VIRY.CZ

Logfile of random's system information tool 1.07 (written by random/random)
Run by TOSHIBA at 2010-06-20 20:46:25
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (22%) free of 30 GB
Total RAM: 1014 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:31, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TOSHIBA\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\TOSHIBA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3908 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-01-25 141848]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-01-25 137752]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2008-01-28 268152]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Winsplit"=C:\Program Files\WinSplit Revolution\WinSplit.exe [2009-02-27 3958784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\StrongDC.exe"="C:\Program Files\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-20 20:46:25 ----D---- C:\rsit
2010-06-19 06:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-17 22:22:59 ----D---- C:\Program Files\Mozilla Firefox
2010-06-17 21:11:36 ----A---- C:\WINDOWS\winamp.ini
2010-06-17 21:11:25 ----D---- C:\Program Files\Winamp
2010-06-16 17:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-06-16 09:57:18 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-16 09:56:48 ----D---- C:\Program Files\Reference Assemblies
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-06-15 23:31:29 ----SHD---- C:\RECYCLER
2010-06-15 22:13:18 ----RASHD---- C:\cmdcons
2010-06-15 21:51:22 ----D---- C:\Program Files\WinXP Manager 2010 + Keygen
2010-06-15 21:50:14 ----D---- C:\Program Files\Power DVD 6
2010-06-15 21:50:08 ----HD---- C:\WINDOWS\PIF
2010-06-15 21:48:36 ----D---- C:\Program Files\Webteh
2010-06-15 21:47:34 ----D---- C:\Program Files\Common Files\Skype
2010-06-14 22:19:08 ----A---- C:\Boot.bak
2010-06-13 21:46:18 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Malwarebytes
2010-06-13 21:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-13 21:45:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-11 16:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 16:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 16:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 16:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 16:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 16:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 21:37:42 ----D---- C:\Program Files\Yamicsoft
2010-06-07 19:19:34 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\CyberLink
2010-06-07 19:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-06-07 19:10:05 ----D---- C:\Program Files\CyberLink
2010-06-01 23:05:06 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winamp
2010-06-01 23:03:39 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype
2010-05-29 20:32:35 ----D---- C:\totalcmd
2010-05-29 20:10:09 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype(2)
2010-05-29 19:07:41 ----D---- C:\Program Files\CONEXANT
2010-05-29 18:42:04 ----A---- C:\Program Files\Toshiba-Satellite-M300-L310-Audio-Driver-For-XP_-_www.getpcmemory.com.zip
2010-05-26 16:06:55 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\vlc
2010-05-26 16:05:23 ----D---- C:\Program Files\VideoLAN
2010-05-24 18:42:54 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winsplit Revolution
2010-05-24 18:42:45 ----D---- C:\Program Files\WinSplit Revolution
2010-05-24 14:14:12 ----D---- C:\Program Files\SiSoftware

======List of files/folders modified in the last 1 months======

2010-06-20 20:46:31 ----D---- C:\Program Files\Trend Micro
2010-06-20 20:43:09 ----D---- C:\WINDOWS\Prefetch
2010-06-20 20:41:04 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\uTorrent
2010-06-20 18:07:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 18:06:04 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\skypePM
2010-06-20 17:02:01 ----D---- C:\WINDOWS\Temp
2010-06-20 13:01:54 ----D---- C:\WINDOWS\system32
2010-06-20 13:01:50 ----A---- C:\WINDOWS\system32\agremove.exe
2010-06-20 12:09:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 11:34:26 ----SD---- C:\WINDOWS\Tasks
2010-06-20 11:09:41 ----D---- C:\Program Files\Settings
2010-06-20 10:56:21 ----D---- C:\WINDOWS\system32\config
2010-06-20 10:55:59 ----D---- C:\WINDOWS\system32\wbem
2010-06-20 10:55:59 ----D---- C:\WINDOWS\Registration
2010-06-20 10:53:41 ----SHD---- C:\System Volume Information
2010-06-20 10:53:41 ----D---- C:\WINDOWS\system32\Restore
2010-06-20 10:48:42 ----D---- C:\WINDOWS
2010-06-19 06:29:02 ----D---- C:\Program Files\Alwil Software
2010-06-19 06:27:30 ----SHD---- C:\WINDOWS\Installer
2010-06-19 06:27:30 ----D---- C:\Config.Msi
2010-06-19 06:27:29 ----D---- C:\WINDOWS\WinSxS
2010-06-17 22:23:31 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla
2010-06-17 22:22:59 ----RD---- C:\Program Files
2010-06-17 21:11:31 ----HD---- C:\WINDOWS\inf
2010-06-16 18:47:34 ----RSD---- C:\WINDOWS\assembly
2010-06-16 18:25:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-16 17:51:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-16 17:47:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-16 17:46:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-16 09:57:06 ----D---- C:\Program Files\MSBuild
2010-06-16 09:57:02 ----D---- C:\WINDOWS\system32\en-us
2010-06-16 09:56:59 ----RSD---- C:\WINDOWS\Fonts
2010-06-16 09:56:19 ----D---- C:\WINDOWS\system32\spool
2010-06-16 09:51:03 ----D---- C:\WINDOWS\system32\mui
2010-06-15 23:40:12 ----D---- C:\WINDOWS\system32\drivers
2010-06-15 23:35:18 ----SD---- C:\Documents and Settings\TOSHIBA\Application Data\Microsoft
2010-06-15 22:34:32 ----A---- C:\WINDOWS\system.ini
2010-06-15 22:31:33 ----D---- C:\WINDOWS\AppPatch
2010-06-15 22:31:26 ----D---- C:\Program Files\Common Files
2010-06-15 22:13:26 ----RASH---- C:\boot.ini
2010-06-15 21:52:56 ----D---- C:\Program Files\Internet Explorer
2010-06-15 21:51:14 ----D---- C:\Program Files\CCleaner
2010-06-15 21:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-15 21:49:37 ----D---- C:\Program Files\Google
2010-06-15 21:48:32 ----D---- C:\Program Files\uTorrent
2010-06-15 21:48:31 ----D---- C:\Program Files\Winamp(2)
2010-06-15 21:47:35 ----RD---- C:\Program Files\Skype
2010-06-15 21:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-06-15 21:45:46 ----D---- C:\Program Files\Outlook Express
2010-06-15 21:45:44 ----D---- C:\Program Files\IC209S
2010-06-15 21:45:43 ----D---- C:\VIS
2010-06-13 13:26:55 ----D---- C:\WINDOWS\Debug
2010-06-11 16:13:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 16:13:29 ----D---- C:\WINDOWS\ie8updates
2010-06-07 19:10:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-30 09:20:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2008-02-01 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access; C:\WINDOWS\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-13 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-28 285952]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []

-----------------EOF-----------------

Start>spustit>(napsat) msconfig>OK. Po otevření okna projděte jednotlivé záložky a u služby NmIndexingService zrušte zatržítko. Potvrďte, zavřete okno a restartujte PC.

Logfile of random's system information tool 1.07 (written by random/random)
Run by TOSHIBA at 2010-06-20 21:16:19
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (22%) free of 30 GB
Total RAM: 1014 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:30, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TOSHIBA\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\TOSHIBA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3694 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-01-25 141848]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-01-25 137752]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2008-01-28 268152]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\StrongDC.exe"="C:\Program Files\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-20 21:09:00 ----D---- C:\WINDOWS\pss
2010-06-20 20:46:25 ----D---- C:\rsit
2010-06-19 06:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-17 22:22:59 ----D---- C:\Program Files\Mozilla Firefox
2010-06-17 21:11:36 ----A---- C:\WINDOWS\winamp.ini
2010-06-17 21:11:25 ----D---- C:\Program Files\Winamp
2010-06-16 17:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-06-16 09:57:18 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-16 09:56:48 ----D---- C:\Program Files\Reference Assemblies
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-06-15 23:31:29 ----SHD---- C:\RECYCLER
2010-06-15 22:13:18 ----RASHD---- C:\cmdcons
2010-06-15 21:51:22 ----D---- C:\Program Files\WinXP Manager 2010 + Keygen
2010-06-15 21:50:14 ----D---- C:\Program Files\Power DVD 6
2010-06-15 21:50:08 ----HD---- C:\WINDOWS\PIF
2010-06-15 21:48:36 ----D---- C:\Program Files\Webteh
2010-06-15 21:47:34 ----D---- C:\Program Files\Common Files\Skype
2010-06-14 22:19:08 ----A---- C:\Boot.bak
2010-06-13 21:46:18 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Malwarebytes
2010-06-13 21:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-13 21:45:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-11 16:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 16:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 16:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 16:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 16:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 16:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 21:37:42 ----D---- C:\Program Files\Yamicsoft
2010-06-07 19:19:34 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\CyberLink
2010-06-07 19:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-06-07 19:10:05 ----D---- C:\Program Files\CyberLink
2010-06-01 23:05:06 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winamp
2010-06-01 23:03:39 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype
2010-05-29 20:32:35 ----D---- C:\totalcmd
2010-05-29 20:10:09 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype(2)
2010-05-29 19:07:41 ----D---- C:\Program Files\CONEXANT
2010-05-29 18:42:04 ----A---- C:\Program Files\Toshiba-Satellite-M300-L310-Audio-Driver-For-XP_-_www.getpcmemory.com.zip
2010-05-26 16:06:55 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\vlc
2010-05-26 16:05:23 ----D---- C:\Program Files\VideoLAN
2010-05-24 18:42:54 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winsplit Revolution
2010-05-24 14:14:12 ----D---- C:\Program Files\SiSoftware

======List of files/folders modified in the last 1 months======

2010-06-20 21:16:27 ----D---- C:\WINDOWS\system32
2010-06-20 21:16:27 ----D---- C:\Program Files\Trend Micro
2010-06-20 21:16:22 ----A---- C:\WINDOWS\system32\agremove.exe
2010-06-20 21:15:00 ----D---- C:\WINDOWS\Temp
2010-06-20 21:13:43 ----D---- C:\WINDOWS
2010-06-20 21:11:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 21:11:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 21:11:03 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\uTorrent
2010-06-20 21:10:59 ----ASH---- C:\boot.ini
2010-06-20 21:10:59 ----A---- C:\WINDOWS\win.ini
2010-06-20 21:10:59 ----A---- C:\WINDOWS\system.ini
2010-06-20 21:09:10 ----D---- C:\WINDOWS\Prefetch
2010-06-20 20:51:39 ----RD---- C:\Program Files
2010-06-20 20:50:46 ----HD---- C:\WINDOWS\inf
2010-06-20 20:50:46 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 20:50:31 ----D---- C:\Auto-diagnostika
2010-06-20 18:06:04 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\skypePM
2010-06-20 11:34:26 ----SD---- C:\WINDOWS\Tasks
2010-06-20 11:09:41 ----D---- C:\Program Files\Settings
2010-06-20 10:56:21 ----D---- C:\WINDOWS\system32\config
2010-06-20 10:55:59 ----D---- C:\WINDOWS\system32\wbem
2010-06-20 10:55:59 ----D---- C:\WINDOWS\Registration
2010-06-20 10:53:41 ----SHD---- C:\System Volume Information
2010-06-20 10:53:41 ----D---- C:\WINDOWS\system32\Restore
2010-06-19 06:29:02 ----D---- C:\Program Files\Alwil Software
2010-06-19 06:27:30 ----SHD---- C:\WINDOWS\Installer
2010-06-19 06:27:30 ----D---- C:\Config.Msi
2010-06-19 06:27:29 ----D---- C:\WINDOWS\WinSxS
2010-06-17 22:23:31 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla
2010-06-16 18:47:34 ----RSD---- C:\WINDOWS\assembly
2010-06-16 18:25:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-16 17:51:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-16 17:47:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-16 17:46:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-16 09:57:06 ----D---- C:\Program Files\MSBuild
2010-06-16 09:57:02 ----D---- C:\WINDOWS\system32\en-us
2010-06-16 09:56:59 ----RSD---- C:\WINDOWS\Fonts
2010-06-16 09:56:19 ----D---- C:\WINDOWS\system32\spool
2010-06-16 09:51:03 ----D---- C:\WINDOWS\system32\mui
2010-06-15 23:35:18 ----SD---- C:\Documents and Settings\TOSHIBA\Application Data\Microsoft
2010-06-15 22:31:33 ----D---- C:\WINDOWS\AppPatch
2010-06-15 22:31:26 ----D---- C:\Program Files\Common Files
2010-06-15 21:52:56 ----D---- C:\Program Files\Internet Explorer
2010-06-15 21:51:14 ----D---- C:\Program Files\CCleaner
2010-06-15 21:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-15 21:49:37 ----D---- C:\Program Files\Google
2010-06-15 21:48:32 ----D---- C:\Program Files\uTorrent
2010-06-15 21:48:31 ----D---- C:\Program Files\Winamp(2)
2010-06-15 21:47:35 ----RD---- C:\Program Files\Skype
2010-06-15 21:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-06-15 21:45:46 ----D---- C:\Program Files\Outlook Express
2010-06-15 21:45:44 ----D---- C:\Program Files\IC209S
2010-06-15 21:45:43 ----D---- C:\VIS
2010-06-13 13:26:55 ----D---- C:\WINDOWS\Debug
2010-06-11 16:13:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 16:13:29 ----D---- C:\WINDOWS\ie8updates
2010-06-07 19:10:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-30 09:20:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2008-02-01 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access; C:\WINDOWS\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-13 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-28 285952]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []

-----------------EOF-----------------

Smažte kompletně tento adresář: C:\Program Files\Common Files\Nero a eventuálně všechny zbytky po Neru v c:\program Files\Ahead .

preco sa mi stale neukonci nacitavanie akejkolvek www, stranky?

Logfile of random's system information tool 1.07 (written by random/random)
Run by TOSHIBA at 2010-06-20 21:31:38
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (22%) free of 30 GB
Total RAM: 1014 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:31:40, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\TOSHIBA\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\TOSHIBA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3701 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-01-25 141848]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-01-25 137752]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2008-01-28 268152]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\StrongDC.exe"="C:\Program Files\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-20 21:09:00 ----D---- C:\WINDOWS\pss
2010-06-20 20:46:25 ----D---- C:\rsit
2010-06-19 06:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-17 22:22:59 ----D---- C:\Program Files\Mozilla Firefox
2010-06-17 21:11:36 ----A---- C:\WINDOWS\winamp.ini
2010-06-17 21:11:25 ----D---- C:\Program Files\Winamp
2010-06-16 17:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-06-16 09:57:18 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-16 09:56:48 ----D---- C:\Program Files\Reference Assemblies
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-06-16 09:54:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-06-15 23:31:29 ----SHD---- C:\RECYCLER
2010-06-15 22:13:18 ----RASHD---- C:\cmdcons
2010-06-15 21:51:22 ----D---- C:\Program Files\WinXP Manager 2010 + Keygen
2010-06-15 21:50:14 ----D---- C:\Program Files\Power DVD 6
2010-06-15 21:50:08 ----HD---- C:\WINDOWS\PIF
2010-06-15 21:48:36 ----D---- C:\Program Files\Webteh
2010-06-15 21:47:34 ----D---- C:\Program Files\Common Files\Skype
2010-06-14 22:19:08 ----A---- C:\Boot.bak
2010-06-13 21:46:18 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Malwarebytes
2010-06-13 21:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-13 21:45:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-11 16:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 16:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 16:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 16:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 16:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 16:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 21:37:42 ----D---- C:\Program Files\Yamicsoft
2010-06-07 19:19:34 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\CyberLink
2010-06-07 19:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-06-07 19:10:05 ----D---- C:\Program Files\CyberLink
2010-06-01 23:05:06 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winamp
2010-06-01 23:03:39 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype
2010-05-29 20:32:35 ----D---- C:\totalcmd
2010-05-29 20:10:09 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Skype(2)
2010-05-29 19:07:41 ----D---- C:\Program Files\CONEXANT
2010-05-29 18:42:04 ----A---- C:\Program Files\Toshiba-Satellite-M300-L310-Audio-Driver-For-XP_-_www.getpcmemory.com.zip
2010-05-26 16:06:55 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\vlc
2010-05-26 16:05:23 ----D---- C:\Program Files\VideoLAN
2010-05-24 18:42:54 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Winsplit Revolution
2010-05-24 14:14:12 ----D---- C:\Program Files\SiSoftware

======List of files/folders modified in the last 1 months======

2010-06-20 21:31:39 ----D---- C:\Program Files\Trend Micro
2010-06-20 21:29:31 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\uTorrent
2010-06-20 21:28:53 ----RD---- C:\Program Files
2010-06-20 21:28:28 ----D---- C:\Program Files\Common Files\Services
2010-06-20 21:27:57 ----D---- C:\Program Files\Common Files
2010-06-20 21:27:43 ----D---- C:\WINDOWS\Prefetch
2010-06-20 21:16:27 ----D---- C:\WINDOWS\system32
2010-06-20 21:16:22 ----A---- C:\WINDOWS\system32\agremove.exe
2010-06-20 21:15:00 ----D---- C:\WINDOWS\Temp
2010-06-20 21:13:43 ----D---- C:\WINDOWS
2010-06-20 21:11:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 21:11:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 21:10:59 ----ASH---- C:\boot.ini
2010-06-20 21:10:59 ----A---- C:\WINDOWS\win.ini
2010-06-20 21:10:59 ----A---- C:\WINDOWS\system.ini
2010-06-20 20:50:46 ----HD---- C:\WINDOWS\inf
2010-06-20 20:50:46 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 20:50:31 ----D---- C:\Auto-diagnostika
2010-06-20 18:06:04 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\skypePM
2010-06-20 11:34:26 ----SD---- C:\WINDOWS\Tasks
2010-06-20 11:09:41 ----D---- C:\Program Files\Settings
2010-06-20 10:56:21 ----D---- C:\WINDOWS\system32\config
2010-06-20 10:55:59 ----D---- C:\WINDOWS\system32\wbem
2010-06-20 10:55:59 ----D---- C:\WINDOWS\Registration
2010-06-20 10:53:41 ----SHD---- C:\System Volume Information
2010-06-20 10:53:41 ----D---- C:\WINDOWS\system32\Restore
2010-06-19 06:29:02 ----D---- C:\Program Files\Alwil Software
2010-06-19 06:27:30 ----SHD---- C:\WINDOWS\Installer
2010-06-19 06:27:30 ----D---- C:\Config.Msi
2010-06-19 06:27:29 ----D---- C:\WINDOWS\WinSxS
2010-06-17 22:23:31 ----D---- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla
2010-06-16 18:47:34 ----RSD---- C:\WINDOWS\assembly
2010-06-16 18:25:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-16 17:51:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-16 17:47:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-16 17:46:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-16 09:57:06 ----D---- C:\Program Files\MSBuild
2010-06-16 09:57:02 ----D---- C:\WINDOWS\system32\en-us
2010-06-16 09:56:59 ----RSD---- C:\WINDOWS\Fonts
2010-06-16 09:56:19 ----D---- C:\WINDOWS\system32\spool
2010-06-16 09:51:03 ----D---- C:\WINDOWS\system32\mui
2010-06-15 23:35:18 ----SD---- C:\Documents and Settings\TOSHIBA\Application Data\Microsoft
2010-06-15 22:31:33 ----D---- C:\WINDOWS\AppPatch
2010-06-15 21:52:56 ----D---- C:\Program Files\Internet Explorer
2010-06-15 21:51:14 ----D---- C:\Program Files\CCleaner
2010-06-15 21:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-15 21:49:37 ----D---- C:\Program Files\Google
2010-06-15 21:48:32 ----D---- C:\Program Files\uTorrent
2010-06-15 21:48:31 ----D---- C:\Program Files\Winamp(2)
2010-06-15 21:47:35 ----RD---- C:\Program Files\Skype
2010-06-15 21:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-06-15 21:45:46 ----D---- C:\Program Files\Outlook Express
2010-06-15 21:45:44 ----D---- C:\Program Files\IC209S
2010-06-15 21:45:43 ----D---- C:\VIS
2010-06-13 13:26:55 ----D---- C:\WINDOWS\Debug
2010-06-11 16:13:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 16:13:29 ----D---- C:\WINDOWS\ie8updates
2010-06-07 19:10:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-30 09:20:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2008-02-01 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access; C:\WINDOWS\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-13 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-28 285952]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []

-----------------EOF-----------------

Nějak se nedaří. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-06-20.01 - TOSHIBA 20.06.2010 22:07:03.3.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.507 [GMT 2:00]
Running from: c:\documents and settings\TOSHIBA\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 18:46 . 2010-06-20 18:46 -------- d-----w- C:\rsit
2010-06-20 08:55 . 2010-06-20 08:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-19 04:27 . 2010-06-19 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-17 19:11 . 2010-06-17 19:11 -------- d-----w- c:\program files\Winamp
2010-06-16 17:03 . 2010-06-16 17:03 -------- d-----w- c:\documents and settings\TOSHIBA\Local Settings\Application Data\PCHealth
2010-06-16 07:57 . 2010-06-16 07:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-16 07:56 . 2010-06-16 07:56 -------- d-----w- c:\program files\Reference Assemblies
2010-06-16 07:56 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-16 07:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-16 07:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-16 07:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-16 07:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-16 07:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-16 07:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-16 07:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-16 07:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-15 19:51 . 2010-06-15 19:51 -------- d-----w- c:\program files\WinXP Manager 2010 + Keygen
2010-06-15 19:50 . 2010-06-15 19:50 -------- d-----w- c:\program files\Power DVD 6
2010-06-15 19:50 . 2010-06-15 19:50 -------- d--h--w- c:\windows\PIF
2010-06-15 19:49 . 2010-06-15 19:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-15 19:48 . 2010-06-15 19:48 -------- d-----w- c:\program files\Webteh
2010-06-15 19:47 . 2010-06-15 19:47 -------- d-----w- c:\program files\Common Files\Skype
2010-06-13 19:46 . 2010-06-13 19:46 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Malwarebytes
2010-06-13 19:45 . 2010-06-13 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-13 19:45 . 2010-06-16 07:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 11:12 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 19:37 . 2010-06-15 19:51 -------- d-----w- c:\program files\Yamicsoft
2010-06-10 19:07 . 2010-06-10 19:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-07 17:19 . 2010-06-15 19:50 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\CyberLink
2010-06-07 17:11 . 2010-06-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-07 17:10 . 2010-06-07 17:10 -------- d-----w- c:\program files\CyberLink
2010-06-01 21:05 . 2010-06-15 19:53 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Winamp
2010-06-01 21:03 . 2010-06-20 20:03 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Skype
2010-06-01 20:54 . 2010-06-01 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 18:32 . 2010-06-15 19:30 -------- d-----w- C:\totalcmd
2010-05-29 18:10 . 2010-06-15 19:47 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Skype(2)
2010-05-29 17:07 . 2010-06-15 19:47 -------- d-----w- c:\program files\CONEXANT
2010-05-29 16:42 . 2010-05-29 16:42 7874535 ----a-w- c:\program files\Toshiba-Satellite-M300-L310-Audio-Driver-For-XP_-_www.getpcmemory.com.zip
2010-05-26 14:06 . 2010-06-15 19:31 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\vlc
2010-05-26 14:05 . 2010-05-26 14:05 -------- d-----w- c:\program files\VideoLAN
2010-05-24 16:42 . 2010-05-25 16:31 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Winsplit Revolution
2010-05-24 12:14 . 2010-05-24 12:14 -------- d-----w- c:\program files\SiSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 20:09 . 2010-03-20 16:38 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\uTorrent
2010-06-20 19:51 . 2008-10-15 01:54 373830 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-20 19:31 . 2008-08-28 01:07 -------- d-----w- c:\program files\Trend Micro
2010-06-20 19:16 . 2008-12-14 02:21 44544 ----a-w- c:\windows\system32\agremove.exe
2010-06-20 16:06 . 2008-10-30 00:11 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\skypePM
2010-06-20 09:09 . 2008-09-10 04:27 -------- d-----w- c:\program files\Settings
2010-06-19 04:29 . 2008-08-28 00:56 -------- d-----w- c:\program files\Alwil Software
2010-06-16 07:57 . 2008-09-29 17:25 -------- d-----w- c:\program files\MSBuild
2010-06-15 19:51 . 2008-08-28 06:22 -------- d-----w- c:\program files\CCleaner
2010-06-15 19:49 . 2008-08-27 05:59 -------- d-----w- c:\program files\Google
2010-06-15 19:48 . 2010-03-20 16:39 -------- d-----w- c:\program files\uTorrent
2010-06-15 19:48 . 2010-05-18 14:33 -------- d-----w- c:\program files\Winamp(2)
2010-06-15 19:47 . 2008-08-28 03:15 -------- d-----r- c:\program files\Skype
2010-06-15 19:47 . 2008-08-28 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-15 19:45 . 2010-05-14 08:43 -------- d-----w- c:\program files\IC209S
2010-06-13 17:51 . 2008-08-31 01:36 47944 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-07 17:10 . 2008-08-27 05:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-14 08:57 . 2010-05-14 08:56 -------- d-----w- c:\program files\Tcomwebcamdriver
2010-05-06 20:59 . 2008-08-28 00:56 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-08-28 00:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-08-28 00:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-08-28 01:12 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-08-28 00:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-08-28 00:57 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-08-28 00:57 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-08-28 01:12 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-08-28 00:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 17:19 . 2010-04-27 17:19 -------- d-----w- c:\program files\Ashampoo
2010-04-27 17:18 . 2010-04-27 17:18 8611720 ----a-w- c:\program files\ashampoo_burning_studio_6_free_6.77_4312.exe
2010-04-24 10:00 . 2010-04-24 10:00 0 ---ha-w- c:\windows\msds.dat
2010-04-22 07:15 . 2010-04-22 07:15 -------- d-----w- c:\program files\StrongDC++
2010-04-22 07:13 . 2010-04-22 07:13 5866718 ----a-w- c:\program files\sdc241-32.exe
2010-04-22 06:48 . 2010-04-22 06:48 -------- d-----w- c:\program files\EDDICA
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 15:01 . 2010-04-18 14:57 14913925 ----a-w- c:\program files\kmp.exe
2009-08-28 08:03 . 2008-09-10 04:26 3480576 ----a-w- c:\program files\StrongDC.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"TPSMain"="TPSMain.exe" [2008-01-28 268152]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8601:TCP"= 8601:TCP:BitComet 8601 TCP
"8601:UDP"= 8601:UDP:BitComet 8601 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.8.2008 3:12 164048]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 19:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 19:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.8.2008 3:12 19024]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [27.8.2008 7:00 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.8.2008 7:55 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29.5.2007 12:01 6912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.4.2010 23:13 136176]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [8.12.2008 3:32 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [8.12.2008 3:32 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [8.12.2008 3:33 60416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\l8stpcfz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\autochk(5).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(50).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(51).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(53).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(10).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(11).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(12).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(13).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(14).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(15).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(17).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(18).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(19).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(20).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(21).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(22).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(23).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(24).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(25).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(26).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(27).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(28).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(29).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(30).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(31).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(32).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(33).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(34).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(35).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(36).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(37).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(38).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(39).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(40).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(41).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(42).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(43).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(44).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(45).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(46).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(47).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(48).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(49).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(7).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(8).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable

scan completed successfully
hidden files: 49

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-06-20 22:15:08
ComboFix-quarantined-files.txt 2010-06-20 20:15

Pre-Run: 7 281 569 792 bytes free
Post-Run: 7 254 413 312 voľných bajtov

- - End Of File - - 58284F1FA0C1EFA3EFCC11CD6E7B9071

Otevřte poznámkový blok a zkopírujte do něj:

File::
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

Driver::
NMIndexingService

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 10-06-20.01 - TOSHIBA 21.06.2010 6:32.4.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.574 [GMT 2:00]
Running from: c:\documents and settings\TOSHIBA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TOSHIBA\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NMINDEXINGSERVICE
-------\Service_NMIndexingService


((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 04:40 . 2010-06-21 04:40 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-21 04:39 . 2010-06-21 04:39 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-20 18:46 . 2010-06-20 18:46 -------- d-----w- C:\rsit
2010-06-20 08:55 . 2010-06-20 08:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-19 04:27 . 2010-06-19 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-17 19:11 . 2010-06-17 19:11 -------- d-----w- c:\program files\Winamp
2010-06-16 17:03 . 2010-06-16 17:03 -------- d-----w- c:\documents and settings\TOSHIBA\Local Settings\Application Data\PCHealth
2010-06-16 07:57 . 2010-06-16 07:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-16 07:56 . 2010-06-16 07:56 -------- d-----w- c:\program files\Reference Assemblies
2010-06-16 07:56 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-16 07:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-16 07:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-16 07:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-16 07:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-16 07:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-16 07:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-16 07:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-16 07:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-15 19:51 . 2010-06-15 19:51 -------- d-----w- c:\program files\WinXP Manager 2010 + Keygen
2010-06-15 19:50 . 2010-06-15 19:50 -------- d-----w- c:\program files\Power DVD 6
2010-06-15 19:50 . 2010-06-15 19:50 -------- d--h--w- c:\windows\PIF
2010-06-15 19:49 . 2010-06-15 19:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-15 19:48 . 2010-06-15 19:48 -------- d-----w- c:\program files\Webteh
2010-06-15 19:47 . 2010-06-15 19:47 -------- d-----w- c:\program files\Common Files\Skype
2010-06-13 19:46 . 2010-06-13 19:46 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Malwarebytes
2010-06-13 19:45 . 2010-06-13 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-13 19:45 . 2010-06-16 07:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 11:12 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 19:37 . 2010-06-15 19:51 -------- d-----w- c:\program files\Yamicsoft
2010-06-10 19:07 . 2010-06-10 19:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-07 17:19 . 2010-06-15 19:50 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\CyberLink
2010-06-07 17:11 . 2010-06-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-07 17:10 . 2010-06-07 17:10 -------- d-----w- c:\program files\CyberLink
2010-06-01 21:05 . 2010-06-15 19:53 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Winamp
2010-06-01 21:03 . 2010-06-20 20:03 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Skype
2010-06-01 20:54 . 2010-06-01 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 18:32 . 2010-06-15 19:30 -------- d-----w- C:\totalcmd
2010-05-29 18:10 . 2010-06-15 19:47 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Skype(2)
2010-05-29 17:07 . 2010-06-15 19:47 -------- d-----w- c:\program files\CONEXANT
2010-05-29 16:42 . 2010-05-29 16:42 7874535 ----a-w- c:\program files\Toshiba-Satellite-M300-L310-Audio-Driver-For-XP_-_www.getpcmemory.com.zip
2010-05-26 14:06 . 2010-06-15 19:31 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\vlc
2010-05-26 14:05 . 2010-05-26 14:05 -------- d-----w- c:\program files\VideoLAN
2010-05-24 16:42 . 2010-05-25 16:31 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\Winsplit Revolution
2010-05-24 12:14 . 2010-05-24 12:14 -------- d-----w- c:\program files\SiSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 04:17 . 2008-12-14 02:21 44544 ----a-w- c:\windows\system32\agremove.exe
2010-06-20 20:45 . 2010-03-20 16:38 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\uTorrent
2010-06-20 20:16 . 2008-10-15 01:54 373960 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-20 19:31 . 2008-08-28 01:07 -------- d-----w- c:\program files\Trend Micro
2010-06-20 16:06 . 2008-10-30 00:11 -------- d-----w- c:\documents and settings\TOSHIBA\Application Data\skypePM
2010-06-20 09:09 . 2008-09-10 04:27 -------- d-----w- c:\program files\Settings
2010-06-19 04:29 . 2008-08-28 00:56 -------- d-----w- c:\program files\Alwil Software
2010-06-16 07:57 . 2008-09-29 17:25 -------- d-----w- c:\program files\MSBuild
2010-06-15 19:51 . 2008-08-28 06:22 -------- d-----w- c:\program files\CCleaner
2010-06-15 19:49 . 2008-08-27 05:59 -------- d-----w- c:\program files\Google
2010-06-15 19:48 . 2010-03-20 16:39 -------- d-----w- c:\program files\uTorrent
2010-06-15 19:48 . 2010-05-18 14:33 -------- d-----w- c:\program files\Winamp(2)
2010-06-15 19:47 . 2008-08-28 03:15 -------- d-----r- c:\program files\Skype
2010-06-15 19:47 . 2008-08-28 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-15 19:45 . 2010-05-14 08:43 -------- d-----w- c:\program files\IC209S
2010-06-13 17:51 . 2008-08-31 01:36 47944 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-07 17:10 . 2008-08-27 05:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-14 08:57 . 2010-05-14 08:56 -------- d-----w- c:\program files\Tcomwebcamdriver
2010-05-06 20:59 . 2008-08-28 00:56 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-08-28 00:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-08-28 00:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-08-28 01:12 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-08-28 00:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-08-28 00:57 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-08-28 00:57 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-08-28 01:12 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-08-28 00:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 17:19 . 2010-04-27 17:19 -------- d-----w- c:\program files\Ashampoo
2010-04-27 17:18 . 2010-04-27 17:18 8611720 ----a-w- c:\program files\ashampoo_burning_studio_6_free_6.77_4312.exe
2010-04-24 10:00 . 2010-04-24 10:00 0 ---ha-w- c:\windows\msds.dat
2010-04-22 07:15 . 2010-04-22 07:15 -------- d-----w- c:\program files\StrongDC++
2010-04-22 07:13 . 2010-04-22 07:13 5866718 ----a-w- c:\program files\sdc241-32.exe
2010-04-22 06:48 . 2010-04-22 06:48 -------- d-----w- c:\program files\EDDICA
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 15:01 . 2010-04-18 14:57 14913925 ----a-w- c:\program files\kmp.exe
2009-08-28 08:03 . 2008-09-10 04:26 3480576 ----a-w- c:\program files\StrongDC.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-20_20.12.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-21 04:41 . 2010-06-21 04:41 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-21 04:41 . 2010-06-21 04:41 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2010-06-21 04:41 . 2010-06-21 04:41 16384 c:\windows\temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"TPSMain"="TPSMain.exe" [2008-01-28 268152]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8601:TCP"= 8601:TCP:BitComet 8601 TCP
"8601:UDP"= 8601:UDP:BitComet 8601 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.8.2008 3:12 164048]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 19:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 19:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.8.2008 3:12 19024]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [27.8.2008 7:00 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.8.2008 7:55 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29.5.2007 12:01 6912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.4.2010 23:13 136176]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [8.12.2008 3:32 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [8.12.2008 3:32 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [8.12.2008 3:33 60416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\l8stpcfz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 06:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\autochk(5).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(50).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(51).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(53).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(10).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(11).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(12).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(13).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(14).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(15).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(17).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(18).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(19).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(20).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(21).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(22).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(23).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(24).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(25).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(26).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(27).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(28).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(29).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(30).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(31).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(32).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(33).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(34).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(35).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(36).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(37).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(38).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(39).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(40).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(41).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(42).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(43).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(44).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(45).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(46).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(47).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(48).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(49).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(7).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(8).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable

scan completed successfully
hidden files: 49

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Completion time: 2010-06-21 06:44:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-21 04:44
ComboFix2.txt 2010-06-20 20:15

Pre-Run: 7 272 214 528 bytes free
Post-Run: 7 181 230 080 voľných bajtov

- - End Of File - - 06C0780599170F36707470789576FA9E

Log již vypadá čistý.

OK

Dakujem

Nemáte zač!