:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-04-06 00:08:05 ----D---- C:\WINDOWS\Prefetch
2010-04-05 23:40:35 ----D---- C:\WINDOWS\system32
2010-04-05 23:40:34 ----HD---- C:\WINDOWS\inf
2010-04-05 23:40:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-05 23:40:27 ----D---- C:\WINDOWS
2010-04-05 20:13:17 ----D---- C:\WINDOWS\Temp
2010-04-05 20:05:19 ----D---- D:\Program Files\Cheat Engine
2010-04-05 17:27:59 ----D---- D:\Program Files\outlook express
2010-04-05 17:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-05 17:21:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-04-05 16:05:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-02 20:57:18 ----A---- C:\WINDOWS\system.ini
2010-03-30 22:25:45 ----SHD---- C:\WINDOWS\Installer
2010-03-30 22:25:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-30 22:25:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-30 22:24:50 ----D---- C:\Program Files\Common Files\System
2010-03-30 22:24:46 ----A---- C:\WINDOWS\win.ini
2010-03-30 22:24:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-30 22:20:38 ----RSHD---- C:\RECYCLER
2010-03-29 21:21:46 ----D---- D:\Program Files\Cain
2010-03-28 21:45:23 ----D---- C:\Documents and Settings\Admin\Application Data\Winamp
2010-03-28 18:04:18 ----D---- D:\Program Files\World of Warcraft
2010-03-27 20:20:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-27 20:20:33 ----D---- D:\Program Files\windows media player
2010-03-20 13:23:17 ----A---- C:\boot.ini
2010-03-20 13:12:55 ----D---- C:\WINDOWS\WinSxS
2010-03-11 01:54:01 ----A---- C:\WINDOWS\imsins.BAK
2010-03-11 01:53:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 19:09:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-07 19:08:52 ----RSD---- C:\WINDOWS\assembly
2010-03-07 03:30:14 ----D---- C:\WINDOWS\system32\drivers
2010-03-07 03:29:17 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-02-16 315408]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-16 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-16 18048]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-19 602880]
R3 ULI5261;ULi Based Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-07-20 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-07-19 59392]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-07-20 17152]
S3 anjnng20;anjnng20; C:\WINDOWS\system32\drivers\anjnng20.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-02-25 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-02-25 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-03-01 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

[Unlimited_Killer]

Přesně jak jste říkal, pravděpodobně je havěť na flash disku + možná jeden rootkit.

1) Zapojte do PC všechny flash disky, externí disky atp.

2) UsbFix

• Stáhněte a uložte na Plochu UsbFix.
• Spusťte jej, chvíle bude trvat, než se program načte.
• Po spuštění okna s černým pozadím stiskněte 'E' a potvrďte klávesou 'Enter'.
• Nyní stiskněte '2' a opět potvrďte klávesou 'Enter'.
• Program nyní bude pracovat a počítač bude restartován.
• Po restartu program otevře Poznámkový blok s logem, jehož obsah sem ve formě textu vkopírujete.
• Pokud se Vám log neotevře, naleznete jej v C:\UsbFix.txt.

[hrban666]

tu je log z NB
############################## | UsbFix V6.100 |

User : Admin (Administrators) # LAMA-LAPTOP
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 7:21:50 | 6. 4. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.463 [ Enabled | (!) Outdated ]
FW : Kaspersky Internet Security[ Enabled ]9.0.0.463

C:\ -> Local Fixed Disk # 270,08 Go (9,89 Go free) [Disk] # NTFS
D:\ -> Removable Disk
E:\ -> CD-ROM Disc
F:\ -> CD-ROM Disc
G:\ -> Removable Disk # 965,58 Mo (906,89 Mo free) [INTENSO USB] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Documents and Settings\Admin\templates\winchost.exe
Deleted ! C:\WINDOWS\regedit.com
Deleted ! C:\$Recycle.Bin\S-1-5-21-1774395433-2282928337-3610084813-1000
Deleted ! C:\Recycler\S-1-5-21-1757981266-920026266-839522115-1003
Deleted ! C:\Recycler\S-1-5-21-2000478354-1284227242-839522115-1003

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{28eca089-b5c9-11de-99db-00120e297bad}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{32b6c2a8-dc37-11de-9a08-00120e297bad}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{beb60f15-be73-11de-99e6-00120e297bad}\Shell\AutoRun\Command

################## | Listing of the present files |

[28. 03. 2010 16:48|--a------|10] C:\23990098.$$$
[30. 03. 2010 15:31|--ahs----|201] C:\boot.ini
[24. 08. 2009 11:31|--a------|201] C:\bootini.uns
[22. 04. 2009 07:28|-rahs----|383200] C:\bootmgr
[13. 05. 2009 08:05|-rahs----|8192] C:\BOOTSECT.BAK
[14. 05. 2009 20:47|---------|10072] C:\bootsqm.dat
[10. 10. 2009 02:40|--a------|299] C:\clony.txt
[14. 04. 2008 14:00|-r-hs----|260288] C:\cmldr
[20. 03. 2009 17:42|--a------|10] C:\config.sys
[26. 02. 2010 22:24|--a------|486] C:\debugInstaller.txt
[10. 10. 2009 03:52|--a------|763] C:\DISK2.txt
[19. 08. 2009 08:21|-r-hs----|23510720] C:\dotnetfx.exe
[07. 12. 2009 18:38|--a------|2393] C:\H3_disk2.txt
[?|?|?] C:\hiberfil.sys
[21. 01. 2009 18:01|-rahs----|0] C:\IO.SYS
[21. 01. 2009 18:01|-rahs----|0] C:\MSDOS.SYS
[14. 04. 2008 14:00|-rahs----|47564] C:\NTDETECT.COM
[14. 04. 2008 14:00|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[02. 09. 2009 23:54|--a------|3932184] C:\snp2uvc-001.raw
[06. 04. 2010 07:29|--a------|2612] C:\UsbFix.txt
[23. 03. 2010 12:50|--a------|135] G:\Nově objekt - Textově dokument.txt
[16. 02. 2010 18:44|--a------|16270] G:\WirelessKeyView.chm
[16. 02. 2010 18:29|--a------|48128] G:\WirelessKeyView.exe
[23. 03. 2010 12:50|--a------|325] G:\WirelessKeyView.cfg

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_LAMA-LAPTOP.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.100 ! |

[Unlimited_Killer]

0K, pokračujeme. ↓

1) ComboFix

• Stáhněte a uložte na Plochu ComboFix.
• Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
• Spusťte ho s administrátorským oprávněním.
• Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
• Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
• Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
• Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
• Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
• Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
• Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt

[hrban666]

ComboFix 10-04-05.06 - Admin . 04. 2010 19:16:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2943.2483 [GMT 2:00]
Running from: c:\documents and settings\Admin\My Documents\Preberanie\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\detoured.dll
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\OGACheckControl.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\winlogon.bak
c:\windows\system32\wmcache.nld

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 05:30 . 2010-04-06 05:30 9199677 ----a-w- C:\UsbFix_Upload_Me_LAMA-LAPTOP.zip
2010-04-06 05:16 . 2010-04-06 05:30 -------- d-----w- C:\UsbFix
2010-04-05 22:08 . 2010-04-05 22:08 -------- d-----w- c:\program files\trend micro
2010-04-05 22:08 . 2010-04-05 22:08 -------- d-----w- C:\rsit
2010-04-05 21:59 . 2010-04-05 21:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-05 21:59 . 2010-04-05 21:59 -------- d-----w- c:\program files\HJT
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\program files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\windows\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 08:38 . 2010-04-02 08:38 -------- d-----w- c:\program files\Virtual Villagers - The Secret City
2010-04-01 18:02 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-01 18:02 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-01 18:02 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-01 18:02 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-01 18:02 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-01 18:02 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-01 17:44 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-01 17:44 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-01 17:44 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-01 17:44 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-01 17:44 . 2010-04-01 18:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
2010-03-31 18:30 . 2010-03-31 18:30 -------- d-----w- c:\program files\ESET
2010-03-28 15:58 . 2010-03-28 15:58 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-03-28 15:58 . 2010-03-28 15:58 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-03-28 15:58 . 2010-03-28 15:58 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-03-28 15:58 . 2010-03-28 15:58 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-03-28 15:58 . 2010-03-28 15:58 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:56 . 2010-03-28 15:56 109072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 59920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:43 . 2010-03-28 23:23 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-28 15:28 . 2010-03-28 15:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-03-28 15:22 . 2010-03-28 15:56 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-28 15:22 . 2010-03-28 15:56 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-28 15:19 . 2010-04-06 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-28 15:19 . 2010-03-28 15:19 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-28 15:03 . 2010-03-28 15:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-28 14:48 . 2010-03-28 14:49 6843373 ----a-w- c:\windows\REGBK02.ZIP
2010-03-21 19:21 . 2010-03-21 19:21 128 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\fusioncache.dat
2010-03-18 15:35 . 2005-09-18 00:32 5376 ----a-w- c:\windows\system32\antiwpa.dll
2010-03-18 14:59 . 2010-03-28 21:48 -------- d-----w- c:\program files\OpenTTD
2010-03-17 20:18 . 2007-06-11 13:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-03-17 20:18 . 2007-04-24 12:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-03-17 20:18 . 2007-03-01 15:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-03-17 20:18 . 2006-11-20 16:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-03-17 20:18 . 2005-01-06 12:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-03-17 20:18 . 2007-05-24 13:27 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-03-17 20:18 . 2007-01-22 09:43 53376 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys
2010-03-17 20:18 . 2006-10-10 18:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-03-17 20:18 . 2010-03-17 20:18 -------- d-----w- c:\program files\Toshiba
2010-03-17 16:54 . 2010-03-17 16:54 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-03-17 12:15 . 2010-03-17 17:16 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-17 12:10 . 2010-03-17 12:10 -------- d--h--w- c:\windows\PIF
2010-03-13 11:48 . 2010-03-13 11:48 -------- d-----w- c:\program files\KeyChanger Windows Edition
2010-03-13 11:48 . 2010-03-13 11:48 -------- d-----w- c:\windows\KeyChanger Windows Edition
2010-03-12 21:25 . 2010-03-12 21:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
2010-03-12 17:05 . 2010-03-12 17:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2010-03-12 17:04 . 2010-03-13 07:41 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-12 17:04 . 2010-03-12 17:04 -------- d-----w- c:\windows\system32\GroupPolicy
2010-03-12 17:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-12 17:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-12 17:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-03-12 10:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 17:34 . 2009-08-12 20:31 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-04-06 17:32 . 2009-10-18 13:17 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-04-06 10:54 . 2009-10-02 13:19 -------- d-----w- c:\program files\Warcraft III
2010-04-06 10:26 . 2009-05-14 07:38 -------- d-----w- c:\program files\DOSBox-0.72
2010-04-05 22:57 . 2009-10-17 12:54 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2010-04-05 18:29 . 2009-08-18 20:02 -------- d-----w- c:\program files\Universal Share Downloader
2010-04-05 11:28 . 2009-05-14 18:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-01 20:55 . 2009-09-19 20:03 -------- d-----w- c:\program files\Cain
2010-04-01 20:52 . 2009-07-28 09:12 -------- d-----w- c:\program files\Spyware Doctor
2010-03-31 19:25 . 2009-12-10 19:38 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-03-31 17:15 . 2009-10-02 13:21 157113 -c--a-w- c:\windows\War3Unin.dat
2010-03-30 08:32 . 2010-01-17 13:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-03-30 07:29 . 2009-08-10 22:21 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-30 07:29 . 2009-08-10 22:21 2970 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-29 15:29 . 2010-01-17 13:44 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-03-28 22:40 . 2009-12-30 14:34 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-03-28 14:48 . 2009-08-24 09:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-28 14:11 . 2010-02-25 21:11 -------- d-----w- c:\program files\Total Video Converter
2010-03-14 00:40 . 2009-08-12 20:32 -------- d-----w- c:\program files\uTorrent
2010-03-08 21:29 . 2009-08-11 07:48 73920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2009-08-12 19:17 -------- d--h--w- c:\documents and settings\Admin\Application Data\IFViewer
2010-02-26 20:43 . 2010-02-26 20:43 -------- d-----w- c:\program files\PowerISO
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\program files\EA GAMES
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-02-24 08:23 . 2010-02-14 22:06 -------- d-----w- c:\program files\Sony Ericsson
2010-02-24 08:21 . 2010-01-17 13:40 -------- d-----r- c:\program files\Skype
2010-02-24 08:16 . 2009-05-13 09:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-24 08:16 . 2009-05-12 20:36 -------- d-----w- c:\program files\ASUS
2010-02-24 08:15 . 2009-12-27 19:59 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
2010-02-21 20:48 . 2010-02-06 21:23 -------- d-----w- c:\program files\nLite
2010-02-20 19:29 . 2010-02-20 19:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Mikrotik
2010-02-18 10:23 . 2010-02-15 08:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2010-02-15 19:29 . 2010-02-15 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2010-02-15 08:54 . 2009-10-30 16:17 -------- d-----w- c:\program files\Nero
2010-02-15 08:53 . 2009-10-30 16:17 -------- d-----w- c:\program files\Common Files\Nero
2010-02-15 08:42 . 2010-02-15 08:42 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4\Application Data\Nero
2010-02-15 08:42 . 2009-10-30 16:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ashampoo
2010-02-12 10:03 . 2010-03-07 09:57 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-06 21:38 . 2009-11-11 12:16 -------- d-----w- c:\documents and settings\Admin\Application Data\Download Manager
2010-02-06 19:40 . 2009-05-12 20:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 16:09 . 2010-02-07 18:15 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-01-21 16:09 . 2010-02-07 18:15 101376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-17 13:44 . 2010-01-17 13:44 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-10-05 17:34 . 2010-01-24 19:23 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Random Wallpapers"="c:\program files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe" [2004-05-07 1331712]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-13 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-23 376921]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-12-29 25214]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Veci\\New folder\\GHostOne\\GHostOne.exe"=
"c:\\Veci\\New folder\\GHostOne\\ghost.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Users\\Admin\\My Documents\\Preberanie\\winbox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4299:TCP"= 4299:TCP:ciioe

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15. 12. 2008 20:41 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1. 4. 2010 19:44 217032]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11. 8. 2009 10:04 721904]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1. 4. 2010 20:02 112592]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23. 12. 2008 17:35 50704]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7. 8. 2003 17:42 6528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13. 5. 2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16. 5. 2009 20:59 19472]
S2 xmlsny;Universal System;c:\windows\system32\svchost.exe -k netsvcs [4. 8. 2004 4:56 14336]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1. 4. 2010 19:44 366840]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
TCP: {4D590507-BED2-4B7D-A4C5-0C4E002340CD} = 192.108.131.11,194.160.44.11
TCP: {6035E575-58B2-4E24-B5B0-1D8C37A71294} = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-ccc-core-static - msiexec
AddRemove-QIP Smilies by Morpheus 3.00 - c:\program files\QIP Infium\Smilies\QIP Infium smilies\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 19:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spno.sys >>UNKNOWN [0x8AE5D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7475cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlsny]
"ServiceDll"="c:\windows\system32\gscdvwjf.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1152)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\MicroWorld\Agent\MWASER.EXE
c:\program files\Common Files\MicroWorld\Agent\MWAgent.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-04-06 19:40:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 17:40

Pre-Run: 10 437 677 056 bytes free
Post-Run: 10 330 210 304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /Execute /fastdetect

- - End Of File - - 73A6B71B715DFFF44E8B7A9BEDA655FC

[Unlimited_Killer]

0K.

1) Skript do ComboFix-u

• Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něj vkopírujte následující text:

  Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\system32\antiwpa.dll
  c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk 
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "uTorrent"=-
  
  Collect::
  c:\windows\system32\gscdvwjf.dll
  
  Folder::
  c:\program files\Get Styles
  
  DDS::
  IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
  
  Extra::
  
  FireFox::
  FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\
  FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
  
  Driver::
  xmlsny
  anjnng20
  
  Reboot::

• Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
• Přetáhněte tento soubor nad ComboFix a pusťte ho.
• I tento soubor, i ComboFix musí být na Ploše!
  
• ComboFix se spustí a vykoná příkazy ze skriptu.
• Počítač bude pravděpodobně restartován.
• Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

2) Laskavě si pořiďte legální systém, příště Vám nebude poskytnuta rada!

• Z toho vyplývá → odinstalujte program KeyChanger Windows Edition.

3) VirusTotal

• Otestujte na VirusTotal soubory:

  Kód: Vybrat vše

  c:\windows\system32\ezsidmv.dat

• Jednoduše tam vkopírujete cesty, co jsem napsal do code.
• Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
• Poté sem vložíte linky (odkazy) na jednotlivé testy.

4) Znáte následující port?

• Kód: Vybrat vše

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "4299:TCP"= 4299:TCP:ciioe

5) Znáte následující IP?

• Kód: Vybrat vše

  8.8.8.8

[hrban666]

1. log
ComboFix 10-04-05.06 - Admin . 04. 2010 20:53:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2943.2495 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk"
"c:\windows\system32\antiwpa.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\qippipe.dll
c:\windows\system32\antiwpa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XMLSNY
-------\Service_xmlsny


((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 05:30 . 2010-04-06 05:30 9199677 ----a-w- C:\UsbFix_Upload_Me_LAMA-LAPTOP.zip
2010-04-06 05:16 . 2010-04-06 05:30 -------- d-----w- C:\UsbFix
2010-04-05 22:08 . 2010-04-05 22:08 -------- d-----w- c:\program files\trend micro
2010-04-05 22:08 . 2010-04-05 22:08 -------- d-----w- C:\rsit
2010-04-05 21:59 . 2010-04-05 21:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-05 21:59 . 2010-04-05 21:59 -------- d-----w- c:\program files\HJT
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\program files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\windows\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 08:38 . 2010-04-02 08:38 -------- d-----w- c:\program files\Virtual Villagers - The Secret City
2010-04-01 18:02 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-01 18:02 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-01 18:02 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-01 18:02 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-01 18:02 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-01 18:02 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-01 17:44 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-01 17:44 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-01 17:44 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-01 17:44 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-01 17:44 . 2010-04-01 18:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
2010-03-31 18:30 . 2010-03-31 18:30 -------- d-----w- c:\program files\ESET
2010-03-28 15:58 . 2010-03-28 15:58 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-03-28 15:58 . 2010-03-28 15:58 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-03-28 15:58 . 2010-03-28 15:58 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-03-28 15:58 . 2010-03-28 15:58 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-03-28 15:58 . 2010-03-28 15:58 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:56 . 2010-03-28 15:56 109072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 59920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:43 . 2010-03-28 23:23 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-28 15:28 . 2010-03-28 15:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-03-28 15:22 . 2010-03-28 15:56 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-28 15:22 . 2010-03-28 15:56 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-28 15:19 . 2010-04-06 19:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-28 15:19 . 2010-03-28 15:19 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-28 15:03 . 2010-03-28 15:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-28 14:48 . 2010-03-28 14:49 6843373 ----a-w- c:\windows\REGBK02.ZIP
2010-03-21 19:21 . 2010-03-21 19:21 128 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\fusioncache.dat
2010-03-18 14:59 . 2010-03-28 21:48 -------- d-----w- c:\program files\OpenTTD
2010-03-17 20:18 . 2007-06-11 13:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-03-17 20:18 . 2007-04-24 12:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-03-17 20:18 . 2007-03-01 15:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-03-17 20:18 . 2006-11-20 16:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-03-17 20:18 . 2005-01-06 12:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-03-17 20:18 . 2007-05-24 13:27 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-03-17 20:18 . 2007-01-22 09:43 53376 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys
2010-03-17 20:18 . 2006-10-10 18:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-03-17 20:18 . 2010-03-17 20:18 -------- d-----w- c:\program files\Toshiba
2010-03-17 16:54 . 2010-03-17 16:54 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-03-17 12:15 . 2010-03-17 17:16 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-17 12:10 . 2010-03-17 12:10 -------- d--h--w- c:\windows\PIF
2010-03-13 11:48 . 2010-04-06 18:26 -------- d-----w- c:\program files\KeyChanger Windows Edition
2010-03-13 11:48 . 2010-03-13 11:48 -------- d-----w- c:\windows\KeyChanger Windows Edition
2010-03-12 21:25 . 2010-03-12 21:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
2010-03-12 17:05 . 2010-03-12 17:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2010-03-12 17:04 . 2010-03-13 07:41 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-12 17:04 . 2010-03-12 17:04 -------- d-----w- c:\windows\system32\GroupPolicy
2010-03-12 17:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-12 17:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-12 17:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-03-12 10:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 19:03 . 2009-10-18 13:17 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-04-06 18:03 . 2009-10-17 12:54 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2010-04-06 17:58 . 2009-08-12 20:31 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-04-06 10:54 . 2009-10-02 13:19 -------- d-----w- c:\program files\Warcraft III
2010-04-06 10:26 . 2009-05-14 07:38 -------- d-----w- c:\program files\DOSBox-0.72
2010-04-05 18:29 . 2009-08-18 20:02 -------- d-----w- c:\program files\Universal Share Downloader
2010-04-05 11:28 . 2009-05-14 18:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-01 20:55 . 2009-09-19 20:03 -------- d-----w- c:\program files\Cain
2010-04-01 20:52 . 2009-07-28 09:12 -------- d-----w- c:\program files\Spyware Doctor
2010-03-31 19:25 . 2009-12-10 19:38 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-03-31 17:15 . 2009-10-02 13:21 157113 -c--a-w- c:\windows\War3Unin.dat
2010-03-30 08:32 . 2010-01-17 13:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-03-30 07:29 . 2009-08-10 22:21 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-30 07:29 . 2009-08-10 22:21 2970 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-29 15:29 . 2010-01-17 13:44 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-03-28 22:40 . 2009-12-30 14:34 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-03-28 14:48 . 2009-08-24 09:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-28 14:11 . 2010-02-25 21:11 -------- d-----w- c:\program files\Total Video Converter
2010-03-14 00:40 . 2009-08-12 20:32 -------- d-----w- c:\program files\uTorrent
2010-03-08 21:29 . 2009-08-11 07:48 73920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2009-08-12 19:17 -------- d--h--w- c:\documents and settings\Admin\Application Data\IFViewer
2010-02-26 20:43 . 2010-02-26 20:43 -------- d-----w- c:\program files\PowerISO
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\program files\EA GAMES
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-02-24 08:23 . 2010-02-14 22:06 -------- d-----w- c:\program files\Sony Ericsson
2010-02-24 08:21 . 2010-01-17 13:40 -------- d-----r- c:\program files\Skype
2010-02-24 08:16 . 2009-05-13 09:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-24 08:16 . 2009-05-12 20:36 -------- d-----w- c:\program files\ASUS
2010-02-24 08:15 . 2009-12-27 19:59 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
2010-02-21 20:48 . 2010-02-06 21:23 -------- d-----w- c:\program files\nLite
2010-02-20 19:29 . 2010-02-20 19:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Mikrotik
2010-02-18 10:23 . 2010-02-15 08:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2010-02-15 19:29 . 2010-02-15 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2010-02-15 08:54 . 2009-10-30 16:17 -------- d-----w- c:\program files\Nero
2010-02-15 08:53 . 2009-10-30 16:17 -------- d-----w- c:\program files\Common Files\Nero
2010-02-15 08:42 . 2010-02-15 08:42 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4\Application Data\Nero
2010-02-15 08:42 . 2009-10-30 16:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ashampoo
2010-02-12 10:03 . 2010-03-07 09:57 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-06 21:38 . 2009-11-11 12:16 -------- d-----w- c:\documents and settings\Admin\Application Data\Download Manager
2010-02-06 19:40 . 2009-05-12 20:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 16:09 . 2010-02-07 18:15 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-01-21 16:09 . 2010-02-07 18:15 101376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-17 13:44 . 2010-01-17 13:44 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Random Wallpapers"="c:\program files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe" [2004-05-07 1331712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-23 376921]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-12-29 25214]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Veci\\New folder\\GHostOne\\GHostOne.exe"=
"c:\\Veci\\New folder\\GHostOne\\ghost.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Users\\Admin\\My Documents\\Preberanie\\winbox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4299:TCP"= 4299:TCP:ciioe

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15. 12. 2008 20:41 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1. 4. 2010 19:44 217032]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11. 8. 2009 10:04 721904]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1. 4. 2010 20:02 112592]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23. 12. 2008 17:35 50704]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7. 8. 2003 17:42 6528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13. 5. 2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16. 5. 2009 20:59 19472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1. 4. 2010 19:44 366840]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
TCP: {4D590507-BED2-4B7D-A4C5-0C4E002340CD} = 192.108.131.11,194.160.44.11
TCP: {6035E575-58B2-4E24-B5B0-1D8C37A71294} = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 21:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spzh.sys >>UNKNOWN [0x8AE5D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7475cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1136)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\MicroWorld\Agent\MWASER.EXE
c:\program files\Common Files\MicroWorld\Agent\MWAgent.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-04-06 21:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 19:11
ComboFix2.txt 2010-04-06 17:40

Pre-Run: 13 573 189 632 bytes free
Post-Run: 13 533 315 072 bytes free

- - End Of File - - 6ABE354D5E1F20B07641FC9479937FC1


3. link (dúfam, že správny)
http://www.virustotal.com/cs/analisis/4 ... 1270579342

4.ten port som určite ja neotváral takže ho zavriem

5.tá IP je Google public DNS začal som ho používať cca pred pol rokom

[Unlimited_Killer]

Omlouvám se za prodlevu, pokračujeme. ↓

1) OTMoveit3

• Stáhněte OTM3 na Plochu.
• Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
• Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

  Kód: Vybrat vše

  :processes
  explorer.exe
  
  :reg
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "4299:TCP"=-
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
  
  :commands
  [emptytemp]
  [emptyflash]
  [reboot]

• Poté klikněte na červené tlačítko 'MoveIt!'.
• V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
• Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
• Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) Odinstalace virtuálních mechanik

• Odinstalujte všechny virtuální mechaniky - například Alcohol, DeamonTools atd.

3) Odinstalace SPTD

• Přejděte na tento odkaz.
• Zde si stáhněte verzi SPTD dle Vašeho operačního systému (XP/Vista/W7 - 32/64bit).
• Stažený soubor dvojklikem spusťte.
• Klikněte na prostřední tlačítko 'Uninstall'.
• Restartujte PC.

4) MBR.exe

• Stáhněte MBR.exe na Plochu.
• Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:

  Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Nyní stiskněte 'Enter'.
• Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.

5) GMER

• Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
• Několik sekund bude skenovat.
• Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
• Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.

6) Random's System Information Tool

• Stáhněte a uložte na Plochu RSIT.
• Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
• Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
• Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
• Obsah tohoto logu vložte do svého příspěvku.

[hrban666]

LOG z OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003341_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP214.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP69D.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 3026909 bytes
->Temporary Internet Files folder emptied: 266755 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68402700 bytes
->Flash cache emptied: 1706 bytes

User: All Users

User: All Users.WINDOWS

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: lama

User: lama.LAMA-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3234249 bytes
->Flash cache emptied: 75 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: localservice.WINDOWS

User: NeroMediaHomeUser.4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public

User: remoteservice.WINDOWS

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 290410 bytes

Total Files Cleaned = 72,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04092010_120723

Files moved on Reboot...

Registry entries deleted on Reboot...

(ten príkaz na odobratie portu nefungoval tak som to odobral ručne)

2.)
odinštalované DaemonTools a CloneCD

3.)
odinštalované

4.)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
5.a)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-09 12:49:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxdirpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAD88EE3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAD88EEE4]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
5.b)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-09 22:17:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxdirpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAD31536E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAD315A86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAD31660C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAD316B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAD315D78]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF745AE64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAD316A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAD313D0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAD3168D4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF743AEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF743B0E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAD315102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAD316C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAD31840E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAD315886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAD316976]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745B652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745B906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAD31621C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAD318980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAD314E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAD314EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAD316016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAD317EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAD31443C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAD31444E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAD315030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAD316BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAD315B08]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7459B64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAD316AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAD31556E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAD318438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAD316D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAD315492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAD314F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAD314BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAD3148BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAD318128]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745BD72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAD3140C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAD31709E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAD316F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAD317C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAD314224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAD318860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAD313EC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAD316312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAD315984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAD3175F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAD317FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAD3184C2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745B124]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAD3185A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAD3186D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAD317DD2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF743AB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAD31563C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAD3157C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [D4, 68, 31, AD, EE, AE, 43, ...]
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [02, 51, 31, AD, 72, 6C, 31, ...] {ADD DL, [ECX+0x31]; LODSD ; JB 0x72; XOR [EBP-0x52ce7bf2], EBP; XCHG [EAX+0x31], BL; LODSD }
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [A6, 7E, 31, AD, 3C, 44, 31, ...] {CMPSB ; JLE 0x34; LODSD ; CMP AL, 0x44; XOR [EBP-0x52cebbb2], EBP}
.text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [72, BD, 45, F7, C2, 40, 31, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [A6, 85, 31, AD, D2, 86, 31, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AD30A7DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AD30A424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[972] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[972] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[972] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 32, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1320] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1320] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1320] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\WINDOWS\system32\SearchIndexer.exe[1384] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\ip6fw.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwrdr.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] [BA31B820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\swmidi.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [BA31B6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [00408A00] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [00408A00] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [004086A0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [00408A00] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xB4 0x64 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xB4 0x64 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD0 0xEF 0x5A 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0x36 0x2C 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@DisplayName Universal System
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\xmlsny\Parameters@ServiceDll C:\WINDOWS\system32\gscdvwjf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xB4 0x64 0x92 ...

---- EOF - GMER 1.0.15 ----

[hrban666]

6.)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-09 22:18:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (5%) free of 277 GB
Total RAM: 2943 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:17, on 9. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\Admin\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Admin.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Random Wallpapers] C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D590507-BED2-4B7D-A4C5-0C4E002340CD}: NameServer = 192.108.131.11,194.160.44.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6035E575-58B2-4E24-B5B0-1D8C37A71294}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10363 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2010-03-28 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-10-23 376921]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Random Wallpapers"=C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe [2004-05-07 1331712]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\Veci\New folder\GHostOne\GHostOne.exe"="C:\Veci\New folder\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot"
"C:\Veci\New folder\GHostOne\ghost.exe"="C:\Veci\New folder\GHostOne\ghost.exe:*:Enabled:ghost"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE"="C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe"="C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4"
"C:\Users\Admin\My Documents\Preberanie\winbox.exe"="C:\Users\Admin\My Documents\Preberanie\winbox.exe:*:Enabled:winbox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Cain\Cain.exe"="C:\Program Files\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-09 12:07:23 ----D---- C:\_OTM
2010-04-08 14:16:11 ----D---- C:\Program Files\Oldgames
2010-04-08 13:38:32 ----AD---- C:\Battle
2010-04-07 23:18:30 ----SHD---- C:\RECYCLER
2010-04-06 22:04:37 ----D---- C:\Documents and Settings\Admin\Application Data\Facebook
2010-04-06 21:11:15 ----A---- C:\ComboFix.txt
2010-04-06 21:00:58 ----D---- C:\WINDOWS\temp
2010-04-06 19:12:50 ----A---- C:\Boot.bak
2010-04-06 19:12:32 ----RASHD---- C:\cmdcons
2010-04-06 19:04:55 ----A---- C:\WINDOWS\SWREG.exe
2010-04-06 19:04:55 ----A---- C:\WINDOWS\PEV.exe
2010-04-06 19:04:55 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-06 19:04:55 ----A---- C:\WINDOWS\MBR.exe
2010-04-06 19:04:54 ----A---- C:\WINDOWS\zip.exe
2010-04-06 19:04:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-06 19:04:54 ----A---- C:\WINDOWS\SWSC.exe
2010-04-06 19:04:54 ----A---- C:\WINDOWS\sed.exe
2010-04-06 19:04:54 ----A---- C:\WINDOWS\grep.exe
2010-04-06 19:03:33 ----D---- C:\WINDOWS\ERDNT
2010-04-06 18:57:57 ----D---- C:\Qoobox
2010-04-06 07:29:58 ----RAD---- C:\autorun.inf
2010-04-06 07:21:35 ----A---- C:\UsbFix.txt
2010-04-06 07:16:54 ----D---- C:\UsbFix
2010-04-06 00:08:02 ----D---- C:\Program Files\trend micro
2010-04-06 00:08:01 ----D---- C:\rsit
2010-04-05 23:59:17 ----D---- C:\Program Files\HJT
2010-04-02 11:56:19 ----D---- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 11:56:19 ----D---- C:\Program Files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 10:38:15 ----D---- C:\Program Files\Virtual Villagers - The Secret City
2010-04-01 20:02:32 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-01 20:02:31 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-01 19:44:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\Admin\Application Data\PC Tools
2010-03-31 20:30:07 ----D---- C:\Program Files\ESET
2010-03-28 17:19:55 ----D---- C:\Program Files\Kaspersky Lab
2010-03-28 17:19:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-28 17:13:41 ----D---- C:\WINDOWS\Prefetch
2010-03-28 17:08:58 ----A---- C:\WINDOWS\kaio.INI
2010-03-28 17:03:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-18 17:40:12 ----A---- C:\WINDOWS\system32\wpa.bak
2010-03-18 16:59:47 ----D---- C:\Program Files\OpenTTD
2010-03-17 22:18:19 ----D---- C:\Program Files\Toshiba
2010-03-17 14:23:25 ----D---- C:\WINDOWS\Minidump
2010-03-17 14:10:38 ----HD---- C:\WINDOWS\PIF
2010-03-13 13:48:25 ----D---- C:\WINDOWS\KeyChanger Windows Edition
2010-03-13 13:48:25 ----D---- C:\Program Files\KeyChanger Windows Edition
2010-03-12 23:25:44 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search
2010-03-12 19:05:27 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-03-12 19:05:27 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
2010-03-12 19:04:45 ----D---- C:\Program Files\Windows Desktop Search
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-03-12 19:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

======List of files/folders modified in the last 1 months======

2010-04-09 22:18:17 ----D---- C:\Program Files\Mozilla Firefox
2010-04-09 21:23:51 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-04-09 21:23:48 ----AC---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2010-04-09 20:18:20 ----AD---- C:\WINDOWS
2010-04-09 20:17:48 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-04-09 12:33:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-09 12:30:39 ----D---- C:\WINDOWS\system32\drivers
2010-04-09 12:29:45 ----RD---- C:\Program Files
2010-04-09 12:27:00 ----D---- C:\WINDOWS\system32
2010-04-09 12:08:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-09 01:02:25 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2010-04-08 22:51:16 ----D---- C:\Program Files\Warcraft III
2010-04-08 20:21:03 ----D---- C:\Program Files\Cheat Engine
2010-04-08 17:52:49 ----D---- C:\Program Files\DOSBox-0.72
2010-04-07 21:01:01 ----AC---- C:\WINDOWS\WirelessFTP.INI
2010-04-07 20:40:21 ----SHD---- C:\WINDOWS\Installer
2010-04-06 21:05:34 ----A---- C:\WINDOWS\system.ini
2010-04-06 21:01:26 ----D---- C:\WINDOWS\system32\config
2010-04-06 20:58:27 ----D---- C:\WINDOWS\AppPatch
2010-04-06 20:58:20 ----D---- C:\Program Files\Common Files
2010-04-06 20:03:47 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2010-04-06 19:58:34 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2010-04-06 19:12:50 ----RASH---- C:\boot.ini
2010-04-06 19:04:44 ----SHD---- C:\System Volume Information
2010-04-06 19:04:44 ----D---- C:\WINDOWS\system32\Restore
2010-04-05 20:29:03 ----D---- C:\Program Files\Universal Share Downloader
2010-04-01 22:55:17 ----D---- C:\Program Files\Cain
2010-04-01 22:52:41 ----D---- C:\Program Files\Spyware Doctor
2010-04-01 19:45:03 ----D---- C:\WINDOWS\WinSxS
2010-04-01 03:36:56 ----D---- C:\Veci
2010-03-31 20:30:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-30 15:31:52 ----D---- C:\WINDOWS\pss
2010-03-30 15:31:52 ----AC---- C:\WINDOWS\win.ini
2010-03-30 10:32:24 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2010-03-29 17:29:37 ----D---- C:\Documents and Settings\Admin\Application Data\skypePM
2010-03-29 00:40:55 ----D---- C:\Documents and Settings\Admin\Application Data\dvdcss
2010-03-28 23:09:28 ----AC---- C:\WINDOWS\WINCMD.INI
2010-03-28 17:21:43 ----HD---- C:\WINDOWS\inf
2010-03-28 17:19:10 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 16:48:57 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-28 16:11:54 ----D---- C:\Program Files\Total Video Converter
2010-03-21 21:21:50 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2010-03-17 22:23:33 ----D---- C:\WINDOWS\system32\Setup
2010-03-17 22:18:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 16:41:29 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-17 16:41:28 ----D---- C:\WINDOWS\Debug
2010-03-17 16:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 02:40:20 ----D---- C:\Program Files\uTorrent
2010-03-12 19:39:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-12 19:11:51 ----RSD---- C:\WINDOWS\assembly
2010-03-12 19:05:39 ----D---- C:\WINDOWS\security
2010-03-12 19:05:05 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-03-12 19:04:53 ----D---- C:\WINDOWS\system32\en-US
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\wbem
2010-03-12 13:01:21 ----D---- C:\Program Files\Movie Maker
2010-03-12 13:00:17 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-28 296976]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-10 17801]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-12-21 30720]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-17 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-17 5888]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 pxdirpow;pxdirpow; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\pxdirpow.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-10-23 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2006-03-31 414208]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2009-09-24 259368]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-21 65536]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-14 153376]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-26 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Unlimited_Killer]

Pokračujeme. ↓

1) Skript do ComboFix-u

• Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něj vkopírujte následující text:

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "4299:TCP"=-
  [-HKLM\SYSTEM\ControlSet002\Services\xmlsny]
  
  Driver::
  JavaQuickStarterService
  
  Reboot::

• Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
• Přetáhněte tento soubor nad ComboFix a pusťte ho.
• I tento soubor, i ComboFix musí být na Ploše!
  
• ComboFix se spustí a vykoná příkazy ze skriptu.
• Počítač bude pravděpodobně restartován.
• Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

[hrban666]

ComboFix 10-04-05.06 - Admin . 04. 2010 11:39:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2943.2293 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_JavaQuickStarterService


((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-09 10:07 . 2010-04-09 10:07 -------- d-----w- C:\_OTM
2010-04-08 12:16 . 2010-04-08 12:17 -------- d-----w- c:\program files\Oldgames
2010-04-08 11:38 . 2010-04-08 15:22 -------- d---a-w- C:\Battle
2010-04-06 20:04 . 2010-04-06 20:04 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe
2010-04-06 20:04 . 2010-04-06 20:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Facebook
2010-04-06 05:30 . 2010-04-06 05:30 9199677 ----a-w- C:\UsbFix_Upload_Me_LAMA-LAPTOP.zip
2010-04-06 05:16 . 2010-04-06 05:30 -------- d-----w- C:\UsbFix
2010-04-05 22:08 . 2010-04-09 20:20 -------- d-----w- c:\program files\trend micro
2010-04-05 22:08 . 2010-04-05 22:08 -------- d-----w- C:\rsit
2010-04-05 21:59 . 2010-04-05 21:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-05 21:59 . 2010-04-05 21:59 -------- d-----w- c:\program files\HJT
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\program files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 09:56 . 2010-04-02 09:56 -------- d-----w- c:\windows\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 08:38 . 2010-04-02 08:38 -------- d-----w- c:\program files\Virtual Villagers - The Secret City
2010-04-01 18:02 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-01 18:02 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-01 18:02 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-01 18:02 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-01 18:02 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-01 18:02 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-01 17:44 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-01 17:44 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-01 17:44 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-01 17:44 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-01 17:44 . 2010-04-01 18:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 17:44 . 2010-04-01 17:44 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
2010-03-31 18:30 . 2010-03-31 18:30 -------- d-----w- c:\program files\ESET
2010-03-28 15:58 . 2010-03-28 15:58 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-03-28 15:58 . 2010-03-28 15:58 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-03-28 15:58 . 2010-03-28 15:58 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-03-28 15:58 . 2010-03-28 15:58 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-03-28 15:58 . 2010-03-28 15:58 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:56 . 2010-03-28 15:56 109072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-03-28 15:56 . 2010-03-28 15:56 59920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-03-28 15:56 . 2010-03-28 15:56 264720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-03-28 15:43 . 2010-03-28 23:23 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-28 15:28 . 2010-03-28 15:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-03-28 15:22 . 2010-03-28 15:56 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-28 15:22 . 2010-03-28 15:56 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-28 15:19 . 2010-04-11 09:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-03-28 15:19 . 2010-03-28 15:19 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-28 15:03 . 2010-03-28 15:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-03-28 14:48 . 2010-03-28 14:49 6843373 ----a-w- c:\windows\REGBK02.ZIP
2010-03-21 19:21 . 2010-03-21 19:21 128 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\fusioncache.dat
2010-03-18 14:59 . 2010-03-28 21:48 -------- d-----w- c:\program files\OpenTTD
2010-03-17 20:18 . 2007-06-11 13:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-03-17 20:18 . 2007-04-24 12:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-03-17 20:18 . 2007-03-01 15:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-03-17 20:18 . 2006-11-20 16:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-03-17 20:18 . 2005-01-06 12:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-03-17 20:18 . 2007-05-24 13:27 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-03-17 20:18 . 2007-01-22 09:43 53376 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys
2010-03-17 20:18 . 2006-10-10 18:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-03-17 20:18 . 2010-03-17 20:18 -------- d-----w- c:\program files\Toshiba
2010-03-17 16:54 . 2010-03-17 16:54 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-03-17 12:15 . 2010-03-17 17:16 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-17 12:10 . 2010-03-17 12:10 -------- d--h--w- c:\windows\PIF
2010-03-13 11:48 . 2010-04-06 18:26 -------- d-----w- c:\program files\KeyChanger Windows Edition
2010-03-13 11:48 . 2010-03-13 11:48 -------- d-----w- c:\windows\KeyChanger Windows Edition
2010-03-12 21:25 . 2010-03-12 21:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
2010-03-12 17:05 . 2010-03-12 17:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2010-03-12 17:04 . 2010-03-13 07:41 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-12 17:04 . 2010-03-12 17:04 -------- d-----w- c:\windows\system32\GroupPolicy
2010-03-12 17:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-12 17:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-12 17:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-03-12 10:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 09:50 . 2009-10-18 13:17 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-04-10 13:47 . 2009-10-02 13:19 -------- d-----w- c:\program files\Warcraft III
2010-04-08 23:02 . 2009-12-10 19:38 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-04-08 18:21 . 2009-05-14 18:53 -------- d-----w- c:\program files\Cheat Engine
2010-04-08 15:52 . 2009-05-14 07:38 -------- d-----w- c:\program files\DOSBox-0.72
2010-04-06 18:03 . 2009-10-17 12:54 -------- d-----w- c:\documents and settings\Admin\Application Data\Vso
2010-04-06 17:58 . 2009-08-12 20:31 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-04-05 18:29 . 2009-08-18 20:02 -------- d-----w- c:\program files\Universal Share Downloader
2010-04-01 20:55 . 2009-09-19 20:03 -------- d-----w- c:\program files\Cain
2010-04-01 20:52 . 2009-07-28 09:12 -------- d-----w- c:\program files\Spyware Doctor
2010-03-31 17:15 . 2009-10-02 13:21 157113 -c--a-w- c:\windows\War3Unin.dat
2010-03-30 08:32 . 2010-01-17 13:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-03-30 07:29 . 2009-08-10 22:21 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-30 07:29 . 2009-08-10 22:21 2970 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-29 15:29 . 2010-01-17 13:44 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-03-28 22:40 . 2009-12-30 14:34 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-03-28 14:48 . 2009-08-24 09:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-28 14:11 . 2010-02-25 21:11 -------- d-----w- c:\program files\Total Video Converter
2010-03-14 00:40 . 2009-08-12 20:32 -------- d-----w- c:\program files\uTorrent
2010-03-08 21:29 . 2009-08-11 07:48 73920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-01 12:17 . 2009-08-12 19:17 -------- d--h--w- c:\documents and settings\Admin\Application Data\IFViewer
2010-02-26 20:43 . 2010-02-26 20:43 -------- d-----w- c:\program files\PowerISO
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\program files\EA GAMES
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2010-02-24 08:23 . 2009-11-01 21:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-02-24 08:23 . 2010-02-14 22:06 -------- d-----w- c:\program files\Sony Ericsson
2010-02-24 08:21 . 2010-01-17 13:40 -------- d-----r- c:\program files\Skype
2010-02-24 08:16 . 2009-05-12 20:36 -------- d-----w- c:\program files\ASUS
2010-02-24 08:15 . 2009-12-27 19:59 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
2010-02-21 20:48 . 2010-02-06 21:23 -------- d-----w- c:\program files\nLite
2010-02-20 19:29 . 2010-02-20 19:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Mikrotik
2010-02-18 10:23 . 2010-02-15 08:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2010-02-15 19:29 . 2010-02-15 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2010-02-15 08:54 . 2009-10-30 16:17 -------- d-----w- c:\program files\Nero
2010-02-15 08:53 . 2009-10-30 16:17 -------- d-----w- c:\program files\Common Files\Nero
2010-02-15 08:42 . 2010-02-15 08:42 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4\Application Data\Nero
2010-02-15 08:42 . 2009-10-30 16:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
2010-02-14 14:14 . 2010-02-14 14:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ashampoo
2010-02-12 10:03 . 2010-03-07 09:57 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-21 16:09 . 2010-02-07 18:15 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-01-21 16:09 . 2010-02-07 18:15 101376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-17 13:44 . 2010-01-17 13:44 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Random Wallpapers"="c:\program files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe" [2004-05-07 1331712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-23 376921]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Veci\\New folder\\GHostOne\\GHostOne.exe"=
"c:\\Veci\\New folder\\GHostOne\\ghost.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Users\\Admin\\My Documents\\Preberanie\\winbox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15. 12. 2008 20:41 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1. 4. 2010 19:44 217032]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1. 4. 2010 20:02 112592]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23. 12. 2008 17:35 50704]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7. 8. 2003 17:42 6528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13. 5. 2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16. 5. 2009 20:59 19472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1. 4. 2010 19:44 366840]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
TCP: {4D590507-BED2-4B7D-A4C5-0C4E002340CD} = 192.108.131.11,194.160.44.11
TCP: {6035E575-58B2-4E24-B5B0-1D8C37A71294} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\v9ao1ivw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 11:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1036)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\MicroWorld\Agent\MWASER.EXE
c:\program files\Common Files\MicroWorld\Agent\MWAgent.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-04-11 11:57:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 09:57
ComboFix2.txt 2010-04-06 19:11
ComboFix3.txt 2010-04-06 17:40

Pre-Run: 13 140 742 144 bytes free
Post-Run: 13 103 878 144 bytes free

- - End Of File - - 6C0C0511CF8D4B1451AE75C805D74E60

[Unlimited_Killer]

0K, pokračujeme.

1) Odinstalujte program KeyChanger Windows Edition

2) Odinstalace UsbFix-u

• Spusťte znovu UsbFix.
• Po spuštění okna s černým pozadím stiskněte 'E' a potvrďte klávesou 'Enter'.
• Nyní stiskněte '6' a opět stiskněte klávesu 'Enter'.
• Program po sobě nyní odstranil veškeré své součásti a soubory.

3) Odinstalace ComboFixu

• Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
• Do textového pole napište:

  Kód: Vybrat vše

  ComboFix /Uninstall

• Stiskněte Enter.
• Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

4) OTCleaner

• Stáhněte OTC a dvojklikem ho spusťte.
• Vyskočí okénko, kde kliknete na 'CleanUp!'.
• Potvrdíte kliknutím na 'Yes'.
• Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

5) Nový RSIT log

[hrban666]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-11 16:20:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (5%) free of 277 GB
Total RAM: 2943 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:48, on 11. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Random Wallpapers] C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-2000478354-1284227242-839522115-1005\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D590507-BED2-4B7D-A4C5-0C4E002340CD}: NameServer = 192.108.131.11,194.160.44.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6035E575-58B2-4E24-B5B0-1D8C37A71294}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10402 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-07-03 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-10-23 376921]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Random Wallpapers"=C:\Program Files\MŠ SOFTware\Random Wallpapers\rwp20xp.exe [2004-05-07 1331712]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\Veci\New folder\GHostOne\GHostOne.exe"="C:\Veci\New folder\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot"
"C:\Veci\New folder\GHostOne\ghost.exe"="C:\Veci\New folder\GHostOne\ghost.exe:*:Enabled:ghost"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE"="C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe"="C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4"
"C:\Users\Admin\My Documents\Preberanie\winbox.exe"="C:\Users\Admin\My Documents\Preberanie\winbox.exe:*:Enabled:winbox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Cain\Cain.exe"="C:\Program Files\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-11 16:20:24 ----D---- C:\rsit
2010-04-11 16:14:24 ----D---- C:\Program Files\Kaspersky Lab
2010-04-11 16:14:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-04-11 16:14:12 ----D---- C:\WINDOWS\LastGood
2010-04-11 16:12:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-04-11 15:52:52 ----SHD---- C:\RECYCLER
2010-04-11 11:57:52 ----D---- C:\WINDOWS\temp
2010-04-08 14:16:11 ----D---- C:\Program Files\Oldgames
2010-04-08 13:38:32 ----AD---- C:\Battle
2010-04-06 22:04:37 ----D---- C:\Documents and Settings\Admin\Application Data\Facebook
2010-04-06 19:12:50 ----A---- C:\Boot.bak
2010-04-06 19:12:32 ----RASHD---- C:\cmdcons
2010-04-06 19:04:55 ----A---- C:\WINDOWS\PEV.exe
2010-04-06 19:04:55 ----A---- C:\WINDOWS\MBR.exe
2010-04-06 19:03:33 ----D---- C:\WINDOWS\ERDNT
2010-04-06 07:29:58 ----RAD---- C:\autorun.inf
2010-04-06 00:08:02 ----D---- C:\Program Files\trend micro
2010-04-05 23:59:17 ----D---- C:\Program Files\HJT
2010-04-02 11:56:19 ----D---- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 11:56:19 ----D---- C:\Program Files\Virtual Villagers 3 - The Secret City Fixed
2010-04-02 10:38:15 ----D---- C:\Program Files\Virtual Villagers - The Secret City
2010-04-01 20:02:32 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-01 20:02:31 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-01 20:02:30 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-01 19:44:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2010-04-01 19:44:15 ----D---- C:\Documents and Settings\Admin\Application Data\PC Tools
2010-03-31 20:30:07 ----D---- C:\Program Files\ESET
2010-03-28 17:13:41 ----D---- C:\WINDOWS\Prefetch
2010-03-28 17:08:58 ----A---- C:\WINDOWS\kaio.INI
2010-03-18 17:40:12 ----A---- C:\WINDOWS\system32\wpa.bak
2010-03-18 16:59:47 ----D---- C:\Program Files\OpenTTD
2010-03-17 22:18:19 ----D---- C:\Program Files\Toshiba
2010-03-17 14:23:25 ----D---- C:\WINDOWS\Minidump
2010-03-17 14:10:38 ----HD---- C:\WINDOWS\PIF
2010-03-13 13:48:25 ----D---- C:\WINDOWS\KeyChanger Windows Edition
2010-03-13 13:48:25 ----D---- C:\Program Files\KeyChanger Windows Edition
2010-03-12 23:25:44 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search
2010-03-12 19:05:27 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-03-12 19:05:27 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
2010-03-12 19:04:45 ----D---- C:\Program Files\Windows Desktop Search
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-03-12 19:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

======List of files/folders modified in the last 1 months======

2010-04-11 16:19:53 ----D---- C:\WINDOWS\system32\drivers
2010-04-11 16:17:30 ----SHD---- C:\WINDOWS\Installer
2010-04-11 16:16:05 ----HD---- C:\WINDOWS\inf
2010-04-11 16:15:24 ----D---- C:\WINDOWS\system32
2010-04-11 16:15:23 ----D---- C:\Program Files\Mozilla Firefox
2010-04-11 16:14:24 ----RD---- C:\Program Files
2010-04-11 16:14:12 ----AD---- C:\WINDOWS
2010-04-11 16:13:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-11 16:08:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-04-11 16:07:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-11 15:57:16 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-04-11 15:55:53 ----SHD---- C:\System Volume Information
2010-04-11 15:55:53 ----D---- C:\WINDOWS\system32\Restore
2010-04-11 13:37:17 ----D---- C:\Program Files\Warcraft III
2010-04-11 12:56:14 ----AC---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2010-04-11 12:09:16 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2010-04-11 11:58:46 ----D---- C:\Documents and Settings\Admin\Application Data\skypePM
2010-04-11 11:51:59 ----A---- C:\WINDOWS\system.ini
2010-04-11 11:48:11 ----D---- C:\WINDOWS\system32\config
2010-04-11 11:45:02 ----D---- C:\WINDOWS\AppPatch
2010-04-11 11:44:54 ----D---- C:\Program Files\Common Files
2010-04-09 01:02:25 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2010-04-08 20:21:03 ----D---- C:\Program Files\Cheat Engine
2010-04-08 17:52:49 ----D---- C:\Program Files\DOSBox-0.72
2010-04-07 21:01:01 ----AC---- C:\WINDOWS\WirelessFTP.INI
2010-04-06 20:03:47 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2010-04-06 19:58:34 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2010-04-06 19:12:50 ----RASH---- C:\boot.ini
2010-04-05 20:29:03 ----D---- C:\Program Files\Universal Share Downloader
2010-04-01 22:55:17 ----D---- C:\Program Files\Cain
2010-04-01 22:52:41 ----D---- C:\Program Files\Spyware Doctor
2010-04-01 19:45:03 ----D---- C:\WINDOWS\WinSxS
2010-04-01 03:36:56 ----D---- C:\Veci
2010-03-31 20:30:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-30 15:31:52 ----D---- C:\WINDOWS\pss
2010-03-30 15:31:52 ----AC---- C:\WINDOWS\win.ini
2010-03-29 00:40:55 ----D---- C:\Documents and Settings\Admin\Application Data\dvdcss
2010-03-28 23:09:28 ----AC---- C:\WINDOWS\WINCMD.INI
2010-03-28 17:19:10 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 16:48:57 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-28 16:11:54 ----D---- C:\Program Files\Total Video Converter
2010-03-21 21:21:50 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2010-03-17 22:23:33 ----D---- C:\WINDOWS\system32\Setup
2010-03-17 22:18:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 16:41:29 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-17 16:41:28 ----D---- C:\WINDOWS\Debug
2010-03-17 16:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 02:40:20 ----D---- C:\Program Files\uTorrent
2010-03-12 19:39:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-12 19:11:51 ----RSD---- C:\WINDOWS\assembly
2010-03-12 19:05:39 ----D---- C:\WINDOWS\security
2010-03-12 19:05:05 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-03-12 19:04:53 ----D---- C:\WINDOWS\system32\en-US
2010-03-12 19:04:44 ----D---- C:\WINDOWS\system32\wbem
2010-03-12 13:01:21 ----D---- C:\Program Files\Movie Maker
2010-03-12 13:00:17 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-04-11 296976]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-10 17801]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-12-21 30720]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-17 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-17 5888]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-10-23 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2006-03-31 414208]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2009-09-24 259368]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-21 65536]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-26 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Unlimited_Killer]

Dokončíme. ↓

1) Fixnutí v HJT

• Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
• Následně klikněte na 'Do a system scan only'.
• U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

  Kód: Vybrat vše

  O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
  O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)

• Pokud by tam nějaká položka nebyla, vynechte ji.

2) Bat soubor

• Spusťte Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něho vkopírujte následující text:

  Kód: Vybrat vše

  del "C:\WINDOWS\MBR.exe"
  del "C:\WINDOWS\PEV.exe"

• Uložte soubor například na Plochu jako del.bat [vizte obrázek] a dvojklikem jej spusťte.
  
• Mělo by jen na chvíli probliknout černé okénko.
• Po použití tento soubor smažte.

3) Malwarebytes' Anti-Malware

• Stáhněte MbAM a postupujte podle popisu.
• Zatím nic nemažte, MbAM má občas falešné detekce.
• Poté mi sem vložte log ve formě textu.

4) CCleaner

• Stáhněte si program jménem CCleaner.
• Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
• Spusťte ho.
  
  • Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
  • Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
• CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

5) Defragmentace

• Defragmentujte disk.
• Lze to udělat několika způsoby ↓
  • Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
  • Přes jednoduchý a přehledný program jménem Defraggler.
  • Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

6) FileHippo.com UpdateChecker

• Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
  • Běžně ho nainstalujte.
  • Spouštějte ho například jednou až dvakrát týdně.
  • Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).
  • Dávejte si pozor,co dané aplikace instalují 's sebou' → například zbytečné toolbary (lišty).
    • Proto se nevyplatí bezmyšlenkovitě klikat na 'Next', popřípadě 'Další'.

7) Nový RSIT log